Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pokemon-triforce.fr.cr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pokemon-triforce.fr.cr/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://pokemon-triforce.fr.cr/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 28 Feb 2015 03:51:14 GMT Pragma: no-cache Location: http://www.pokemon-triforce.fr.cr/index.html Server: Apache/2.2.22 Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=534uh7vrlvo9lubdmiqm0l5q7l1jdgjb; path=/; domain=pokemon-triforce.fr.cr Status: 301 Moved Permanently X-Powered-By: PHP/5.3.10-1ubuntu3.16 | clean |
http://www.pokemon-triforce.fr.cr/index.html | 200 OK Content-Length: 10809 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/forum/post_fct.js | 404 Not Found Content-Length: 7334 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/site/index.html | 200 OK Content-Length: 10809 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/membre/index.html | 200 OK Content-Length: 6958 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/jeux/index.html | 200 OK Content-Length: 7301 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/forum/index.html | 200 OK Content-Length: 20499 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/forum/global_fct.js | 404 Not Found Content-Length: 7334 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/suivi/ | 200 OK Content-Length: 20645 Content-Type: text/html | clean |
http://www.pokemon-triforce.fr.cr/suivi/javascript/prototype/prototype.js | 200 OK Content-Length: 126127 Content-Type: application/javascript | clean |
http://www.pokemon-triforce.fr.cr/suivi/javascript/script.aculo.us/scriptaculous.js | 200 OK Content-Length: 2578 Content-Type: application/javascript | clean |
http://www.pokemon-triforce.fr.cr/suivi/javascript/index.js | 200 OK Content-Length: 2791 Content-Type: application/javascript | clean |
http://www.pokemon-triforce.fr.cr/suivi/javascript/tabs.js | 200 OK Content-Length: 3834 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addEvent(window, "load", initTabs); function addEvent(elm, evType, fn, useCapture) { if (elm.addEventListener){ elm.addEventListener(evType, fn, useCapture); return true; } else if (elm.attachEvent){ var r = elm.attachEvent("on"+evType, fn); return r; } else { alert("Handler could not be removed"); } } var _TAB_DIVS; function showTabById(tabid, noEval) { var divs = document.getElementsByTagName('div'); va if (history) { addEvent(history,'click',uglyHistoryCommentFix); } } function uglyHistoryCommentFix(e) { var target = e.target || window.event.srcElement; if ('A' == target.nodeName) { var re= /#comments/; if (re.test(target.href)) { showTabById('comments'); } } var history = document.getElementById('history'); if (history) { addEvent(history,'click',uglyHistoryCommentFix); } } Antivirus reports:
| ||
http://www.pokemon-triforce.fr.cr/suivi/javascript/functions.js | 200 OK Content-Length: 15892 Content-Type: application/javascript | clean |
http://www.pokemon-triforce.fr.cr/suivi/javascript/jscalendar/calendar_stripped.js | 200 OK Content-Length: 34315 Content-Type: application/javascript | clean |
http://www.pokemon-triforce.fr.cr/suivi/javascript/jscalendar/calendar-setup_stripped.js | 200 OK Content-Length: 4938 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pokemon-triforce.fr.cr
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 28 Feb 2015 03:51:14 GMT
Pragma: no-cache
Location: http://www.pokemon-triforce.fr.cr/index.html
Server: Apache/2.2.22
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=534uh7vrlvo9lubdmiqm0l5q7l1jdgjb; path=/; domain=pokemon-triforce.fr.cr
Status: 301 Moved Permanently
X-Powered-By: PHP/5.3.10-1ubuntu3.16
...0 bytes of data.
GET / HTTP/1.1
Host: pokemon-triforce.fr.cr
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 28 Feb 2015 03:51:14 GMT
Pragma: no-cache
Location: http://www.pokemon-triforce.fr.cr/index.html
Server: Apache/2.2.22
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=534uh7vrlvo9lubdmiqm0l5q7l1jdgjb; path=/; domain=pokemon-triforce.fr.cr
Status: 301 Moved Permanently
X-Powered-By: PHP/5.3.10-1ubuntu3.16
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pokemon-triforce.fr.cr
Referer: http://www.google.com/search?q=pokemon-triforce.fr.cr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pokemon-triforce.fr.cr
Referer: http://www.google.com/search?q=pokemon-triforce.fr.cr
Result:
The result is similar to the first query. There are no suspicious redirects found.