Säkrare hemsida med .sehttp://lagabas.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://lagabas.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 04 Jul 2017 01:35:13 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ487VCrrWL6cQWLvyQAa9lgt%2BrnZ2%2FgLXlOByroCR%2Bky8hjdKiQUCNkn61%2BQMOkIFOzMBBwsIUbxSBU7k%2BVFnJ0fv9V9trYHBOe5OsqUMidou%2F8UUWIWH0hmjJQdZGMk2JP0H%2F9sF%2Bj1z4R3ljqaf2RBn0gpCCpbZrtJkAiY0wnicqdUWqyAwHa9v74RqXh4k6j7wlq1lcxjdnKIhQGXlHYz6ke0oTnaMbheIfnO0CPk43%2BevbnCoqKPwAyDQY3hr4xzkSr1FzeAcvsLZmppspA3l8dbAUGDQInl2BnjzdsXHQrBpIlgW87VZGTfqyjGzb6XEhhJIovrPFRX32jrHN5PCAulLKw%2BEH9KQrl0NUwRh9seZjPP9y%2BycXnpRRI8i9BV1sK9SvUKQM0q7WSbv4TID%2FTHudWBdxt9kFpLf7JeZQtonCZf%2FA7ayoESpjFoFQkVep1uKtKAiCj1Tx%2BpWIDFEYQwsbxTQUAuwaCDrdkFVuBihivn5HDRc7V5Q%2FFDgKBep7mTuuuH5s%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lagabas.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 23:35:18 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499124918.7923697; expires=Thu, 01-Jul-2027 23:35:18 GMT; Max-Age=315360000 <br>Location: http://ww11.lagabas.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: lagabas.se <br>Referer: http://www.google.com/search?q=lagabas.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 03 Jul 2017 23:35:17 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1499124917.8356931; expires=Thu, 01-Jul-2027 23:35:17 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoTyhEAxOsUZ487VCrrWL6cQWLvyQAa9lgt%2BrnZ2%2FgLXlOByroCR%2Bky8hjdKiQUCNkn61%2BQMOkIFOzMBBwsIUbxSBU7k%2BVFnJ0fv9V9trYHBOe5OsqUMidou%2F8UUWIWH0hmjJQdZGMk2JP0H%2F9sF%2Bj1z4R3ljqaf2RBn0gpCCpbZrtJkAiY0wnicqdUWqyAwHa9v74RqXh4k6j7wlq1lcxjdnKIhQGXlHYz6ke0oTnaMbheIfnO0CPk43%2BevbnCoqKPwAyDQY3hr4xzkSr1FzeAcvsLZmppspA3l8dbAUGDQInl2BnjzdsXHQrBpIlgW87VZGTfqyjGzb6XEhhJIovrPFRX32jrHN5PCAulLKw%2BEH9KQrl0NUwRh9seZjPP9y%2BycXnpRRI8i9BV1sK9SvUKQM0q7WSbv4TID%2FTHudWBdxt9kFpLf7JeZQtonCZf%2FA7ayoESpjFoFQkVep1uKtKAiCj1Tx%2BpWIDFEYQwsbxTQUAuwaCDrdkFVuBihivn5HDRc7V5Q%2FFDgKBep7mTuuuH5s%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>lagabas.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-198.above.com1499173255http://fernanda.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://fernanda.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Tue, 20 Jun 2017 21:32:04 