Scanned pages/files
| Request | Server response | Status |
http://kssgroup.co.za/ | 200 OK Content-Length: 20973 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Shooter <div id="primary" class="site-content"> <div id="content" role="main"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <meta name="Hacked by Shooter" content="Hacked by Shooter" /> <meta name="publisher" content="Jimmy Haxor" /> <link href="http://s.myniceprofile.com/myspacepic/1/th/152.gif" rel="SHORTCUT ICON"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Hacked by Shooter</title> ...[25348 bytes skipped]... | ||
http://kssgroup.co.za//go.pub2srv.com/apu.php?zoneid=16780/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 17 Jul 2015 08:57:08 GMT Pragma: no-cache Location: http://kssgroup.co.za/go.pub2srv.com/apu.php?zoneid=16780/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=f5730719400ab7dc792b2d7eb2dbe841; path=/ X-Powered-By: PHP/5.4.28 | clean |
http://kssgroup.co.za/go.pub2srv.com/apu.php?zoneid=16780/ | 404 Not Found Content-Length: 12377 Content-Type: text/html | clean |
http://kssgroup.co.za//1phads.com/notice.php?p=16781&interactive=1&pushup=1/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 17 Jul 2015 08:57:10 GMT Pragma: no-cache Location: http://kssgroup.co.za/1phads.com/notice.php?p=16781&interactive=1&pushup=1/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=a9243b51e75e7635aded7710a9950319; path=/ X-Powered-By: PHP/5.4.28 | clean |
http://kssgroup.co.za/1phads.com/notice.php?p=16781&interactive=1&pushup=1/ | 404 Not Found Content-Length: 12377 Content-Type: text/html | clean |
http://kssgroup.co.za/test404page.js | 404 Not Found Content-Length: 12377 Content-Type: text/html | clean |
http://kssgroup.co.za/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://kssgroup.co.za/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kssgroup.co.za
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 17 Jul 2015 08:57:06 GMT
Pragma: no-cache
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://kssgroup.co.za/>; rel=shortlink
Set-Cookie: PHPSESSID=bdd8c0e3890a7cb4cfe12d5522f07404; path=/
X-Powered-By: PHP/5.4.28
GET / HTTP/1.1
Host: kssgroup.co.za
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 17 Jul 2015 08:57:06 GMT
Pragma: no-cache
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://kssgroup.co.za/>; rel=shortlink
Set-Cookie: PHPSESSID=bdd8c0e3890a7cb4cfe12d5522f07404; path=/
X-Powered-By: PHP/5.4.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: kssgroup.co.za
Referer: http://www.google.com/search?q=kssgroup.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kssgroup.co.za
Referer: http://www.google.com/search?q=kssgroup.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kssgroup.co.za
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kssgroup.co.za/
Result: kssgroup.co.za is not infected or malware details are not published yet.
Result: kssgroup.co.za is not infected or malware details are not published yet.