Attacked url: http://annejunsjo.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Mon, 27 Jun 2016 17:33:11 +0200

Visitors with referer are redirected to http://secondtds.mooo.com/go.php?sid=3

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: annejunsjo.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Date: Mon, 27 Jun 2016 15:33:11 GMT
Server: Apache
Link: <http://annejunsjo.se/wp-json/>; rel="https://api.w.org/"
Link: <http://annejunsjo.se/>; rel=shortlink
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: annejunsjo.se
Referer: http://www.google.com/search?q=annejunsjo.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Jun 2016 15:33:11 GMT
Server: Apache
Location: http://secondtds.mooo.com/go.php?sid=3
Cache-Control: max-age=172800
Expires: Wed, 29 Jun 2016 15:33:11 GMT
Connection: close
Content-Type: text/html; charset=iso-8859-1

annejunsjo.se is on 89.221.250.22
ASN for 89.221.250.22: 1257
89.221.250.22 manually set to use abuse@aname.net