All give this site as clean, while it is serving up Zeus V2...

Hi malware fighters:

Scan for: htxp://vasilijgaltsev.com
Hostname: vasilijgaltsev.com
IP Address: 193.105.174.118
Date: 29-05-2010 12:31

Running on: Apache/2

Web Application details:
List of emails found

Server at vasilijgaltsev.com

Blacklisting status

Domain clean by Google Safe Brownsing: vasilijgaltsev*com

Domain clean by Norton Safe web: vasilijgaltsev*com

Domain clean by Sucuri Web Blacklist: vasilijgaltsev*com

Domain clean by the Phish Tank: vasilijgaltsev*com

Domain clean by the Malware Domain List: vasilijgaltsev*com

This list it as recent: http://www.malwareurl.com/
http://www.malwareurl.com/listing.php?domain=vasilijgaltsev.com

pol

http://www.mywot.com/en/scorecard/vasilijgaltsev.com

^^ :smiley:
Just look at this page ;D

Hi Sartigan,

Here also:
Only HTTP and HTTPS are supported. (e.g., http://www.trendmicro.com)

Web reputation result: This URL is currently listed as malicious.

did you mean vasilijgaltsev ?
malwareurl.com
malwareurl.com

*
  MalwareURL
  May 29, 2010 ... Domain matching vasilijgaltsev*com were found in our database. ...vasilijgaltsev.com. 193.105.174.118. Botnet controller ... (wXw.malwareurl.com)   htXp://www.malwareurl.com/listing.php?domain=vasilijgaltsev.com
*
  details - MalwareURL
  May 29, 2010 ... Arashkevich Konstantin / arashckevitch[dot]kostya@yandex[dot]ru. 2010-05-29. details. vasilijgaltsev.com. 193.105.174.118. Botnet controller ...htxp://www.malwareurl.com/listing.php?domain=awdeewroman.com

siteadvisor.com
siteadvisor.com

*
  vasilijgaltsev.com | McAfee SiteAdvisor Software – Website Safety ...
  McAfee SiteAdvisor tests vasilijgaltsev.com for adware, spam, scams, and e-mail practices. (www.siteadvisor.com)   http://www.siteadvisor.com/sites/vasilijgaltsev.com/postid?p=4756676

malwaredomainlist.com
malwaredomainlist.com

*
  Recent Posts
  ... elena@colo[dot]in[dot]ua | UA | RIPE | COLO-NET | 8cbe7d655ad30a6442705bc6b32cf141 | htxp://vasilijgaltsev.com/dd/index.php?uid=690047&ver=6c%20XP | ... (www.malwaredomainlist.com)   htxp://www.malwaredomainlist.com/forums/index.php?action=recent;start=50

com.ar
com.ar

*
  Ultimo malware encontrado
  69.10.57.126 [69.10.57.126], Exploit kit / Backdoor Agent. vasilijgaltsev*com [ 193.105.174.118], Botnet controller. samocity-fr[dot]co[dot]cc [75.75.243.127] ... (wXw.segu-info.com.ar)   htxp://www.segu-info.com.ar/virus/url.php

polonus

All of the sites you listed in your first post marked it as CLEAN. :smiley:

Very funny, Web of Trust marked all ratings 1, this means it’s very unsecure ::slight_smile:

The link I gave is the vasilijgaltsev[dot]com 's Web Of Trust card
What you mean on: “did you mean vasilijgaltsev”?

Hi Sartigan,

That I copied from the scan site. So that is just their rephrasing: “did you mean vasilijgaltse?”, and nothing meant.
We now know it is a bot controller site, that it is categorized as dangerous.
Thanks for your reaction, users now are warned,

polonus

I hope we helped some people who didn’t know about this, but you can be sure I won’t visit this site (and I hope users too) ;D

Also nothing detected by:

http://jsunpack.jeek.org/dec/go?report=dbfc44618878a5c85d3fe648712ec74ace4fbc68

You need to exercise care when posting links to jsunpack.jeek.org/dec/go?report= as you are replicating the code of a suspect/infected page in the results, so if the detection is one recognised by avast it would alert on the page.

I agree with you DavidR, but what the web site warnings? in red letters?

No, I generally only post images of the results (see image example) and not the URL.

Generally if the site doesn’t find anything I don’t report negative results as the jsunpack only looks at that one page of script whatever option it is you use. Were the other sites mentioned by polonus look at the site as a whole.