New scan:

Malware Scanner report for ygsdh.in

Malicious/Suspicious/Total urls checked
3/2/14
5 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "ygsdh.in" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ygsdh.in

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.ygsdh.in/
HTTP/1.1 200 OK
Date: Thu, 29 Jan 2015 21:56:23 GMT
Accept-Ranges: bytes
ETag: "b0d9b88b8034d01:1039"
Server: Microsoft-IIS/6.0
Content-Length: 73079
Content-Location: http://www.ygsdh.in/index.htm
Content-Type: text/html
Last-Modified: Tue, 20 Jan 2015 07:13:09 GMT
X-Powered-By: ASP.NET
clean
http://www.ygsdh.in/index.htm
200 OK
Content-Length: 73079
Content-Type: text/html
suspicious
Page code contains blacklisted domain: www.hrsdh.in

...[982 bytes skipped]...
MARGINWIDTH="0" onload="ShowConfirmClose(true);">
<div style="display:none"><script src="http://s5.cnzz.com/stat.php?id=5721250&web_id=5721250" language="JavaScript"></script></div>




<div class="wrapper">

<table cellspacing=0 cellpadding=0 width="890" height="25" border=0 bgColor=#E2F0FF>
<tr>
<SCRIPT type=text/javascript src="http://www.hrsdh.in/ads1.js"></SCRIPT>
<SCRIPT type=text/javascript src="http://www.hrsdh.in/duilian.js"></SCRIPT>


<td align="center"> <font color=#ff0000>&nbsp;&nbsp;最新地址:<b style="color:#000;background:#ffff66">www.ygsdh.in</b> &nbsp;&nbsp;<font color="#9900FF">嚴查刷量高質量成人網址導航 一个色導航 收錄要求滿足10IP來路!不在壹味的追求高流量,IP高質量才是我們ç”
...[3097 bytes skipped]...

http://s5.cnzz.com/stat.php?id=5721250&web_id=5721250
200 OK
Content-Length: 10071
Content-Type: application/javascript
clean
http://www.hrsdh.in/ads1.js
200 OK
Content-Length: 1796
Content-Type: application/x-javascript
clean
http://www.hrsdh.in/duilian.js
200 OK
Content-Length: 2762
Content-Type: application/x-javascript
malicious
Malicious code found. Script contains blacklisted domain: www.400cao.com

...[432 bytes skipped]...
"ALayer1").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px";
document.getElementById("ALayer2").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px";

lastScrollY=lastScrollY+percent;
}
suspendcode12="<DIV id=\"ALayer1\" style=\'left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);\'><div align=left></div><a title=\"\"href=\"http://www.400cao.com/about.html\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/guanggao.png\"></a><br /><a title=\"\"href=\"http://www.55xv.com\" target=\"_blank\"><img width=200 height=250 src=\"http://www.hrsdh.in/duilian.jpg\"></a><br /><a title=\"\"href=\"http://www.0011mt.com/?Intr=204608\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/meng.gif\"></a><br /><a title=\"\"href=\"h
...[1732 bytes skipped]...

Decoded script:


heartBeat()
heartBeat()
/*** called setInterval with heartBeat(), 1 */
<DIV id="ALayer1" style='left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);'><div align=left></div><a title=""href="http://www.400cao.com/about.html" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/guanggao.png"></a><br /><a title=""href="http://www.55xv.com" target="_blank"><img width=200 height=250 src="http://www.hrsdh.in/duilian.jpg"></a><br /><a title=""href="http://www.0011mt.com/?Intr=204608" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/meng.gif"></a><br />&l
...[1104 bytes skipped]...

http://www.ygsdh.in/tan.js
200 OK
Content-Length: 465
Content-Type: application/x-javascript
malicious
Malicious code found. Script contains blacklisted domain: www.66ml.in

var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6";

function ext() {
if(window.event.clientY<132 || altKey) iie.launchURL(popURL);
}

function brs() {
document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>";
}


var popURL = 'http://www.66ml.in';
eval("window.attachEvent('onload',brs);");
eval("window.attachEvent('onunload',ext);");

