Attacked url: http://sweflim.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Fri, 16 Jun 2017 10:43:47 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfdAt%2FhSS%2BQgqzPNAC7rDpxvQM93ODBMy4%2BFmO9jiRJnD7bp%2FaPy%2FtFxjRNCJm%2By03F7Zsxr%2FDPiwNy7hPTjhjy9YKbvla4rx0J9PLWEUN6gKczXBfaMGuAo0Vrl%2F3EARbQcDEZ6lFtFhaifGYUiVD8sjiErsuUDFkZI0rbviWkq9RZ9nFbw809PMXeDWCwMxRcwNSxmeUHCyaHceIPPtJY3ndx64Be71TI%2BsR4V6FPt5AQtneuNtHIoTX1XKgQn8gzsgMT8G0%2FdhwoCcGlNsxVRfICl4dUhOgtzFCm3pWYQACIVSaTZBUuH3KykFAol7dXH55WFbWFb%2FbXmVRJCfKVRpxx%2BS%2B1N3sa57WsSUESajxoQyRXkEDXj5EQE00w1C0ElgSFkgW3XBqcS0yG50ZpEx7jIWolWEeg5ScLKSlzXZFnbt2RCzrGEDmUgK0lHJoJMcyEf95F0irgYkCC0kJSKoDgnvCRd8Y6ortxukxCoT0IcmTjyeUXjTMOLa7mmjpsmpUL%2B%2F2wf8xQV0rs3VRag%3D%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: sweflim.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 08:43:47 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497602627.7366649; expires=Mon, 14-Jun-2027 08:43:47 GMT
Location: http://ww11.sweflim.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: sweflim.se
Referer: http://www.google.com/search?q=sweflim.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 08:43:46 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497602626.5238224; expires=Mon, 14-Jun-2027 08:43:46 GMT
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfdAt%2FhSS%2BQgqzPNAC7rDpxvQM93ODBMy4%2BFmO9jiRJnD7bp%2FaPy%2FtFxjRNCJm%2By03F7Zsxr%2FDPiwNy7hPTjhjy9YKbvla4rx0J9PLWEUN6gKczXBfaMGuAo0Vrl%2F3EARbQcDEZ6lFtFhaifGYUiVD8sjiErsuUDFkZI0rbviWkq9RZ9nFbw809PMXeDWCwMxRcwNSxmeUHCyaHceIPPtJY3ndx64Be71TI%2BsR4V6FPt5AQtneuNtHIoTX1XKgQn8gzsgMT8G0%2FdhwoCcGlNsxVRfICl4dUhOgtzFCm3pWYQACIVSaTZBUuH3KykFAol7dXH55WFbWFb%2FbXmVRJCfKVRpxx%2BS%2B1N3sa57WsSUESajxoQyRXkEDXj5EQE00w1C0ElgSFkgW3XBqcS0yG50ZpEx7jIWolWEeg5ScLKSlzXZFnbt2RCzrGEDmUgK0lHJoJMcyEf95F0irgYkCC0kJSKoDgnvCRd8Y6ortxukxCoT0IcmTjyeUXjTMOLa7mmjpsmpUL%2B%2F2wf8xQV0rs3VRag%3D%3D
Connection: close
Content-Type: text/html; charset=UTF-8

sweflim.se is on 103.224.212.193
ASN for 103.224.212.193: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.193 corresponds with lb-212-193.above.com
Abuse.net does not have any reliable address for lb-212-193.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@lb-212-193.above.com abuse@above.com