Scanned pages/files
Request | Server response | Status |
http://human.tru.ac.th/ | HTTP/1.1 200 OK Connection: close Date: Fri, 03 Oct 2014 20:53:21 GMT Accept-Ranges: bytes ETag: "395063d-524-8a8eff80" Server: Apache/2.2.3 (CentOS) Content-Length: 1316 Content-Type: text/html; charset=UTF-8 Last-Modified: Wed, 04 Dec 2013 02:55:10 GMT | clean |
http://human.tru.ac.th/2013 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 03 Oct 2014 20:53:22 GMT Location: http://human.tru.ac.th/2013/ Server: Apache/2.2.3 (CentOS) Content-Length: 316 Content-Type: text/html; charset=iso-8859-1 | clean |
http://human.tru.ac.th/2013/ | 200 OK Content-Length: 100561 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var start = new Date(); var startsec = start.getTime(); var num = 0; for( var i = 0; i < 250000; i++ ) { num++; } var stop = new Date(); var stopsec = stop.getTime(); var loadtime = ( stopsec - startsec ) / 1000; function checkAll(field) { for(i = 0; i < field.elements.length; i++) field[i].checked = true ; } function uncheckAll(field) { for(i = 0; i < field.elements.length; i++) field[i]. if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_swapImage() { var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3) if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];} } function MM_displayStatusMsg(msgStr) { status=msgStr; document.MM_returnValue = true; } Antivirus reports:
| ||
http://human.tru.ac.th/2013/highslide/highslide.js | 200 OK Content-Length: 45234 Content-Type: application/x-javascript | clean |
http://human.tru.ac.th/highslide/highslide-html.js | 404 Not Found Content-Length: 305 Content-Type: text/html | clean |
http://human.tru.ac.th/test404page.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://human.tru.ac.th/js/jquery.min.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://human.tru.ac.th/js/datepicker.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://human.tru.ac.th/js/java.js | 404 Not Found Content-Length: 288 Content-Type: text/html | clean |
http://human.tru.ac.th/js/autocomplete.js | 404 Not Found Content-Length: 296 Content-Type: text/html | clean |
http://human.tru.ac.th/js/Style_event.js | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://human.tru.ac.th/js/Style_cookie.js | 404 Not Found Content-Length: 296 Content-Type: text/html | clean |
http://human.tru.ac.th/js/Style_size.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://human.tru.ac.th/js/Set_text.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://human.tru.ac.th/modules/randomimg/contentslider.js | 404 Not Found Content-Length: 312 Content-Type: text/html | clean |
http://human.tru.ac.th/js/fullcalendar/jquery-ui-1.8.23.custom.min.js | 404 Not Found Content-Length: 324 Content-Type: text/html | clean |
http://human.tru.ac.th/js/fullcalendar/fullcalendar.min.js | 404 Not Found Content-Length: 313 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: human.tru.ac.th
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 20:53:21 GMT
Accept-Ranges: bytes
ETag: "395063d-524-8a8eff80"
Server: Apache/2.2.3 (CentOS)
Content-Length: 1316
Content-Type: text/html; charset=UTF-8
Last-Modified: Wed, 04 Dec 2013 02:55:10 GMT
...1316 bytes of data.
GET / HTTP/1.1
Host: human.tru.ac.th
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 20:53:21 GMT
Accept-Ranges: bytes
ETag: "395063d-524-8a8eff80"
Server: Apache/2.2.3 (CentOS)
Content-Length: 1316
Content-Type: text/html; charset=UTF-8
Last-Modified: Wed, 04 Dec 2013 02:55:10 GMT
...1316 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: human.tru.ac.th
Referer: http://www.google.com/search?q=human.tru.ac.th
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: human.tru.ac.th
Referer: http://www.google.com/search?q=human.tru.ac.th
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=human.tru.ac.th
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://human.tru.ac.th/
Result: human.tru.ac.th is not infected or malware details are not published yet.
Result: human.tru.ac.th is not infected or malware details are not published yet.