Attacked url: http://sbi.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Wed, 08 Aug 2018 18:45:37 +0200

Visitors with referer are redirected to http://www.exam24.de/

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: sbi.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Aug 2018 16:45:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.6.36
Set-Cookie: ci_csrf_token=24479a3920ce4f32bd7044f52167ed4d; expires=Wed, 08-Aug-2018 18:45:37 GMT; Max-Age=7200; path=/
Set-Cookie: sbi_bf_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%224cf559e455919cd106d94b4ff697df02%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22195.74.38.101%22%3Bs%3A10%3A%22user_agent%22%3Bb%3A0%3Bs%3A13%3A%22last_activity%22%3Bi%3A1533739537%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D6db12d2753d73c6a1160b71df85bebcc; expires=Wed, 08-Aug-2018 18:45:37 GMT; Max-Age=7200; path=/
X-Loopia-Node: 172.22.223.52


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: sbi.se
Referer: http://www.google.com/search?q=sbi.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 08 Aug 2018 16:45:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.6.36
Location: http://www.exam24.de/
X-Loopia-Node: 172.22.223.52

sbi.se is on 93.188.2.51
ASN for 93.188.2.51: 39570
Abusix contact information: abuse@loopia.se (information only)
93.188.2.51 corresponds with webfront1.webcluster.loopia.se
Abuse.net has 1 reliable address(es) for loopia.se
Found address(es): abuse@loopia.se