Hi malware fighters:
Scan for: htxp://vasilijgaltsev.com
Hostname: vasilijgaltsev.com
IP Address: 193.105.174.118
Date: 29-05-2010 12:31
Running on: Apache/2
Web Application details:
List of emails found
Server at vasilijgaltsev.com
Blacklisting status
Domain clean by Google Safe Brownsing: vasilijgaltsev*com
Domain clean by Norton Safe web: vasilijgaltsev*com
Domain clean by Sucuri Web Blacklist: vasilijgaltsev*com
Domain clean by the Phish Tank: vasilijgaltsev*com
Domain clean by the Malware Domain List: vasilijgaltsev*com
This list it as recent: http://www.malwareurl.com/
http://www.malwareurl.com/listing.php?domain=vasilijgaltsev.com
pol
Hi Sartigan,
Here also:
Only HTTP and HTTPS are supported. (e.g., http://www.trendmicro.com )
Web reputation result: This URL is currently listed as malicious.
did you mean vasilijgaltsev ?
malwareurl.com
malwareurl.com
*
MalwareURL
May 29, 2010 ... Domain matching vasilijgaltsev*com were found in our database. ...vasilijgaltsev.com. 193.105.174.118. Botnet controller ... (wXw.malwareurl.com) htXp://www.malwareurl.com/listing.php?domain=vasilijgaltsev.com
*
details - MalwareURL
May 29, 2010 ... Arashkevich Konstantin / arashckevitch[dot]kostya@yandex[dot]ru. 2010-05-29. details. vasilijgaltsev.com. 193.105.174.118. Botnet controller ...htxp://www.malwareurl.com/listing.php?domain=awdeewroman.com
siteadvisor.com
siteadvisor.com
*
vasilijgaltsev.com | McAfee SiteAdvisor Software – Website Safety ...
McAfee SiteAdvisor tests vasilijgaltsev.com for adware, spam, scams, and e-mail practices. (www.siteadvisor.com) http://www.siteadvisor.com/sites/vasilijgaltsev.com/postid?p=4756676
malwaredomainlist.com
malwaredomainlist.com
*
Recent Posts
... elena@colo[dot]in[dot]ua | UA | RIPE | COLO-NET | 8cbe7d655ad30a6442705bc6b32cf141 | htxp://vasilijgaltsev.com/dd/index.php?uid=690047&ver=6c%20XP | ... (www.malwaredomainlist.com) htxp://www.malwaredomainlist.com/forums/index.php?action=recent;start=50
com.ar
com.ar
*
Ultimo malware encontrado
69.10.57.126 [69.10.57.126], Exploit kit / Backdoor Agent. vasilijgaltsev*com [ 193.105.174.118], Botnet controller. samocity-fr[dot]co[dot]cc [75.75.243.127] ... (wXw.segu-info.com.ar) htxp://www.segu-info.com.ar/virus/url.php
polonus
All of the sites you listed in your first post marked it as CLEAN.
Very funny, Web of Trust marked all ratings 1 , this means it’s very unsecure :
The link I gave is the vasilijgaltsev[dot]com 's Web Of Trust card
What you mean on: “did you mean vasilijgaltsev”?
Hi Sartigan,
That I copied from the scan site. So that is just their rephrasing: “did you mean vasilijgaltse?”, and nothing meant.
We now know it is a bot controller site, that it is categorized as dangerous.
Thanks for your reaction, users now are warned,
polonus
I hope we helped some people who didn’t know about this, but you can be sure I won’t visit this site (and I hope users too) ;D
You need to exercise care when posting links to jsunpack.jeek.org/dec/go?report= as you are replicating the code of a suspect/infected page in the results, so if the detection is one recognised by avast it would alert on the page.
I agree with you DavidR, but what the web site warnings? in red letters?
DavidR
June 1, 2010, 2:16am
10
No, I generally only post images of the results (see image example) and not the URL.
Generally if the site doesn’t find anything I don’t report negative results as the jsunpack only looks at that one page of script whatever option it is you use. Were the other sites mentioned by polonus look at the site as a whole.