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRVt4OtSj%2F20rMoIo0nutKxYTeAUgVsWp1IoJtjbRkv7uGvKhYnuL1YdaEwPMj%2B9dprXI2YQ1oHGoRrK7jLEEDTUxVc4Gb7yus88RKb7mpyCp1e0vbNfNPw9eSAhbOEzK4AtzJLeziw9WI463AHKvKt7s6qVoou%2B%2Bo38XLFBM6Iov%2FxTbFRqN05SHqbNoRX%2FylqKODUzXWc0GpusBdk1Y0pazhzlHYNEX61eBRwzGLShehroYhPPmRl9KV6YuoPwl8WgqwztnxCgyydrdlW%2FWiucOm4gSfOoBdAx4bUIe5%2FaW1SO%2B%2ByqtpS66jmH6EL9iykIJ6F5xaFE8rpQpYczQd2brKSVeb1%2FzgeOaWiH1BCLYCL2JxjUtmGua2xJJCWUjNWao5MRTrgNBY9YlxGSrsvntORwaPTJLdVfTXeMgMtxhHxH57M9Yt%2B%2BLdRPoO9Dh47y6Rr2fwKysGILyYw%2BVwG4Ach%2BmsSYKJt%2FNx8G7bvcdwsbaSp4ag9Mz1JNc8lyZ7mLLhCNMJXrg%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fernanda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 19:32:04 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497987124.5031990; expires=Fri, 18-Jun-2027 19:32:04 GMT; Max-Age=315360000 <br>Location: http://ww11.fernanda.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: fernanda.se <br>Referer: http://www.google.com/search?q=fernanda.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Tue, 20 Jun 2017 19:32:03 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497987123.8233451; expires=Fri, 18-Jun-2027 19:32:03 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3OnBIzJNWcRVt4OtSj%2F20rMoIo0nutKxYTeAUgVsWp1IoJtjbRkv7uGvKhYnuL1YdaEwPMj%2B9dprXI2YQ1oHGoRrK7jLEEDTUxVc4Gb7yus88RKb7mpyCp1e0vbNfNPw9eSAhbOEzK4AtzJLeziw9WI463AHKvKt7s6qVoou%2B%2Bo38XLFBM6Iov%2FxTbFRqN05SHqbNoRX%2FylqKODUzXWc0GpusBdk1Y0pazhzlHYNEX61eBRwzGLShehroYhPPmRl9KV6YuoPwl8WgqwztnxCgyydrdlW%2FWiucOm4gSfOoBdAx4bUIe5%2FaW1SO%2B%2ByqtpS66jmH6EL9iykIJ6F5xaFE8rpQpYczQd2brKSVeb1%2FzgeOaWiH1BCLYCL2JxjUtmGua2xJJCWUjNWao5MRTrgNBY9YlxGSrsvntORwaPTJLdVfTXeMgMtxhHxH57M9Yt%2B%2BLdRPoO9Dh47y6Rr2fwKysGILyYw%2BVwG4Ach%2BmsSYKJt%2FNx8G7bvcdwsbaSp4ag9Mz1JNc8lyZ7mLLhCNMJXrg%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>fernanda.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-198.above.com abuse@above.com1498049977http://hemment.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://hemment.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Mon, 19 Jun 2017 05:20:41 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjIeAYDFgchMrHEUHSKYWUPC2LH%2B1SOiiFksJRJPsMXDAWiUYBdwTPYDOzZ29c1jdQkZiGokZDUnRXYmZVUpmZxIZRJd4JgESTgo9J4111254DRJONmXTdt0592TFKxxJ250nUuTGSnCjAK528QVUYrcdJn5NZz1%2FBf9K0eFNmSl6BowXNLbt6JGzuuzBPvqJB8EXSzPm8APaKPcYPkYQTJeLKs%2BTdLa41%2B1eyDbqfZ50%2BFv1UPmwMRpwcvu7jwMH%2B%2Fi9zqEc84JYwMaDFoZh6Gt9M7tfnDQjNxv6I6mmxCxP1HyxrX5WkDlPrGqZF4IZnN%2Bfx%2FwaWkK%2BXeZCgBSTtygJHr9GQGu2oPlNdqoyIktugvjoxpQd%2F48ePMGOhIgVRrRT%2FkbCLEgf1pVGPqYpyAc3oyBgNc540dhmelxHpAA0XEIPlc5RZCsrj%2FOQvigCylhix2yUihugSYR10l2QIpSCgcLHWJS7OS%2Fu7JSX6m5qvHEq1BHegGn1CwVEtx2ZBLvWPFJQf9XFF8M0CtycrpQ%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: hemment.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 03:20:42 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497842442.6700011; expires=Thu, 17-Jun-2027 03:20:42 GMT <br>Location: http://ww11.hemment.