Attacked url: http://bussfabriken.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Tue, 13 Jun 2017 03:04:04 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3gQkIDbz2IDsXKuuQcAfPxcyaYjwtt99gAtGGmuStmkG2JivqlP%2FkNEeWLxVJlVL5bvCcoKQ0JoqiIMGlZ7iu4O9DHKu8FaGNHxp6%2F9JP24YAE9Jfs%2BAb%2BbbmaVTgBEzH8M0XH6688E0YzI4XJjI1LpAozDphnk6ylSV1l3eQG7PckXu2W%2FJAWI9At8SY%2FY7dvXI%2BkpbG%2FuEMv%2B69KDLjZvM6KJzN5xl1r6MXCPzq2SdnPBrxmvZUWEoSrLIu7kYdY7hqfLTbSEoTPIHYHma6YSTS%2BRiOh6VYJ0PPl54XwfZyGkrArVP6%2FcbEPRJ1iu9Xh5byVLsjTmcHXA0bZBGmT3nEOCPJT%2BGf8O3o3%2B0HBiS9nqgTlQ8gVJo80KQZiIX6QJgjTqv5%2F93rm4t0xLiyGeS2v0aTQfElkT%2FcppKLK6HP7o3cUMKBD7odIAQJ38Xf3x1nDST%2FszDzxoIlk%2FKTv9g8z6GKrerFXnMnTImEeu48aW6aXVZtuxGSRaNMfm6QspcK2wijjxHxZNlQtAaJEXhhKq1S38bWuptVnDhLKQ2xK3ZTdfXL4%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: bussfabriken.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Tue, 13 Jun 2017 01:04:04 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497315844.8216805; expires=Fri, 11-Jun-2027 01:04:04 GMT
Location: http://ww11.bussfabriken.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: bussfabriken.se
Referer: http://www.google.com/search?q=bussfabriken.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Tue, 13 Jun 2017 01:04:03 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497315843.5637757; expires=Fri, 11-Jun-2027 01:04:03 GMT; Max-Age=315360000
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT3gQkIDbz2IDsXKuuQcAfPxcyaYjwtt99gAtGGmuStmkG2JivqlP%2FkNEeWLxVJlVL5bvCcoKQ0JoqiIMGlZ7iu4O9DHKu8FaGNHxp6%2F9JP24YAE9Jfs%2BAb%2BbbmaVTgBEzH8M0XH6688E0YzI4XJjI1LpAozDphnk6ylSV1l3eQG7PckXu2W%2FJAWI9At8SY%2FY7dvXI%2BkpbG%2FuEMv%2B69KDLjZvM6KJzN5xl1r6MXCPzq2SdnPBrxmvZUWEoSrLIu7kYdY7hqfLTbSEoTPIHYHma6YSTS%2BRiOh6VYJ0PPl54XwfZyGkrArVP6%2FcbEPRJ1iu9Xh5byVLsjTmcHXA0bZBGmT3nEOCPJT%2BGf8O3o3%2B0HBiS9nqgTlQ8gVJo80KQZiIX6QJgjTqv5%2F93rm4t0xLiyGeS2v0aTQfElkT%2FcppKLK6HP7o3cUMKBD7odIAQJ38Xf3x1nDST%2FszDzxoIlk%2FKTv9g8z6GKrerFXnMnTImEeu48aW6aXVZtuxGSRaNMfm6QspcK2wijjxHxZNlQtAaJEXhhKq1S38bWuptVnDhLKQ2xK3ZTdfXL4%3D
Connection: close
Content-Type: text/html; charset=UTF-8

bussfabriken.se is on 103.224.212.185
ASN for 103.224.212.185: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.185 corresponds with lb-212-185.above.com
Abuse.net does not have any reliable address for lb-212-185.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@above.com abuse@lb-212-185.above.com