Attacked url: http://letsbefrank.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Fri, 16 Jun 2017 12:01:12 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfUEGrU1xxjzRIH2sGuTrqez1xjIAlzogTmiW0RoX0fndMzFMAGUGOeChrmfx2dzVwkVMzgsBewCKzwBQt8BnoHMTviSawXJYGBk%2FdaUvXkF3zMqLBWb3r%2F8SGpWryWeCJtl2elY2gzVG1oeejMhBNJpXu9X%2FFrhIaKSfXjwvj9aVGlH%2B9ryMAxZIkmV0%2BLg0vMAY1bGNSYRQUXWRBW457eprrSy37nIXzBd5jKibqLrs5PcUPDPjrMT68TaCIGEgAGiuTOfxD4tfZzRMGnkQe8%2BJyF%2FsdKTN79dm4WVqnJFqZk%2B2Z8z5fGIXPGV%2Fh84L1%2B9FlYzUahnQ3%2FrnQjJUjGDR%2FLmiKHvI%2FucDsAKSq4JrmBLRk7cLWqtLk1yYNNT9eGl8lSoW8hXB7VwcBTXcztUJvRe2l3uxgzBP9h4E0tQYyAmd8Pb3bqswJGL78k8SUDdEetNbOmcajCigIKL4MN87zk1xJ%2Fd6YfxHaqc80T5J8z%2B5yRxe7WUQTKPeRj%2BynWuQYlYUYeR%2B5zRSH%2FqmffGv8J3QMTAAA

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: letsbefrank.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 10:01:11 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497607272.1373552; expires=Mon, 14-Jun-2027 10:01:12 GMT
Location: http://ww11.letsbefrank.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: letsbefrank.se
Referer: http://www.google.com/search?q=letsbefrank.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 10:01:10 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497607270.7837129; expires=Mon, 14-Jun-2027 10:01:10 GMT
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfUEGrU1xxjzRIH2sGuTrqez1xjIAlzogTmiW0RoX0fndMzFMAGUGOeChrmfx2dzVwkVMzgsBewCKzwBQt8BnoHMTviSawXJYGBk%2FdaUvXkF3zMqLBWb3r%2F8SGpWryWeCJtl2elY2gzVG1oeejMhBNJpXu9X%2FFrhIaKSfXjwvj9aVGlH%2B9ryMAxZIkmV0%2BLg0vMAY1bGNSYRQUXWRBW457eprrSy37nIXzBd5jKibqLrs5PcUPDPjrMT68TaCIGEgAGiuTOfxD4tfZzRMGnkQe8%2BJyF%2FsdKTN79dm4WVqnJFqZk%2B2Z8z5fGIXPGV%2Fh84L1%2B9FlYzUahnQ3%2FrnQjJUjGDR%2FLmiKHvI%2FucDsAKSq4JrmBLRk7cLWqtLk1yYNNT9eGl8lSoW8hXB7VwcBTXcztUJvRe2l3uxgzBP9h4E0tQYyAmd8Pb3bqswJGL78k8SUDdEetNbOmcajCigIKL4MN87zk1xJ%2Fd6YfxHaqc80T5J8z%2B5yRxe7WUQTKPeRj%2BynWuQYlYUYeR%2B5zRSH%2FqmffGv8J3QMTAAA
Connection: close
Content-Type: text/html; charset=UTF-8

letsbefrank.se is on 103.224.212.198
ASN for 103.224.212.198: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.198 corresponds with lb-212-198.above.com
Abuse.net does not have any reliable address for lb-212-198.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@lb-212-198.above.com abuse@above.com