Attacked url: http://vwkortet.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Fri, 16 Jun 2017 01:26:04 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfAWgz1f%2Fal%2BqYjr%2BEruEoBQ4A%2FsVfiH05deHApP%2FwOk%2FCtMgLHdx7tJCIqCULL4wVAVJEfdRo2FSIpIwhRW8jMe3HmhE%2FcEJ%2BodXjw53I22mvgZM92TfmNiP%2Fz%2BiLlv6O4QJLEw5PyarIOx9GTVaI132xWB%2BX5kN7r8pmY7%2FGzoXfK79c0TIY4PoIcRQljj2gZjdj4yyLRFTlUWwnpXFYhfl%2FPOy4Qx9PAuVo665thmMG30TVuVbLRFTuruyEzGpvlqX3A%2FohUouULfTEe5MSAw9oErRLIX1Vc0fUw6RfAaQ93djyb5hbegni39E%2B7TcUEj1xbG6HEyfV30Q5K%2FxBTCsQN%2F9se1Jv4VUyfaTAlP%2Fn0DUegzIlBYL7kuNkhstSZQB5sc0cddsPGDrq2pGtkICHQpdhj0uiuCAsa7mo%2FHgoluHa7hxwRGopjL54bJ47wGrcMi52TwVkqcViz1IeFWLUcXEff%2Fz2cqJskyXmEqxgBLf2RDqlyhL27ElOP0wNOhyj7z3505s%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: vwkortet.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Thu, 15 Jun 2017 23:26:12 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497569172.4622706; expires=Sun, 13-Jun-2027 23:26:12 GMT
Location: http://ww1.vwkortet.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: vwkortet.se
Referer: http://www.google.com/search?q=vwkortet.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Thu, 15 Jun 2017 23:26:11 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497569171.5911873; expires=Sun, 13-Jun-2027 23:26:11 GMT
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfAWgz1f%2Fal%2BqYjr%2BEruEoBQ4A%2FsVfiH05deHApP%2FwOk%2FCtMgLHdx7tJCIqCULL4wVAVJEfdRo2FSIpIwhRW8jMe3HmhE%2FcEJ%2BodXjw53I22mvgZM92TfmNiP%2Fz%2BiLlv6O4QJLEw5PyarIOx9GTVaI132xWB%2BX5kN7r8pmY7%2FGzoXfK79c0TIY4PoIcRQljj2gZjdj4yyLRFTlUWwnpXFYhfl%2FPOy4Qx9PAuVo665thmMG30TVuVbLRFTuruyEzGpvlqX3A%2FohUouULfTEe5MSAw9oErRLIX1Vc0fUw6RfAaQ93djyb5hbegni39E%2B7TcUEj1xbG6HEyfV30Q5K%2FxBTCsQN%2F9se1Jv4VUyfaTAlP%2Fn0DUegzIlBYL7kuNkhstSZQB5sc0cddsPGDrq2pGtkICHQpdhj0uiuCAsa7mo%2FHgoluHa7hxwRGopjL54bJ47wGrcMi52TwVkqcViz1IeFWLUcXEff%2Fz2cqJskyXmEqxgBLf2RDqlyhL27ElOP0wNOhyj7z3505s%3D
Connection: close
Content-Type: text/html; charset=UTF-8

vwkortet.se is on 103.224.212.194
ASN for 103.224.212.194: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.194 corresponds with lb-212-194.above.com
Abuse.net does not have any reliable address for lb-212-194.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@above.com abuse@lb-212-194.above.com