Decoded script:


window.attachEvent('onload',brs);
window.attachEvent('onload',brs);
function brs() {
document.body.innerHTML += "<object id=iie width=0 height=0 classid='CLSID:" + u + "'></object>";
}
window.attachEvent('onunload',ext);
window.attachEvent('onunload',ext);
function ext() {
if (window.event.clientY < 132 || altKey) {
iie.launchURL(popURL);
}
}

http://www.hrsdh.in/you.js
200 OK
Content-Length: 315
Content-Type: application/x-javascript
malicious
Malicious code found. Script contains blacklisted domain: www.66ml.in

document.writeln("<script type=\"text/javascript\">");
document.writeln("banner4_iframe=null;");
document.writeln("banner4_ifrv=0;");
document.writeln("banner4_iframe=window.open(\'http://www.66ml.in',\'_blank\');");
document.writeln("if(banner4_iframe!=null)banner4_ifrv=1;");
document.writeln("</script>");

Decoded script:


banner4_iframe=null;
banner4_ifrv=0;
banner4_iframe=window.open('http://www.66ml.in','_blank');
if(banner4_iframe!=null)banner4_ifrv=1;

http://www.hrsdh.in/zuo.js
200 OK
Content-Length: 788
Content-Type: application/x-javascript
clean
http://www.hrsdh.in/ads2.js
200 OK
Content-Length: 1203
Content-Type: application/x-javascript
clean
http://www.hrsdh.in/ads3.js
200 OK
Content-Length: 651
Content-Type: application/x-javascript
clean
http://www.ygsdh.in/link.html
200 OK
Content-Length: 12958
Content-Type: text/html
suspicious
Page code contains blacklisted domain: www.aavvss.com

...[1719 bytes skipped]...
;a href="http://www.90sldh.in" target="_blank">www.90sldh.in</a>&nbsp;&nbsp;&nbsp;(&nbsp;M×ã50IP¼´¿ÉÊÕä›&nbsp;)&nbsp;&nbsp;(&nbsp;<font color="#FF0000">ÐèÊÖ¶¯Ìá½»ÍøÖ·´ïµ½IPÒªÇó¼´¿ÉÊÕ¼</font>)</font></tr></TD>
<tr bgcolor="#9999990">
<TD class=sss vAlign=top bgColor=#000000><font color=#ffffff>AvsÉ«Œ§º½ÊÕ䛘Ë×¼£º<a href="http://www.aavvss.com" target="_blank">www.aavvss.com</a>&nbsp;&nbsp;&nbsp;(&nbsp;M×ã50IP¼´¿ÉÊÕä›&nbsp;)&nbsp;&nbsp;(&nbsp;<font color="#FF0000">ÊÖ¶¯Ìá½»Õ¾µãÂú×ãIP¼´¿ÉÊÕ¼</font>)</font></tr></TD>

<tr bgcolor="#9999990">
<TD class=sss vAlign=top bgColor=#000000><font color=#ffffff>ÎåÔÂÌ쌧º½ÊÕ䛼ƒºÍ¯É«Çé¡¢ÈËÅc„ÓÎïÉ«Çé²»ÊÕä› </font></tr>
</TD>
</TR>
...[2561 bytes skipped]...

http://www.ygsdh.in/app/addwz.asp
200 OK
Content-Length: 3046
Content-Type: text/html
clean
http://www.ygsdh.in/test404page.js
404 Not Found
Content-Length: 1308
Content-Type: text/html
clean
http://www.ygsdh.in/app/go.asp
200 OK
Content-Length: 166
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ygsdh.in

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ygsdh.in
Referer: http://www.google.com/search?q=ygsdh.in

Result:
The result is similar to the first query. There are no suspicious redirects found.