Attacked url: http://mybill.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Thu, 23 Mar 2017 01:03:37 +0100

Visitors with referer are redirected to http://medical-brothers.com/

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: mybill.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2017 00:03:42 GMT
Server: Apache/2.2.11 (Unix) mod_mono/2.4
X-Pingback: http://mybill.se/xmlrpc.php
Set-Cookie: wc_session_cookie_b4e80a7cb212c99c50967110c99e3419=3u3z9wE6i5RXShb8sXGVQX5DIiaIXRhM%7C%7C1490400222%7C%7C1490396622%7C%7C4b9d6546b8c24fbcb23adcb1bf5f6099; expires=Sat, 25-Mar-2017 00:03:42 GMT; path=/; httponly
Set-Cookie: woocommerce_items_in_cart=0; expires=Wed, 22-Mar-2017 23:03:42 GMT; path=/
Set-Cookie: woocommerce_cart_hash=0; expires=Wed, 22-Mar-2017 23:03:42 GMT; path=/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: mybill.se
Referer: http://www.google.com/search?q=mybill.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Mar 2017 00:03:42 GMT
Server: Apache/2.2.11 (Unix) mod_mono/2.4
Location: http://medical-brothers.com/
Connection: close
Content-Type: text/html; charset=iso-8859-1

mybill.se is on 83.168.226.230
ASN for 83.168.226.230: 35041
Abusix contact information: abuse@crystone.se (information only)
83.168.226.230 corresponds with pemlinweb09.crystone.net
Abuse.net has 1 reliable address(es) for crystone.net
Found address(es): abuse@crystone.net