Attacked url: http://balsjomaskin.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Tue, 09 Oct 2018 05:42:17 +0200

Visitors with referer are redirected to http://www.serverjump.com/jump.aspx?jumpid=0sichm

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: balsjomaskin.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16712
Content-Type: text/html
Server: Microsoft-IIS/10.0
Set-Cookie: unikTry=bes%F6k; expires=Thu, 08-Nov-2018 23:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDCACQDCQB=EEBLMBBCCOGOHMANHFCOCHGH; path=/
Date: Tue, 09 Oct 2018 03:42:16 GMT
Connection: close


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: balsjomaskin.se
Referer: http://www.google.com/search?q=balsjomaskin.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 301 Moved Permanently
Content-Length: 172
Content-Type: text/html; charset=UTF-8
Location: http://www.serverjump.com/jump.aspx?jumpid=0sichm
Server: Microsoft-IIS/10.0
Date: Tue, 09 Oct 2018 03:42:15 GMT
Connection: close

balsjomaskin.se is on 81.95.105.71
ASN for 81.95.105.71: 25234
Abusix contact information: abuse@active24.cz (information only)
81.95.105.71 corresponds with iis105.windows.loopia.com
Abuse.net does not have any reliable address for iis105.windows.loopia.com
Found address in whois: abuse@active24.cz