Attacked url: http://www.ralphilauren.se/ralph-lauren-stora-pony-usa-sjunker-tillbaka-svart-dunjacka-p-51.html
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Mon, 16 Jun 2014 07:55:00 +0200

Visitors with referer are redirected to http://www.goodsellwholesaler.com

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: www.ralphilauren.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Date: Mon, 16 Jun 2014 05:54:58 GMT
Server: Apache
Set-Cookie: cookie_test=please_accept_for_session; expires=Wed, 16-Jul-2014 05:54:58 GMT; path=/; domain=www.ralphilauren.se
Set-Cookie: USERID=twotime; path=/
Connection: close
Content-Type: text/html; charset=utf-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: www.ralphilauren.se
Referer: http://www.google.com/search?q=www.ralphilauren.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Moved Temporarily
Date: Mon, 16 Jun 2014 05:54:56 GMT
Server: Apache
Set-Cookie: cookie_test=please_accept_for_session; expires=Wed, 16-Jul-2014 05:54:57 GMT; path=/; domain=www.ralphilauren.se
Set-Cookie: USERID=shine-check; path=/
Location: http://www.goodsellwholesaler.com
Connection: close
Content-Type: text/html; charset=utf-8

www.ralphilauren.se is on 31.222.207.191
ASN for 31.222.207.191: 0
Abusix contact information: abuses@idear4business.net (information only)
rDNS not found for 31.222.207.191
Found address in whois: abuses@idear4business.net