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: hemment.se <br>Referer: http://www.google.com/search?q=hemment.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Mon, 19 Jun 2017 03:20:41 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497842441.4701028; expires=Thu, 17-Jun-2027 03:20:41 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjIeAYDFgchMrHEUHSKYWUPC2LH%2B1SOiiFksJRJPsMXDAWiUYBdwTPYDOzZ29c1jdQkZiGokZDUnRXYmZVUpmZxIZRJd4JgESTgo9J4111254DRJONmXTdt0592TFKxxJ250nUuTGSnCjAK528QVUYrcdJn5NZz1%2FBf9K0eFNmSl6BowXNLbt6JGzuuzBPvqJB8EXSzPm8APaKPcYPkYQTJeLKs%2BTdLa41%2B1eyDbqfZ50%2BFv1UPmwMRpwcvu7jwMH%2B%2Fi9zqEc84JYwMaDFoZh6Gt9M7tfnDQjNxv6I6mmxCxP1HyxrX5WkDlPrGqZF4IZnN%2Bfx%2FwaWkK%2BXeZCgBSTtygJHr9GQGu2oPlNdqoyIktugvjoxpQd%2F48ePMGOhIgVRrRT%2FkbCLEgf1pVGPqYpyAc3oyBgNc540dhmelxHpAA0XEIPlc5RZCsrj%2FOQvigCylhix2yUihugSYR10l2QIpSCgcLHWJS7OS%2Fu7JSX6m5qvHEq1BHegGn1CwVEtx2ZBLvWPFJQf9XFF8M0CtycrpQ%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>hemment.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-198.above.com1497853560http://anatgning.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://anatgning.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Sun, 18 Jun 2017 23:05:05 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjn9L6xIgxgdeC%2BTeMlXLxkg5WiaVD0zWNbpBYxlF8UgYZWPCSx5LHpggYBjdZpA1obpo8wjWhtel6j253tDnxvOCuY%2BxG%2BBec2P0e0hsKhypmxGgiQTUgLvkjEJoRCTNo2FPIg0kX5Nw6l2VPyQ3kAZYzSREJvA%2BJ7OjU2t%2FCwv4oM3KUWEtLqg7JGdOiAf8ammAu2MOWuMAxIRcT7Fp7x%2F5aIibmwbK7zROHOczQzilToJxHLlOyNBLDoj0OPP%2Fe9s85dz6PX%2Fp2OcF1q2HbqrYEc5yG%2BjnnqGoKFXJEpC5Q0lSwX%2BFHJOdI1az91s4%2BBVY%2BcjgKf%2BS8jgJAwInjeT3YjbZuJwut2Q8k8Rk8yt2EgLFdnSa64vqvim%2BzOe46eiJPv3KXhnC7S3MDsWAGOZOGfLPv77LQDrIFEmP3xJurDPFnqeKutCSrqarMyfZDf00u6YXdX0B4ZxVI%2FpANol8dBPu6pTwXkvfiQ%2FH5MYEMZR0c5IumL2MVs%2BnSpuan%2ByMBvjpiyHhG0byvBFWX%2BLUeXjuOn9L1 <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: anatgning.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Sun, 18 Jun 2017 21:05:06 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497819906.3998253; expires=Wed, 16-Jun-2027 21:05:06 GMT <br>Location: http://ww38.anatgning.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: anatgning.se <br>Referer: http://www.google.com/search?q=anatgning.