Attacked url: http://brannborn.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Wed, 12 Apr 2017 15:03:28 +0200

Visitors with referer are redirected to http://tdsinto.com/binarse?keyword=&pill=

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: brannborn.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 301 Moved Permanently
Date: Wed, 12 Apr 2017 13:03:25 GMT
Server: Apache
X-Pingback: http://www.brannbornfastigheter.se/xmlrpc.php
Location: http://www.brannbornfastigheter.se/
Connection: close
Content-Type: text/html; charset=UTF-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: brannborn.se
Referer: http://www.google.com/search?q=brannborn.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Moved Temporarily
Date: Wed, 12 Apr 2017 13:03:25 GMT
Server: Apache
Location: http://tdsinto.com/binarse?keyword=&pill=
Connection: close
Content-Type: text/html

brannborn.se is on 89.221.250.7
ASN for 89.221.250.7: 1257
89.221.250.7 manually set to use abuse@aname.net