Attacked url: http://sweru.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Fri, 16 Jun 2017 04:28:09 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfmn9r89F7JUY0HppnNZAN44aTjkfm3P8dWP3wwoRBw16lOB5Ks%2BVmMxzaEpR%2FBDuPdsklV0Xzs2nFMM7Wbl%2BLo3KDy8pU16j1WMVBQOEdeYoI1708FLJYTHwuhHmslNIEuhwWZiGAB%2BDWyDUgeOKt1y5ztxjNgLr8u5Mn0MZNu6Y26xrVjwGxzW9kzmiNpvaYY1zGvR70UhqfaPXnCySZk4c%2BFdk5Un7h7Eql%2BkwryZNouL722DbAp%2Bq53TgPMd3S2Sao%2B04BcuChS4BE1k%2Bgcycd2rYB%2Bdgy35g54hhAjFkCSlmziLw3cqoWRUMiQ3J%2BX5qT5t28efQmSjzo1jxrySWFuq%2BDIKfHpnKV87sOemruxhM0AQX7CK7eNA8eqqOAt3HpltQj7pmh1wuNaFLf2TjzRgWuN3mNBe2yOaIbxy4b4Ratj3%2FoT4yBCCv%2FHVwswspB6k6jxJhv4zVy6qtzKPJwqSJ3PO0rE6eFeSCg070vh4N47Nf%2FF9AqtHCpySVCBPw3J6foEyk%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: sweru.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 02:28:09 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497580089.6871549; expires=Mon, 14-Jun-2027 02:28:09 GMT; Max-Age=315360000
Location: http://ww11.sweru.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: sweru.se
Referer: http://www.google.com/search?q=sweru.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 02:28:08 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497580088.1968508; expires=Mon, 14-Jun-2027 02:28:08 GMT; Max-Age=315360000
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfmn9r89F7JUY0HppnNZAN44aTjkfm3P8dWP3wwoRBw16lOB5Ks%2BVmMxzaEpR%2FBDuPdsklV0Xzs2nFMM7Wbl%2BLo3KDy8pU16j1WMVBQOEdeYoI1708FLJYTHwuhHmslNIEuhwWZiGAB%2BDWyDUgeOKt1y5ztxjNgLr8u5Mn0MZNu6Y26xrVjwGxzW9kzmiNpvaYY1zGvR70UhqfaPXnCySZk4c%2BFdk5Un7h7Eql%2BkwryZNouL722DbAp%2Bq53TgPMd3S2Sao%2B04BcuChS4BE1k%2Bgcycd2rYB%2Bdgy35g54hhAjFkCSlmziLw3cqoWRUMiQ3J%2BX5qT5t28efQmSjzo1jxrySWFuq%2BDIKfHpnKV87sOemruxhM0AQX7CK7eNA8eqqOAt3HpltQj7pmh1wuNaFLf2TjzRgWuN3mNBe2yOaIbxy4b4Ratj3%2FoT4yBCCv%2FHVwswspB6k6jxJhv4zVy6qtzKPJwqSJ3PO0rE6eFeSCg070vh4N47Nf%2FF9AqtHCpySVCBPw3J6foEyk%3D
Connection: close
Content-Type: text/html; charset=UTF-8

sweru.se is on 103.224.212.195
ASN for 103.224.212.195: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.195 corresponds with lb-212-195.above.com
Abuse.net does not have any reliable address for lb-212-195.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@above.com abuse@lb-212-195.above.com