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Sun, 18 Jun 2017 21:05:05 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497819905.7468986; expires=Wed, 16-Jun-2027 21:05:05 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjn9L6xIgxgdeC%2BTeMlXLxkg5WiaVD0zWNbpBYxlF8UgYZWPCSx5LHpggYBjdZpA1obpo8wjWhtel6j253tDnxvOCuY%2BxG%2BBec2P0e0hsKhypmxGgiQTUgLvkjEJoRCTNo2FPIg0kX5Nw6l2VPyQ3kAZYzSREJvA%2BJ7OjU2t%2FCwv4oM3KUWEtLqg7JGdOiAf8ammAu2MOWuMAxIRcT7Fp7x%2F5aIibmwbK7zROHOczQzilToJxHLlOyNBLDoj0OPP%2Fe9s85dz6PX%2Fp2OcF1q2HbqrYEc5yG%2BjnnqGoKFXJEpC5Q0lSwX%2BFHJOdI1az91s4%2BBVY%2BcjgKf%2BS8jgJAwInjeT3YjbZuJwut2Q8k8Rk8yt2EgLFdnSa64vqvim%2BzOe46eiJPv3KXhnC7S3MDsWAGOZOGfLPv77LQDrIFEmP3xJurDPFnqeKutCSrqarMyfZDf00u6YXdX0B4ZxVI%2FpANol8dBPu6pTwXkvfiQ%2FH5MYEMZR0c5IumL2MVs%2BnSpuan%2ByMBvjpiyHhG0byvBFWX%2BLUeXjuOn9L1 <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>anatgning.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-198.above.com1497853517http://letsbefrank.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://letsbefrank.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Jun 2017 12:01:12 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfUEGrU1xxjzRIH2sGuTrqez1xjIAlzogTmiW0RoX0fndMzFMAGUGOeChrmfx2dzVwkVMzgsBewCKzwBQt8BnoHMTviSawXJYGBk%2FdaUvXkF3zMqLBWb3r%2F8SGpWryWeCJtl2elY2gzVG1oeejMhBNJpXu9X%2FFrhIaKSfXjwvj9aVGlH%2B9ryMAxZIkmV0%2BLg0vMAY1bGNSYRQUXWRBW457eprrSy37nIXzBd5jKibqLrs5PcUPDPjrMT68TaCIGEgAGiuTOfxD4tfZzRMGnkQe8%2BJyF%2FsdKTN79dm4WVqnJFqZk%2B2Z8z5fGIXPGV%2Fh84L1%2B9FlYzUahnQ3%2FrnQjJUjGDR%2FLmiKHvI%2FucDsAKSq4JrmBLRk7cLWqtLk1yYNNT9eGl8lSoW8hXB7VwcBTXcztUJvRe2l3uxgzBP9h4E0tQYyAmd8Pb3bqswJGL78k8SUDdEetNbOmcajCigIKL4MN87zk1xJ%2Fd6YfxHaqc80T5J8z%2B5yRxe7WUQTKPeRj%2BynWuQYlYUYeR%2B5zRSH%2FqmffGv8J3QMTAAA <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: letsbefrank.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 10:01:11 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497607272.1373552; expires=Mon, 14-Jun-2027 10:01:12 GMT <br>Location: http://ww11.letsbefrank.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: letsbefrank.se <br>Referer: http://www.google.com/search?q=letsbefrank.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 10:01:10 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497607270.7837129; expires=Mon, 14-Jun-2027 10:01:10 GMT <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfUEGrU1xxjzRIH2sGuTrqez1xjIAlzogTmiW0RoX0fndMzFMAGUGOeChrmfx2dzVwkVMzgsBewCKzwBQt8BnoHMTviSawXJYGBk%2FdaUvXkF3zMqLBWb3r%2F8SGpWryWeCJtl2elY2gzVG1oeejMhBNJpXu9X%2FFrhIaKSfXjwvj9aVGlH%2B9ryMAxZIkmV0%2BLg0vMAY1bGNSYRQUXWRBW457eprrSy37nIXzBd5jKibqLrs5PcUPDPjrMT68TaCIGEgAGiuTOfxD4tfZzRMGnkQe8%2BJyF%2FsdKTN79dm4WVqnJFqZk%2B2Z8z5fGIXPGV%2Fh84L1%2B9FlYzUahnQ3%2FrnQjJUjGDR%2FLmiKHvI%2FucDsAKSq4JrmBLRk7cLWqtLk1yYNNT9eGl8lSoW8hXB7VwcBTXcztUJvRe2l3uxgzBP9h4E0tQYyAmd8Pb3bqswJGL78k8SUDdEetNbOmcajCigIKL4MN87zk1xJ%2Fd6YfxHaqc80T5J8z%2B5yRxe7WUQTKPeRj%2BynWuQYlYUYeR%2B5zRSH%2FqmffGv8J3QMTAAA <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>letsbefrank.