Attacked url: http://tip-tops.se/
Attack type: SERP-hijacking (see http://ikyon.com/attack-types/ for description)
Attack detected Thu, 07 Sep 2017 12:43:33 +0200

Visitors with referer are redirected to http://islas.co.uk/college/image/

HTTP traffic without referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: tip-tops.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Sep 2017 10:43:33 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Server: Apache/2.2.3 (CloudLinux)
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=el7g5cv0m2lbcqa41ek5eqk100; path=/
Location: http://www.tip-tops.se/
X-TAProxy: proxy-web-dyn-04


HTTP traffic with referer:
HTTP headers sent:
HEAD / HTTP/1.1
Host: tip-tops.se
Referer: http://www.google.com/search?q=tip-tops.se
Connection: Close

HTTP headers recieved:
HTTP/1.1 302 Moved Temporarily
Date: Thu, 07 Sep 2017 10:43:33 GMT
Content-Type: text/html
Connection: close
Server: Apache/2.2.3 (CloudLinux)
X-Powered-By: PHP/5.3.3
Location: http://islas.co.uk/college/image/
X-TAProxy: proxy-web-dyn-04

tip-tops.se is on 195.128.174.138
ASN for 195.128.174.138: 31027
Abusix contact information: abuse@talkactive.net (information only)
195.128.174.138 corresponds with web38.talkactive.net
Abuse.net has 2 reliable address(es) for talkactive.net
Found address(es): abuse@talkactive.net abuse@webpartner.dk