Attacked url: http://styrelsefolk.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Tue, 12 Sep 2017 23:50:03 +0200

Visitors with referer are redirected to http://www.doaat.com/download.php?pid=

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: styrelsefolk.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Content-Type: text/html
ETag: ""
Server: Microsoft-IIS/8.5
Set-Cookie: ASPSESSIONIDACDTACBQ=IKBLOKNDPMLFKPCGFOJCGLMK; path=/
X-Powered-By: ASP.NET
Date: Tue, 12 Sep 2017 21:50:03 GMT
Connection: close


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: styrelsefolk.se
Referer: http://www.google.com/search?q=styrelsefolk.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 159
Content-Type: text/html
ETag: ""
Location: http://www.doaat.com/download.php?pid=
Server: Microsoft-IIS/8.5
Set-Cookie: ASPSESSIONIDACDTACBQ=HKBLOKNDMKNEDHNOGKDMIFBD; path=/
X-Powered-By: ASP.NET
Date: Tue, 12 Sep 2017 21:49:33 GMT
Connection: close

styrelsefolk.se is on 93.90.145.83
ASN for 93.90.145.83: 35041
Abusix contact information: abuse@levonline.com (information only)
rDNS not found for 93.90.145.83
Found address in whois: abuse@levonline.com