Attacked url: http://hemment.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Mon, 19 Jun 2017 05:20:41 +0200

Visitors with referer are redirected to http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjIeAYDFgchMrHEUHSKYWUPC2LH%2B1SOiiFksJRJPsMXDAWiUYBdwTPYDOzZ29c1jdQkZiGokZDUnRXYmZVUpmZxIZRJd4JgESTgo9J4111254DRJONmXTdt0592TFKxxJ250nUuTGSnCjAK528QVUYrcdJn5NZz1%2FBf9K0eFNmSl6BowXNLbt6JGzuuzBPvqJB8EXSzPm8APaKPcYPkYQTJeLKs%2BTdLa41%2B1eyDbqfZ50%2BFv1UPmwMRpwcvu7jwMH%2B%2Fi9zqEc84JYwMaDFoZh6Gt9M7tfnDQjNxv6I6mmxCxP1HyxrX5WkDlPrGqZF4IZnN%2Bfx%2FwaWkK%2BXeZCgBSTtygJHr9GQGu2oPlNdqoyIktugvjoxpQd%2F48ePMGOhIgVRrRT%2FkbCLEgf1pVGPqYpyAc3oyBgNc540dhmelxHpAA0XEIPlc5RZCsrj%2FOQvigCylhix2yUihugSYR10l2QIpSCgcLHWJS7OS%2Fu7JSX6m5qvHEq1BHegGn1CwVEtx2ZBLvWPFJQf9XFF8M0CtycrpQ%3D%3D

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: hemment.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Mon, 19 Jun 2017 03:20:42 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497842442.6700011; expires=Thu, 17-Jun-2027 03:20:42 GMT
Location: http://ww11.hemment.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: hemment.se
Referer: http://www.google.com/search?q=hemment.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Date: Mon, 19 Jun 2017 03:20:41 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-0+deb7u8
Set-Cookie: __tad=1497842441.4701028; expires=Thu, 17-Jun-2027 03:20:41 GMT
Location: http://bidr.trellian.com/r2.php?e=cF8L0S4UvzZFbF2sJTBoT9c2HXXKlhVjIeAYDFgchMrHEUHSKYWUPC2LH%2B1SOiiFksJRJPsMXDAWiUYBdwTPYDOzZ29c1jdQkZiGokZDUnRXYmZVUpmZxIZRJd4JgESTgo9J4111254DRJONmXTdt0592TFKxxJ250nUuTGSnCjAK528QVUYrcdJn5NZz1%2FBf9K0eFNmSl6BowXNLbt6JGzuuzBPvqJB8EXSzPm8APaKPcYPkYQTJeLKs%2BTdLa41%2B1eyDbqfZ50%2BFv1UPmwMRpwcvu7jwMH%2B%2Fi9zqEc84JYwMaDFoZh6Gt9M7tfnDQjNxv6I6mmxCxP1HyxrX5WkDlPrGqZF4IZnN%2Bfx%2FwaWkK%2BXeZCgBSTtygJHr9GQGu2oPlNdqoyIktugvjoxpQd%2F48ePMGOhIgVRrRT%2FkbCLEgf1pVGPqYpyAc3oyBgNc540dhmelxHpAA0XEIPlc5RZCsrj%2FOQvigCylhix2yUihugSYR10l2QIpSCgcLHWJS7OS%2Fu7JSX6m5qvHEq1BHegGn1CwVEtx2ZBLvWPFJQf9XFF8M0CtycrpQ%3D%3D
Connection: close
Content-Type: text/html; charset=UTF-8

hemment.se is on 103.224.212.198
ASN for 103.224.212.198: 133618
Abusix contact information: abuse@trellian.com (information only)
103.224.212.198 corresponds with lb-212-198.above.com
Abuse.net does not have any reliable address for lb-212-198.above.com
Abuse address not found in whois.
Best guess from abuse.net: abuse@above.com abuse@lb-212-198.above.com