Attacked url: http://pvi.karolinanorstrom.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Thu, 18 Oct 2018 20:29:31 +0200

Visitors with referer are redirected to http://karolinanorstrom.se

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: pvi.karolinanorstrom.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 503 Service Temporarily Unavailable
Server: openresty/1.13.6.2
Date: Thu, 18 Oct 2018 18:29:30 GMT
Content-Type: text/html
Content-Length: 219
Connection: close


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: pvi.karolinanorstrom.se
Referer: http://www.google.com/search?q=pvi.karolinanorstrom.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Server: openresty/1.13.6.2
Date: Thu, 18 Oct 2018 18:29:30 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: http://karolinanorstrom.se
Cache-Control: no-cache
Set-Cookie: _undeveloped_session=VzYrcVl3ZXZMbkVkaUJhY0ZIcjU2ZlJQYXJ3MTNWVWgxVFNuZ1RNa0V1SEpyM1RJa0lyZjY1RHNIV2gvc3BTNDRLaktGNXBPT1hIWVNBYzdqa3dzRUkwZFg0Z29Bd09XMXRWalJpdFBSVmc9LS1FYzdCR0JHZE9KOU1yQnVhZ3p1bUJ3PT0%3D--9939c293e0dd7e2974d609d2e00c75cdd6de1ae0; path=/; HttpOnly
X-Request-Id: 3f365642-fba0-4c4e-9d33-e145c946c52b
X-Runtime: 0.003791

pvi.karolinanorstrom.se is on 52.58.78.16
ASN for 52.58.78.16: 16509
Abusix contact information: abuse@amazonaws.com (information only)
52.58.78.16 corresponds with ec2-52-58-78-16.eu-central-1.compute.amazonaws.com
Abuse.net has 1 reliable address(es) for amazonaws.com
Found address(es): abuse@amazonaws.com