Attacked url: http://brannbornfastigheter.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Wed, 12 Apr 2017 11:35:27 +0200

Visitors with referer are redirected to http://tdsinto.com/binarse?keyword=&pill=

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: brannbornfastigheter.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 301 Moved Permanently
Date: Wed, 12 Apr 2017 09:35:26 GMT
Server: Apache
X-Pingback: http://www.brannbornfastigheter.se/xmlrpc.php
Location: http://www.brannbornfastigheter.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: brannbornfastigheter.se
Referer: http://www.google.com/search?q=brannbornfastigheter.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Moved Temporarily
Date: Wed, 12 Apr 2017 09:35:25 GMT
Server: Apache
Location: http://tdsinto.com/binarse?keyword=&pill=
Connection: close
Content-Type: text/html

brannbornfastigheter.se is on 89.221.250.7
ASN for 89.221.250.7: 1257
89.221.250.7 manually set to use abuse@aname.net