Attacked url: http://www.ralphilauren.se/ralph-lauren-pony-duk-gul-apelsin-handväska-p-261.html
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Wed, 02 Jul 2014 14:47:32 +0200

Visitors with referer are redirected to http://www.goodsellwholesaler.com

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: www.ralphilauren.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Date: Wed, 02 Jul 2014 12:47:30 GMT
Server: Apache
Set-Cookie: cookie_test=please_accept_for_session; expires=Fri, 01-Aug-2014 12:47:30 GMT; path=/; domain=www.ralphilauren.se
Set-Cookie: USERID=twotime; path=/
Connection: close
Content-Type: text/html; charset=utf-8


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: www.ralphilauren.se
Referer: http://www.google.com/search?q=www.ralphilauren.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Moved Temporarily
Date: Wed, 02 Jul 2014 12:47:29 GMT
Server: Apache
Set-Cookie: cookie_test=please_accept_for_session; expires=Fri, 01-Aug-2014 12:47:29 GMT; path=/; domain=www.ralphilauren.se
Set-Cookie: USERID=shine-check; path=/
Location: http://www.goodsellwholesaler.com
Connection: close
Content-Type: text/html; charset=utf-8

www.ralphilauren.se is on 31.222.207.191
ASN for 31.222.207.191: 0
Abusix contact information: abuses@idear4business.net (information only)
rDNS not found for 31.222.207.191
Found address in whois: abuses@idear4business.net