Scanned pages/files
Request | Server response | Status |
http://flightforum.ch/ | HTTP/1.1 302 Found Connection: close Date: Tue, 03 Mar 2015 07:57:40 GMT Location: http://flightforum.ch/board/ Server: Apache Content-Length: 276 Content-Type: text/html; charset=iso-8859-1 | clean |
http://flightforum.ch/board/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 03 Mar 2015 07:57:41 GMT Pragma: no-cache Location: http://www.flightforum.ch/board/ Server: Apache Content-Length: 0 Content-Type: text/html;charset=UTF-8 Expires: Mon, 02 Mar 2015 07:57:41 GMT Set-Cookie: session_id=3b6d09a15690213251dd3c51b04fd14c; path=/; httponly X-Powered-By: PHP/5.3.27 X-Powered-By: PleskLin | clean |
http://www.flightforum.ch/board/ | 200 OK Content-Length: 97290 Content-Type: text/html | clean |
http://www.flightforum.ch/board/public/min/index.php?ipbv=ecbfaccf7a075d65597fdeccc4e1e83f&g=js | 200 OK Content-Length: 193732 Content-Type: application/x-javascript | clean |
http://www.flightforum.ch/board/public/min/index.php?ipbv=ecbfaccf7a075d65597fdeccc4e1e83f&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/4/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.board.js | 200 OK Content-Length: 132094 Content-Type: application/x-javascript | clean |
http://www.flightforum.ch/board/public/style_images/tctc91_glare/_custom/js/cookie.js | 200 OK Content-Length: 732 Content-Type: text/javascript | clean |
http://www.flightforum.ch/board/public/style_images/tctc91_glare/_custom/js/main.js | 200 OK Content-Length: 5271 Content-Type: text/javascript | clean |
http://flightforum.ch/board/index.php?/page/die_ils.html | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 03 Mar 2015 07:57:44 GMT Pragma: no-cache Location: http://www.flightforum.ch/board/index.php?/page/die_ils.html Server: Apache Content-Length: 0 Content-Type: text/html;charset=UTF-8 Expires: Mon, 02 Mar 2015 07:57:44 GMT Set-Cookie: session_id=991caf8df8941ac536da4275516e9656; path=/; httponly X-Powered-By: PHP/5.3.27 X-Powered-By: PleskLin | clean |
http://www.flightforum.ch/board/index.php?/page/die_ils.html | 200 OK Content-Length: 63935 Content-Type: text/html | clean |
http://www.flightforum.ch/board/public/min/index.php?ipbv=ecbfaccf7a075d65597fdeccc4e1e83f&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/4/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js | 200 OK Content-Length: 126010 Content-Type: application/x-javascript | clean |
http://flightforum.ch/board/index.php?/page/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 03 Mar 2015 07:57:45 GMT Pragma: no-cache Location: http://www.flightforum.ch/board/index.php?/page/ Server: Apache Content-Length: 0 Content-Type: text/html;charset=UTF-8 Expires: Mon, 02 Mar 2015 07:57:45 GMT Set-Cookie: session_id=5b716ea7df6072a223b2065ea8364260; path=/; httponly X-Powered-By: PHP/5.3.27 X-Powered-By: PleskLin | clean |
http://www.flightforum.ch/board/index.php?/page/ | 404 Not Found Content-Length: 27583 Content-Type: text/html | clean |
http://www.flightforum.ch/board/index.php?app=core&module=global§ion=login | 200 OK Content-Length: 29704 Content-Type: text/html | clean |
http://www.flightforum.ch/board/public/min/index.php?ipbv=ecbfaccf7a075d65597fdeccc4e1e83f&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/4/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.signin.js | 200 OK Content-Length: 126964 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var USE_RTE=0;var Debug={write:function(text){if(jsDebug&&!Object.isUndefined(window.console)){console.log(text);}},dir:function(values){if(jsDebug&&!Object.isUndefined(window.console)&&!Prototype.Browser.IE&&!Prototype.Browser.Opera){console.dir(values);}},error:function(text){if(jsDebug&&!Object.isUndefined(window.console)){console.error(text);}},warn:function(text){if(jsDebug&&!Object.isUndefined(window.console)){console.warn(text);}},info:funct else {$('live_signin').show();$('regular_signin').hide();} Event.stop(e);},validateLogin:function(e) {if(!ipb.signin.isFilled($('ips_username'))) {alert(ipb.lang['signin_nosigninname']);Event.stop(e);return;} if(!ipb.signin.isFilled($('ips_password'))) {alert(ipb.lang['signin_nopassword']);Event.stop(e);return;}},isFilled:function(obj) {if(!obj.value) {return false;} else {return true;}}};ipb.signin.init(); Antivirus reports:
| ||
http://www.flightforum.ch/board/index.php?app=core&module=global§ion=register | 200 OK Content-Length: 41201 Content-Type: text/html | clean |
http://www.flightforum.ch/board/public/min/index.php?ipbv=ecbfaccf7a075d65597fdeccc4e1e83f&charset=UTF-8&f=public/js/ipb.js,cache/lang_cache/4/ipb.lang.js,public/js/ips.hovercard.js,public/js/ips.quickpm.js,public/js/ips.register.js | 200 OK Content-Length: 130691 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var USE_RTE=0;var Debug={write:function(text){if(jsDebug&&!Object.isUndefined(window.console)){console.log(text);}},dir:function(values){if(jsDebug&&!Object.isUndefined(window.console)&&!Prototype.Browser.IE&&!Prototype.Browser.Opera){console.dir(values);}},error:function(text){if(jsDebug&&!Object.isUndefined(window.console)){console.error(text);}},warn:function(text){if(jsDebug&&!Object.isUndefined(window.console)){console.warn(text);}},info:funct catch(err){Debug.write(err);}},removeMessage:function(elem) {if(!$(elem)){return;} if($(elem.id+"_msg")) {$(elem.id+"_msg").remove();} $(elem).removeClassName('error').removeClassName('accept');}};ipb.register.init(); Antivirus reports:
| ||
http://www.google.com/recaptcha/api/challenge?k=6LcpWAMAAAAAAA4klDtDNuDH6LsGgBX5mBoJ3naK&hl=en | 200 OK Content-Length: 8595 Content-Type: text/javascript | clean |
http://www.flightforum.ch/board | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 07:57:48 GMT Location: http://www.flightforum.ch/board/ Server: Apache Content-Length: 308 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.flightforum.ch/test404page.js | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://www.flightforum.ch/board/index.php?/page/team.html | 200 OK Content-Length: 37972 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: flightforum.ch
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 03 Mar 2015 07:57:40 GMT
Location: http://flightforum.ch/board/
Server: Apache
Content-Length: 276
Content-Type: text/html; charset=iso-8859-1
...276 bytes of data.
GET / HTTP/1.1
Host: flightforum.ch
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 03 Mar 2015 07:57:40 GMT
Location: http://flightforum.ch/board/
Server: Apache
Content-Length: 276
Content-Type: text/html; charset=iso-8859-1
...276 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: flightforum.ch
Referer: http://www.google.com/search?q=flightforum.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: flightforum.ch
Referer: http://www.google.com/search?q=flightforum.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=flightforum.ch
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://flightforum.ch/
Result: flightforum.ch is not infected or malware details are not published yet.
Result: flightforum.ch is not infected or malware details are not published yet.