Attacked url: http://svensberg.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Wed, 09 Nov 2016 14:43:03 +0100

Visitors with referer are redirected to http://kristasaidyes.com/zamf.html?h=1578074

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: svensberg.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Server: nginx/1.10.1
Date: Wed, 09 Nov 2016 13:43:03 GMT
Content-Type: text/html
Content-Length: 382
Connection: close
Vary: X-Forwarded-For
Last-Modified: Fri, 30 Aug 2013 13:23:24 GMT
ETag: "524e095-17e-4e52a2088a2d8"
Accept-Ranges: bytes
Cache-Control: max-age=1209600
Expires: Wed, 23 Nov 2016 13:43:03 GMT


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: svensberg.se
Referer: http://www.google.com/search?q=svensberg.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Server: nginx/1.10.1
Date: Wed, 09 Nov 2016 13:43:03 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: close
Location: http://kristasaidyes.com/zamf.html?h=1578074
Cache-Control: max-age=1209600
Expires: Wed, 23 Nov 2016 13:43:03 GMT

svensberg.se is on 194.9.94.235
ASN for 194.9.94.235: 39570
Abusix contact information: abuse@loopia.se (information only)
194.9.94.235 corresponds with s370.loopia.se
Abuse.net has 1 reliable address(es) for loopia.se
Found address(es): abuse@loopia.se