Scanned pages/files
Request | Server response | Status |
http://satgeo.com/ | 200 OK Content-Length: 11014 Content-Type: text/html | clean |
http://satgeo.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8029 Content-Type: application/javascript | clean |
http://satgeo.com/index.php | 200 OK Content-Length: 11014 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=22 | 200 OK Content-Length: 11547 Content-Type: text/html | clean |
http://satgeo.com/SpryAssets/SpryMenuBar.js | 200 OK Content-Length: 9732 Content-Type: application/javascript | clean |
http://satgeo.com/principal.php?id=1 | 200 OK Content-Length: 12082 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=25 | 200 OK Content-Length: 8687 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=26 | 200 OK Content-Length: 8675 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=21 | 200 OK Content-Length: 9372 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY POMAK ...[9714 bytes skipped]... ns-serif; border:0; padding:0 0 0 12px; margin:0 0 0 0;"> Descargas</p> <p align="left" style="padding:0 0 0 12px; margin: 0 0 10px 0px;font-weight:bold; "> <img style=" margin-bottom:-3px;" align="absbottom" src="images/descarga.gif" /> <a href="admin/paginas/upload/<h1>HACKED BY POMAK" style="text-decoration:none; color:#0066CC; font:Arial, Helvetica, sans-serif; " target="_blank">Archivo 1 </a></p> <!-- END --> </div> <!--------------------------------------------------------------------------------------------> </div> ...[719 bytes skipped]... | ||
http://satgeo.com/principal.php?id=2 | 200 OK Content-Length: 10309 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=23 | 200 OK Content-Length: 12478 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=3 | 200 OK Content-Length: 10186 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=4 | 200 OK Content-Length: 9007 Content-Type: text/html | clean |
http://satgeo.com/principal.php?id=5 | 200 OK Content-Length: 9241 Content-Type: text/html | clean |
http://satgeo.com/?id=5 | 200 OK Content-Length: 11014 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: satgeo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 22 Nov 2014 20:27:08 GMT
Server: nginx/1.6.2
Content-Length: 11014
Content-Type: text/html
...11014 bytes of data.
GET / HTTP/1.1
Host: satgeo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 22 Nov 2014 20:27:08 GMT
Server: nginx/1.6.2
Content-Length: 11014
Content-Type: text/html
...11014 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: satgeo.com
Referer: http://www.google.com/search?q=satgeo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: satgeo.com
Referer: http://www.google.com/search?q=satgeo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=satgeo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://satgeo.com/
Result: satgeo.com is not infected or malware details are not published yet.
Result: satgeo.com is not infected or malware details are not published yet.