Attacked url: http://korkortsportale.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Sun, 18 Jun 2017 19:18:23 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjqRi%2FeSVUCLZWmX%2FZ%2BN9w5BSdHamh1YoMW6X8rmdacMFw48bQLLNQCu%2FI0qAAQe1Gx63XPex%2Byz7%2FNHrdsEc%2BEZvLXoy%2BYqmT2EFoW6pYWkJlCf9YpAksJ8Edpda88xMnObXCnml%2FBiqwxPpfcvcvFN8hHOzwzBli3d40olXd6p%2F4vvCTDGon7%2B2FHmbQ%2BkTNz5leYg6V3iJQmMnMKSsgFyDAwqRf%2F94f35dS7MFTr5I6%2BGi7cA7lZBPS023CnwSxMCMRevkYUX3dk2lGWwFJBge9C4WJmr4bpPCQGJytFYeBXRdNtGLhEzCxCMhJpzXF3BHEqSX83bPsxs0ol30WzhRraXxNI4Xzd3GPZrfraNQZu%2FOyu7i8ZmWydhR%2BUOA0XBU%2FjLKTT1T8fXCkw%2FWW%2BDcLq5xhJhQEPYbFM5Lw20QDQY0PPcbuvYTv1mk7GRjqe5LQn6KnttoU1ErILeUeyLbwFBHaUK4iUpDN%2B2cbs0u7q6RUcWs46KhRE4RKBtljQTqW9CFTz8XhufVyNuylJjDQQLTgr1i48hAUDRRA4G1IZK4PTnsdvQ%3D%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: korkortsportale.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Sun, 18 Jun 2017 17:18:23 GMT
Server: Apache
X-Powered-By: PHP/5.6.30-0+deb8u1
Set-Cookie: __tad=1497806303.1174041; expires=Wed, 16-Jun-2027 17:18:23 GMT; Max-Age=315360000
Location: http://ww11.korkortsportale.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: korkortsportale.se
Referer: http://www.google.com/search?q=korkortsportale.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Sun, 18 Jun 2017 17:18:22 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497806302.5018884; expires=Wed, 16-Jun-2027 17:18:22 GMT
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjqRi%2FeSVUCLZWmX%2FZ%2BN9w5BSdHamh1YoMW6X8rmdacMFw48bQLLNQCu%2FI0qAAQe1Gx63XPex%2Byz7%2FNHrdsEc%2BEZvLXoy%2BYqmT2EFoW6pYWkJlCf9YpAksJ8Edpda88xMnObXCnml%2FBiqwxPpfcvcvFN8hHOzwzBli3d40olXd6p%2F4vvCTDGon7%2B2FHmbQ%2BkTNz5leYg6V3iJQmMnMKSsgFyDAwqRf%2F94f35dS7MFTr5I6%2BGi7cA7lZBPS023CnwSxMCMRevkYUX3dk2lGWwFJBge9C4WJmr4bpPCQGJytFYeBXRdNtGLhEzCxCMhJpzXF3BHEqSX83bPsxs0ol30WzhRraXxNI4Xzd3GPZrfraNQZu%2FOyu7i8ZmWydhR%2BUOA0XBU%2FjLKTT1T8fXCkw%2FWW%2BDcLq5xhJhQEPYbFM5Lw20QDQY0PPcbuvYTv1mk7GRjqe5LQn6KnttoU1ErILeUeyLbwFBHaUK4iUpDN%2B2cbs0u7q6RUcWs46KhRE4RKBtljQTqW9CFTz8XhufVyNuylJjDQQLTgr1i48hAUDRRA4G1IZK4PTnsdvQ%3D%3D
Connection: close
Content-Type: text/html; charset=UTF-8

korkortsportale.se is on 103.224.212.189
ASN for 103.224.212.189: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.189 corresponds with lb-212-189.above.com
Abuse.net does not have any reliable address for lb-212-189.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@lb-212-189.above.com abuse@above.com