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@lb-212-198.above.com abuse@above.com1497625749http://badschop.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://badschop.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Jun 2017 05:03:18 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfUVzcurUypFMXNN%2F0Yb%2FmfPjduKATVJhyPMeuQqZpw%2B4g3Q6qKvrObyzpEFp1nsqLMb%2F0x1pozSzbeLYxcxJHaYtaieBUA2bu74c0sdt1JqLxtFHA1Xo%2BBGMU38IuU8R3zM4ufF8JJ1%2FXAHd4hoj64%2BbFrU3sJ%2B1px7LWglfgaPGviXiXJLGLGqxCNxAtGt5ME65IaM4yAWPUVCgICDf8gkIq1y08vRg%2FtIDJKH6rLmTOtvmD%2Bz1JY4tCsu%2Fm28pbCaByyyLhyKhwoYBkYYLMKBodKjMzjT%2F4eEuNCwyr%2B7piCE%2FIEs3H5b5o%2FBdc0lkJW2ZPCf%2BCLSfIEoyA2Hk8%2FO8lPThKP05IOIS%2FdLgmwDgpCOx024rvVBXGTk39eZaznyCBQGSrby%2FkBh7ns70laTh7HY9jUj6QxxU3RYVOwgzk9gLb70OykgcVYtGQYChnynZovn2csGprXc16WxT14KvLDs7KW7MF%2BFuonwZYLUc0zjRNulcuOuUaguB8oqS4OfAIrGzMhDV1D%2BR7u5zukw%3D%3D <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: badschop.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 03:03:18 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497582198.2545727; expires=Mon, 14-Jun-2027 03:03:18 GMT; Max-Age=315360000 <br>Location: http://ww11.badschop.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: badschop.se <br>Referer: http://www.google.com/search?q=badschop.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Fri, 16 Jun 2017 03:03:17 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497582198.5501301; expires=Mon, 14-Jun-2027 03:03:18 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfUVzcurUypFMXNN%2F0Yb%2FmfPjduKATVJhyPMeuQqZpw%2B4g3Q6qKvrObyzpEFp1nsqLMb%2F0x1pozSzbeLYxcxJHaYtaieBUA2bu74c0sdt1JqLxtFHA1Xo%2BBGMU38IuU8R3zM4ufF8JJ1%2FXAHd4hoj64%2BbFrU3sJ%2B1px7LWglfgaPGviXiXJLGLGqxCNxAtGt5ME65IaM4yAWPUVCgICDf8gkIq1y08vRg%2FtIDJKH6rLmTOtvmD%2Bz1JY4tCsu%2Fm28pbCaByyyLhyKhwoYBkYYLMKBodKjMzjT%2F4eEuNCwyr%2B7piCE%2FIEs3H5b5o%2FBdc0lkJW2ZPCf%2BCLSfIEoyA2Hk8%2FO8lPThKP05IOIS%2FdLgmwDgpCOx024rvVBXGTk39eZaznyCBQGSrby%2FkBh7ns70laTh7HY9jUj6QxxU3RYVOwgzk9gLb70OykgcVYtGQYChnynZovn2csGprXc16WxT14KvLDs7KW7MF%2BFuonwZYLUc0zjRNulcuOuUaguB8oqS4OfAIrGzMhDV1D%2BR7u5zukw%3D%3D <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>badschop.