Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=game.159.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://game.159.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://game.159.com/ | 200 OK Content-Length: 113344 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.159.com ...[2405 bytes skipped]... <DIV id="site-nav-bd"> <UL class="quick-menu UL" style="padding-left:0px; " > <LI class="menu-item nav10"> <DIV class=menu> <A class=menu-hd style="WIDTH: 60px" href="http://www.159.com/personal/index.aspx" target=_top rel=nofollow>ÎÒµÄÓ¦Óÿâ<B></B></A> <DIV class=menu-bd style="WIDTH: 98px; LINE-HEIGHT: 1.7; HEIGHT: 50px"> <DIV class=menu-bd-panel style="PADDING-RIGHT: 10px; PADDING-LEFT: 10px; PADDING-BOTTOM: 8px; PADDING-TOP: 8px"> ...[134242 bytes skipped]... | ||
http://game.159.com/js/9e3_search.js | 200 OK Content-Length: 1947 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: so.159.com ...[348 bytes skipped]... tyle.display = "none"; } function Change_Form(n) { for(var i=1;i<4;i++) { if(i==n) { GetId('searc_top_'+i).className='searc_top_'+i+i; } else { GetId('searc_top_'+i).className='searc_top_'+i; } } var f=document.serach; if(n==1) { f.action='http://so.159.com/Mobile.aspx'; GetId('keyword').value='ÇëÊäÈëÊÖ»úÐͺţ¬Èçŵ»ùÑÇE71£¬ÔòÊäÈëE71'; } else if(n==3) { f.action='http://so.159.com/weibo.aspx'; GetId('keyword').value='ÇëÊäÈëÓû§id»òÕßêdzƽøÐвéѯ'; } if(n!=2) { GetId('menu_list').style.display='none'; } } function show_menu2() { if(GetId('menu_list').style.display!='block') { GetId('menu_list').style.di ...[1039 bytes skipped]... | ||
http://game.159.com/js/BT.js | 200 OK Content-Length: 5666 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: www.159.com ...[3936 bytes skipped]... $("#deviceNamee").change(function() { var d = $(":selected", this); var g = d.attr("deviceid"); document.getElementById("systemlian").href ="http://www.159.com/appshop/appGame.aspx?MobleBrandTypeId="+g; }); }, complete: function() { ...[1317 bytes skipped]... | ||
http://game.159.com/js/AI_js.js | 200 OK Content-Length: 81102 Content-Type: application/x-javascript | clean |
http://game.159.com/NewJs/IndexJs/a.tbcdn.js | 200 OK Content-Length: 70549 Content-Type: application/x-javascript | clean |
http://game.159.com/NewJs/IndexJs/del.js | 200 OK Content-Length: 470 Content-Type: application/x-javascript | clean |
http://game.159.com/Lands/TopLeft.aspx | 200 OK Content-Length: 101 Content-Type: text/html | clean |
http://game.159.com/test404page.js | HTTP/1.1 302 Found Cache-Control: private Date: Sun, 06 Apr 2014 23:42:04 GMT Location: http://game.159.com/404.html?url=/test404page.js Server: Microsoft-IIS/7.5 Content-Length: 165 Content-Type: text/html; charset=gb2312 Set-Cookie: ASP.NET_SessionId=xx0rpb20o0ke2e45jhsceg55; path=/; HttpOnly X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET | clean |
http://game.159.com/404.html?url=/test404page.js | 200 OK Content-Length: 2648 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.159.com ...[637 bytes skipped]... > text-decoration: underline; } .STYLE1 {color: #FFFFFF} .STYLE2 { font-family: "ºÚÌå"; font-size: 18px; font-weight: bold; color: #FF0000; } --> </style> </head> <body> <div align="center"> <table width="474" border="0" cellpadding="0" cellspacing="0" class="box"> <tr> <td background="http://www.159.com/images/e_02.jpg"><table width="474" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="143"><div align="left"><a href="http://www.159.com"></a></div></td> <td width="331"><div align="left"><span class="STYLE1">·Ç³£±§Ç¸£¬ÄúÒª·ÃÎʵÄÒ³ÃæÎÞ·¨ÕÒµ½£¡</span></div></td> </tr> </table></td> </tr> < ...[1875 bytes skipped]... | ||
http://count11.51yes.com/click.aspx?id=116201287&logo=12 | 200 OK Content-Length: 1694 Content-Type: text/html | clean |
