Scanned pages/files
Request | Server response | Status |
http://airtranu.info/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 18 Sep 2014 22:12:31 GMT Location: http://www.airtran.com/Home.aspx Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.airtran.com/home.aspx | 200 OK Content-Length: 59202 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random()+""; var a = axel * 10000000000000; document.write('<iframe src="http://fls.doubleclick.net/activityi;src=1646434;type=airtr661;cat=flhom128;ord=1;num='+ a + '?" width="1" height="1" frameborder="0" style="position:absolute;"></iframe>'); Antivirus reports:
| ||
http://www.airtran.com/common/scripts/at_global.js | 200 OK Content-Length: 5404 Content-Type: application/x-javascript | clean |
http://airtranu.info/common/scripts/openWin.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 18 Sep 2014 22:12:34 GMT Location: http://www.airtran.com/Home.aspx Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.airtran.com/test404page.js | 200 OK Content-Length: 9856 Content-Type: text/html | clean |
http://www.airtran.com/Common/scripts/at_global.js | 200 OK Content-Length: 5404 Content-Type: application/x-javascript | clean |
https://www.aplusrewards.com/common/scripts/gcs.js | 200 OK Content-Length: 1425 Content-Type: application/x-javascript | clean |
http://www.airtran.com/common/scripts/s_code_config.js | 200 OK Content-Length: 113 Content-Type: application/x-javascript | clean |
http://www.airtran.com/common/scripts/s_code.js | 200 OK Content-Length: 48916 Content-Type: application/x-javascript | clean |
http://www.airtran.com/common/scripts/MotionPoint.js | 200 OK Content-Length: 1789 Content-Type: application/x-javascript | clean |
http://www.airtran.com/Common/HitBox/environment.js | 200 OK Content-Length: 416 Content-Type: application/x-javascript | clean |
http://www.airtran.com/Common/HitBox/hbx_page_code_redesign.js | 200 OK Content-Length: 2552 Content-Type: application/x-javascript | clean |
http://www.airtran.com/Common/HitBox/hbx.js | 200 OK Content-Length: 14097 Content-Type: application/x-javascript | clean |
http://www.airtran.com/partners.htmlcontent | 200 OK Content-Length: 9856 Content-Type: text/html | clean |
http://www.airtran.com/travel-agents/travel_agents_program_benefits.aspx | 200 OK Content-Length: 11145 Content-Type: text/html | clean |
http://www.airtran.com/travel-agents/ | 403 Forbidden Content-Length: 218 Content-Type: text/html | clean |
http://www.airtran.com/help.aspx | 200 OK Content-Length: 11414 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: airtranu.info
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 22:12:31 GMT
Location: http://www.airtran.com/Home.aspx
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
GET / HTTP/1.1
Host: airtranu.info
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 22:12:31 GMT
Location: http://www.airtran.com/Home.aspx
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: airtranu.info
Referer: http://www.google.com/search?q=airtranu.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: airtranu.info
Referer: http://www.google.com/search?q=airtranu.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=airtranu.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://airtranu.info/
Result: airtranu.info is not infected or malware details are not published yet.
Result: airtranu.info is not infected or malware details are not published yet.