Attacked url: http://icababnken.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Fri, 16 Jun 2017 09:20:47 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfE0R%2B4ks822V9hjlN8p%2FV9qMV9%2BnnIdeobshu%2Fdo3EdAgyjlr3tPabDkNsNT6vBE%2FrcLepDmeIvhXskRkYfYg0Bs46X%2BKGqeMobv0cQ9yyq1Ld6oPIfs1sEporVCAQX8d9GyptHE4RWdixhI34D62zSGTagF5nG6Jyreg1uiIRO%2Bg9WJVRM6DNzEmED6ypmiZuVv1fT51Eo7S6suVc7f%2F4N4eyFPVGPuPJQAaPzmuB2uKJ0MoBa8P58Xva9H%2FAqXG7%2BGZWVYACuK%2Fncs3KJvpBo0CIpDFIdmHk9RBgMGPST6t5WSBxxE4aWvQK0KlvinTrvHZ5QsPVI2FsKATuMkPvV7wx%2Fp%2Bg3wRhtbmL%2F0I%2B2ihRTdgjF5uQ7beHNN%2Bx2U1j%2BOfGc5atKtByHK0Un3bZpda%2BAx8jiY%2BaYKw3uYOT8BIc2zwSGpwa16%2FhaaROHtsDnGudlrBW9shfdvPV9r7Lys6VR45tRzIYREAlNHEJUoWE9DQird8u1ADD7QROU%2Fqy3YmwLeXVxS3dAf8U7xaSA%3D%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: icababnken.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 07:20:47 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497597647.3063756; expires=Mon, 14-Jun-2027 07:20:47 GMT
Location: http://ww11.icababnken.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: icababnken.se
Referer: http://www.google.com/search?q=icababnken.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 07:20:46 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497597646.5794327; expires=Mon, 14-Jun-2027 07:20:46 GMT; Max-Age=315360000
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfE0R%2B4ks822V9hjlN8p%2FV9qMV9%2BnnIdeobshu%2Fdo3EdAgyjlr3tPabDkNsNT6vBE%2FrcLepDmeIvhXskRkYfYg0Bs46X%2BKGqeMobv0cQ9yyq1Ld6oPIfs1sEporVCAQX8d9GyptHE4RWdixhI34D62zSGTagF5nG6Jyreg1uiIRO%2Bg9WJVRM6DNzEmED6ypmiZuVv1fT51Eo7S6suVc7f%2F4N4eyFPVGPuPJQAaPzmuB2uKJ0MoBa8P58Xva9H%2FAqXG7%2BGZWVYACuK%2Fncs3KJvpBo0CIpDFIdmHk9RBgMGPST6t5WSBxxE4aWvQK0KlvinTrvHZ5QsPVI2FsKATuMkPvV7wx%2Fp%2Bg3wRhtbmL%2F0I%2B2ihRTdgjF5uQ7beHNN%2Bx2U1j%2BOfGc5atKtByHK0Un3bZpda%2BAx8jiY%2BaYKw3uYOT8BIc2zwSGpwa16%2FhaaROHtsDnGudlrBW9shfdvPV9r7Lys6VR45tRzIYREAlNHEJUoWE9DQird8u1ADD7QROU%2Fqy3YmwLeXVxS3dAf8U7xaSA%3D%3D
Connection: close
Content-Type: text/html; charset=UTF-8

icababnken.se is on 103.224.212.187
ASN for 103.224.212.187: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.187 corresponds with lb-212-187.above.com
Abuse.net does not have any reliable address for lb-212-187.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@lb-212-187.above.com abuse@above.com