http://count11.51yes.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://game.159.com/NewAspx/indexAspx/GouWuChe.aspx | 200 OK Content-Length: 789 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.159.com document.write("<a href='http://www.159.com/NewAspx/ShopCart/Shop_cart.aspx' target='_top' rel='nofollow' class='menu-hd' id='mc-menu-hd' ><span class='mini-cart-line'></span><s></s>¹ºÎï³µ<span class='mc-count mc-pt3'>0</span>¼þ<b></b></a><div class='mini-cart-content menu-bd mini-cart-ready' role='menu' aria-hidden='true' id='menu-97' style=' width:170px;'><div style=' float:left; color:#3E3E3E; height:20px; width:1 ...[408 bytes skipped]... | ||
http://game.159.com/Lands/login.aspx | 200 OK Content-Length: 2509 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.159.com document.write("<form action='/Lands/check_ZhiDao.aspx' method='post' name='form2' ><div id='index_top_11'><div style='width:100%;float:left;'><div id='index_top_12'>LOGIN</div><div id='index_top_13'>µÇ½</div><div id='index_top_1300' style='font-size:12px; font-weight:normal;'><ul id='navigation'><li onMouseOver='displaySubMenu(this)' onmouseout='hideSubMenu(this)'> ÆäËüÕʺŵǼ <img src='http://www.159.com/img/1.gif' border='0' /><ul><li ><a href='http://www.159.com/t/Binding.aspx?action=SinaBind'><div style='background:url(http://www.159.com/img/3.gif) 5px no-repeat; height:24px; text-indent:30px; text-align:left; width:100px;'>ÐÂÀË΢²© </div></a></li><li><a href='http://www.159.com/t/Binding.aspx?action=QQBind'><div style='background:url(http://www.159.com/img/4.gif) 5px no-repeat ...[2026 bytes skipped]... | ||
http://game.159.com/Lands/Search_top1.aspx | 200 OK Content-Length: 2742 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: so.159.com ...[1704 bytes skipped]... v id='z8' style='padding-top:2px;padding-left:15px;cursor:pointer;' onMouseOver=\"this.style.background='#c9e2f8'\" onMouseOut=\"this.style.background='#fff'\" onClick=\"changeSelect('ÊÖ»ú¶ÌÐÅ','sms.aspx');\">ÊÖ»ú¶ÌÐÅ</div></div></div><div onclick=\"Change_Form(3)\"><div class=\"searc_top_3\" id=\"searc_top_3\" >΢²©Íõ</div></div><div class='searc_top_4' id='searc_top_4'><a href='http://so.159.com'>so.159.com</a></div></div><div class='searc_bottom'><form name='serach' method='get' action='http://so.159.com/Mobile.aspx' target='_blank'><div class='searc_bottom_1'><input type='text' id=\"keyword\" name=\"keyword\" style='color:#8e9193;font-size:12px;vertical-align:bottom;' onfocus =\"if(value!=''){value=''}\" class='search' value='ÇëÊäÈëÊÖ»úÐͺţ¬Èçŵ»ùÑÇE71£¬ÔòÊäÈëE71'/></div><div class='searc_bottom_2'><input type= ...[384 bytes skipped]... | ||
http://game.159.com/NewAspx/indexAspx/CheckLoing.aspx?Pag=3&brand=&type= | 200 OK Content-Length: 484 Content-Type: text/html | clean |
http://game.159.com/js/count.js | 200 OK Content-Length: 219 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<div style='display:none;'>");
document.write("<script src=' http://s137.cnzz.com/stat.php?id=1382900&web_id=1382900' language='JavaScript' charset='gb2312'></script>"); document.write("</div>"); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: game.159.com
Result:
HTTP/1.1 200 OK
Date: Sun, 06 Apr 2014 23:41:50 GMT
Accept-Ranges: bytes
ETag: "a3ebb8e2c22bcf1:0"
Server: Microsoft-IIS/7.5
Content-Length: 113344
Content-Type: text/html
Last-Modified: Mon, 17 Feb 2014 09:30:24 GMT
X-Powered-By: ASP.NET
...113344 bytes of data.
GET / HTTP/1.1
Host: game.159.com
Result:
HTTP/1.1 200 OK
Date: Sun, 06 Apr 2014 23:41:50 GMT
Accept-Ranges: bytes
ETag: "a3ebb8e2c22bcf1:0"
Server: Microsoft-IIS/7.5
Content-Length: 113344
Content-Type: text/html
Last-Modified: Mon, 17 Feb 2014 09:30:24 GMT
X-Powered-By: ASP.NET
...113344 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: game.159.com
Referer: http://www.google.com/search?q=game.159.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: game.159.com
Referer: http://www.google.com/search?q=game.159.com
Result:
The result is similar to the first query. There are no suspicious redirects found.