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-198.above.com1497625591http://arbetsfformedlingen.se/ (103.224.212.198) - Serp-hijackingAttacked url: http://arbetsfformedlingen.se/<br>Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)<br>Attack detected Fri, 16 Jun 2017 01:41:02 +0200<br><br>Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rftM00p6NhWhDQCJgFbeYuagN%2BN8TTVHDO389ja1HNjELY4VnT5YRV8MJOGV2OFn69TER6snWS7MWsUzWjGJsk%2B7CjZMWGpeYfbxg8%2Bb5pMjxTncOhrpqarxHdvtP0PNfFqDkmoqnHEHw45dO9pk0UeJ5we86WInyUsZK%2BFbUXFXltOmfxyNyrwgOADOoHPQgIusXZxxuuG1EN6Tl4GeoBLlQ%2BxqwZUEiePn87tfRvaatn2l3W9BD9N%2FHcMRmYLNv5VpoK8VzpGYXbpQnfCae%2Fga5lk6Ha%2BORCzVV9Q4K6v5RItPOtOS1lb8GrlfSlk%2FetjcToawkX3pZCcDXiNoNHP8Tl3H4%2BxQ9druznnzLhBpK1lQQw59L4dmjhqzBITXDDH2UxtzZ99PTqX%2FV1pkIG8u71jRLvdm8tMPtq%2Fzbus9cpqPFOLiso3JtojC9BD84rdpi%2BmuqAEzEoJAlKAce1csdNzXpsxMR3o2VYhSuAQH8lNY9r1z4WTBrVOFE1wwFFHeKH82f7G1jqp6p239WewUVHsahniBttVuhWVzcQfMFG%2BtlejfoZRCiiskAsvmqR <br><br>HTTP traffic without referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: arbetsfformedlingen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 15 Jun 2017 23:41:02 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.4.45-0+deb7u8 <br>Set-Cookie: __tad=1497570062.1743508; expires=Sun, 13-Jun-2027 23:41:02 GMT <br>Location: http://ww11.arbetsfformedlingen.se/ <br>Connection: close <br>Content-Type: text/html; charset=UTF-8 <br> <br><br>HTTP traffic with referer:<br>HTTP headers sent:<br>HEAD / HTTP/1.1 <br>Host: arbetsfformedlingen.se <br>Referer: http://www.google.com/search?q=arbetsfformedlingen.se <br>Connection: Close <br> <br>HTTP headers recieved:<br>HTTP/1.1 302 Found <br>Date: Thu, 15 Jun 2017 23:41:01 GMT <br>Server: Apache <br>X-Powered-By: PHP/5.6.30-0+deb8u1 <br>Set-Cookie: __tad=1497570061.8278854; expires=Sun, 13-Jun-2027 23:41:01 GMT; Max-Age=315360000 <br>Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rftM00p6NhWhDQCJgFbeYuagN%2BN8TTVHDO389ja1HNjELY4VnT5YRV8MJOGV2OFn69TER6snWS7MWsUzWjGJsk%2B7CjZMWGpeYfbxg8%2Bb5pMjxTncOhrpqarxHdvtP0PNfFqDkmoqnHEHw45dO9pk0UeJ5we86WInyUsZK%2BFbUXFXltOmfxyNyrwgOADOoHPQgIusXZxxuuG1EN6Tl4GeoBLlQ%2BxqwZUEiePn87tfRvaatn2l3W9BD9N%2FHcMRmYLNv5VpoK8VzpGYXbpQnfCae%2Fga5lk6Ha%2BORCzVV9Q4K6v5RItPOtOS1lb8GrlfSlk%2FetjcToawkX3pZCcDXiNoNHP8Tl3H4%2BxQ9druznnzLhBpK1lQQw59L4dmjhqzBITXDDH2UxtzZ99PTqX%2FV1pkIG8u71jRLvdm8tMPtq%2Fzbus9cpqPFOLiso3JtojC9BD84rdpi%2BmuqAEzEoJAlKAce1csdNzXpsxMR3o2VYhSuAQH8lNY9r1z4WTBrVOFE1wwFFHeKH82f7G1jqp6p239WewUVHsahniBttVuhWVzcQfMFG%2BtlejfoZRCiiskAsvmqR <br>Connection: close <br>Content-Type: text/html; charset=UTF-8<br><br>arbetsfformedlingen.se is on 103.224.212.198<br>ASN for 103.224.212.198: 133618<br>Abusix contact information: abuse@trellian.com (information only)<br>103.224.212.198 corresponds with lb-212-198.above.com<br>Abuse.net does not have any reliable address for lb-212-198.above.com<br>Abuse address not found in whois.<br>Best guess from abuse.net: abuse@above.com abuse@lb-212-198.above.com1497625489