Attacked url: http://laurelltrains.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Fri, 16 Jun 2017 13:30:42 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfxph%2FuRiexLlu7UlM%2BngncBpm7iKBDckFXXmi0TrcxUahFP6VjgGTI1Acjy%2FWLgYt1P3eFKF3MtJEIxGD4mgcrkgbyQ7m8bjNxvjgz6EzdhCHdy8HPBGE3KdWgi69hDb9FDiKcF6XzvkfLujVbjS5PDs%2B82aTCiODQ1rZsYqiwYlhhrmYJ7Aw5FtHgiexCY2Fhj77dY1PI87jLR82uLpXvbXQ%2BATVzks3BQOYBazq2p%2BduW2Pi0W7chYYeaanhMoVnD1Ifzr2SFPSdsQGYCnswDtD%2FeQWwaafuW2qKoknqBHBugYOiTg3502poMQ379N20WnJwCyCipCTUh6SczWfUgLpbNR6di8A2TlpvnRWs5eJzRpwYVbozJTnm%2F5b9d8JNbt0MLl8bVdu%2F0PTuMKyvePvBI3xXi3pre8UL%2B9mfWeylDvqAK%2FN0l%2FWeLz32beML4xSLFZaH8YJVKLMPmeKaeUg%2BZS9RDcFDcqlIAHy4iTlQ5NtRJAIWkXObTu6Jg03ZDrZkkSXBe4Dx%2BHruffH4jZD3iuZu7Jvc6%2BDOzO2fho%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: laurelltrains.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 11:30:42 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497612642.1641462; expires=Mon, 14-Jun-2027 11:30:42 GMT; Max-Age=315360000
Location: http://ww11.laurelltrains.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: laurelltrains.se
Referer: http://www.google.com/search?q=laurelltrains.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Fri, 16 Jun 2017 11:30:41 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497612641.2743196; expires=Mon, 14-Jun-2027 11:30:41 GMT; Max-Age=315360000
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT1U1o%2BKUv4rfxph%2FuRiexLlu7UlM%2BngncBpm7iKBDckFXXmi0TrcxUahFP6VjgGTI1Acjy%2FWLgYt1P3eFKF3MtJEIxGD4mgcrkgbyQ7m8bjNxvjgz6EzdhCHdy8HPBGE3KdWgi69hDb9FDiKcF6XzvkfLujVbjS5PDs%2B82aTCiODQ1rZsYqiwYlhhrmYJ7Aw5FtHgiexCY2Fhj77dY1PI87jLR82uLpXvbXQ%2BATVzks3BQOYBazq2p%2BduW2Pi0W7chYYeaanhMoVnD1Ifzr2SFPSdsQGYCnswDtD%2FeQWwaafuW2qKoknqBHBugYOiTg3502poMQ379N20WnJwCyCipCTUh6SczWfUgLpbNR6di8A2TlpvnRWs5eJzRpwYVbozJTnm%2F5b9d8JNbt0MLl8bVdu%2F0PTuMKyvePvBI3xXi3pre8UL%2B9mfWeylDvqAK%2FN0l%2FWeLz32beML4xSLFZaH8YJVKLMPmeKaeUg%2BZS9RDcFDcqlIAHy4iTlQ5NtRJAIWkXObTu6Jg03ZDrZkkSXBe4Dx%2BHruffH4jZD3iuZu7Jvc6%2BDOzO2fho%3D
Connection: close
Content-Type: text/html; charset=UTF-8

laurelltrains.se is on 103.224.212.192
ASN for 103.224.212.192: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.192 corresponds with lb-212-192.above.com
Abuse.net does not have any reliable address for lb-212-192.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@above.com abuse@lb-212-192.above.com