Attacked url: http://varmdokomun.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Fri, 16 Jun 2017 08:10:39 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rf%2BzKnwfR5ohpcv0zWKV3nxsrpvZd4FAWCfGDSyVm8Kd3R4XlUYvWarN6SAK6p1c%2B%2BwqmMQ5eWKJzH675q2FbnsiS1IQFXa34LoS2NXrux2FwRtxuU3tAo2ruVxhEJgNx2Y4xYpEJlTvCk5XfiBgq644Z%2BCEaxVSw%2B%2FVKz7ufV72Ajx1kR%2BxgIEElNDVqK5TBTsOsSM8MQWtS5oiBvzmnCKyeL0DRuq%2FxiqdlVd4YTvOjqgIcLo%2F2XH7nqybTYEGGCJGiDCRJqLoP76nAxU8nl9pgtcYdBACE8xIr0WrJICiFN%2FBAXP7kunQ6vHb0yVtcUQh%2BKDoCwJ1It1ugzPvBWQI8ELrzDvAlLmlo22Qmqktz%2BSOTlvb1yoTFwMXhaq7%2BG8JZU5vYPWo60psVYybF3twdHsoYgXuEVU1jT8%2Bn9JTPaco5DNdYDHoKAsYPgpoQ0q2ZP%2By0IyJERLtFywDK7R4oV0evaTWWG%2F8hPr0DVmzKnOwaDrHmF3pYG48D928865c%2BWRpN4y2Re658es4oZng%3D%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: varmdokomun.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 06:10:39 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497593439.3966714; expires=Mon, 14-Jun-2027 06:10:39 GMT; Max-Age=315360000
Location: http://ww11.varmdokomun.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: varmdokomun.se
Referer: http://www.google.com/search?q=varmdokomun.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 06:10:38 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497593438.5020789; expires=Mon, 14-Jun-2027 06:10:38 GMT
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rf%2BzKnwfR5ohpcv0zWKV3nxsrpvZd4FAWCfGDSyVm8Kd3R4XlUYvWarN6SAK6p1c%2B%2BwqmMQ5eWKJzH675q2FbnsiS1IQFXa34LoS2NXrux2FwRtxuU3tAo2ruVxhEJgNx2Y4xYpEJlTvCk5XfiBgq644Z%2BCEaxVSw%2B%2FVKz7ufV72Ajx1kR%2BxgIEElNDVqK5TBTsOsSM8MQWtS5oiBvzmnCKyeL0DRuq%2FxiqdlVd4YTvOjqgIcLo%2F2XH7nqybTYEGGCJGiDCRJqLoP76nAxU8nl9pgtcYdBACE8xIr0WrJICiFN%2FBAXP7kunQ6vHb0yVtcUQh%2BKDoCwJ1It1ugzPvBWQI8ELrzDvAlLmlo22Qmqktz%2BSOTlvb1yoTFwMXhaq7%2BG8JZU5vYPWo60psVYybF3twdHsoYgXuEVU1jT8%2Bn9JTPaco5DNdYDHoKAsYPgpoQ0q2ZP%2By0IyJERLtFywDK7R4oV0evaTWWG%2F8hPr0DVmzKnOwaDrHmF3pYG48D928865c%2BWRpN4y2Re658es4oZng%3D%3D
Connection: close
Content-Type: text/html; charset=UTF-8

varmdokomun.se is on 103.224.212.194
ASN for 103.224.212.194: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.194 corresponds with lb-212-194.above.com
Abuse.net does not have any reliable address for lb-212-194.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@above.com abuse@lb-212-194.above.com