Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=203.157.45.99
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://203.157.45.99/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://203.157.45.99/ | HTTP/1.1 200 OK Date: Thu, 14 Aug 2014 12:23:18 GMT Accept-Ranges: bytes ETag: "8131b526edb1cf1:2701" Server: Microsoft-IIS/6.0 Content-Length: 50180 Content-Location: http://203.157.45.99/index.html Content-Type: text/html Last-Modified: Thu, 07 Aug 2014 03:10:33 GMT X-Powered-By: ASP.NET | clean |
http://203.157.45.99/index.html | 200 OK Content-Length: 50180 Content-Type: text/html | clean |
http://203.157.45.99/weloveourking_left.js | 200 OK Content-Length: 393 Content-Type: application/x-javascript | clean |
http://203.157.45.99/switchcontent.js | 200 OK Content-Length: 15183 Content-Type: application/x-javascript | clean |
http://www.norsorpor.com/news.php?category=1&n=20&showas=list&icon=http://203.157.45.99/file-ico.gif | 200 OK Content-Length: 14939 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 203.157.45.99 document.write('<ul style=" list-style-image: url(http://203.157.45.99/file-ico.gif); "><li><a href="http://www.norsorpor.com/m2123223/%E0%B9%81%E0%B8%AD%E0%B8%9B%E0%B9%80%E0%B8%9B%E0%B8%B4%E0%B9%89%E0%B8%A5%E0%B9%84%E0%B8%A1%E0%B9%88%E0%B9%84%E0%B8%94%E0%B9%89%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B9%81%E0%B8%9A%E0%B8%99%E0%B9%84%E0%B8%97%E0%B8%A2%E0%B8%88%E0%B8%B2%E0%B8%81%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%A7%E0%B8%B2%E0%B8%87%E0%B8%82%E0%B8%B2%E0%B8%A2%E0%B9%84%E0%B8%AD%E0%B9 ...[3616 bytes skipped]... | ||
http://www.norsorpor.com/m2123223/%E0%B9%81%E0%B8%AD%E0%B8%9B%E0%B9%80%E0%B8%9B%E0%B8%B4%E0%B9%89%E0%B8%A5%E0%B9%84%E0%B8%A1%E0%B9%88%E0%B9%84%E0%B8%94%E0%B9%89%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B8%81%E0%B8%B2%E0%B8%A8%E0%B9%81%E0%B8%9A%E0%B8%99%E0%B9%84%E0%B8%97%E0%B8%A2%E0%B8%88%E0%B8%B2%E0%B8%81%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%A7%E0%B8%B2%E0%B8%87%E0%B8%82%E0%B8%B2%E0%B8%A2%E0%B9%84%E0%B8%AD%E0%B9%82%E0%B8%9F%E0%B8%99 | HTTP/1.1 200 OK Connection: close Date: Thu, 14 Aug 2014 12:26:12 GMT Server: Cherokee Content-Type: text/html Set-Cookie: X-Mapping-fjhppofk=4F735781F0A1C98C53FBC2A878CCB5BE; path=/ X-Powered-By: PHP/5.3.3 | clean |
http://dailynews.co.th/content/foreign/259412/à¹à¸à¸à¹à¸à¸´à¹à¸¥à¹à¸¡à¹à¹à¸à¹à¸à¸£à¸°à¸à¸²à¸¨à¹à¸à¸à¹à¸à¸¢à¸à¸²à¸à¸à¸²à¸£à¸§à¸²à¸à¸à¸²à¸¢à¹à¸à¹à¸à¸ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://dailynews.co.th/test404page.js | 404 Not Found Content-Length: 15023 Content-Type: text/html | clean |
http://dailynews.co.th/common/js/jquery/jquery.js | 200 OK Content-Length: 50378 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/slide/jquery.flexslider.js | 200 OK Content-Length: 51826 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/easing/jquery.easing.js | 200 OK Content-Length: 8305 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/mousewheel/jquery.mousewheel.js | 200 OK Content-Length: 2483 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/scrollbar/tinyscrollbar.min.js | 200 OK Content-Length: 2952 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/scrollbar/jquery.custom-scrollbar.js | 200 OK Content-Length: 24058 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/pie/PIE_uncompressed.js | 200 OK Content-Length: 141196 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/tab/jquery.hashchange.js | 200 OK Content-Length: 1534 Content-Type: text/javascript | clean |
http://dailynews.co.th/common/js/plugin/tab/jquery.jtabs.0.1.js | 200 OK Content-Length: 3361 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 203.157.45.99
Result:
HTTP/1.1 200 OK
Date: Thu, 14 Aug 2014 12:23:18 GMT
Accept-Ranges: bytes
ETag: "8131b526edb1cf1:2701"
Server: Microsoft-IIS/6.0
Content-Length: 50180
Content-Location: http://203.157.45.99/index.html
Content-Type: text/html
Last-Modified: Thu, 07 Aug 2014 03:10:33 GMT
X-Powered-By: ASP.NET
...50180 bytes of data.
GET / HTTP/1.1
Host: 203.157.45.99
Result:
HTTP/1.1 200 OK
Date: Thu, 14 Aug 2014 12:23:18 GMT
Accept-Ranges: bytes
ETag: "8131b526edb1cf1:2701"
Server: Microsoft-IIS/6.0
Content-Length: 50180
Content-Location: http://203.157.45.99/index.html
Content-Type: text/html
Last-Modified: Thu, 07 Aug 2014 03:10:33 GMT
X-Powered-By: ASP.NET
...50180 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 203.157.45.99
Referer: http://www.google.com/search?q=203.157.45.99
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 203.157.45.99
Referer: http://www.google.com/search?q=203.157.45.99
Result:
The result is similar to the first query. There are no suspicious redirects found.