We are more familiar with Google Safebrowsing alert pages, but there is also Yandex
Who is getting Yandek alerts?, example: http://yandex.com/infected?l10n=en&url=rkvm.ru
Yandek search is here: http://yandex.com/yandsearch?text=&lr=87
landing at this alert: http://yandex.com/infected?url=http%3A%2F%2Fwww.rkvm.ru%2F
I get an alert there from Bitdefender’s TrafficLight: The page you are trying to access contains malware.
Details: Web Page: http://wXw.rkvm.ru/ Access from your browser has been blocked, pending your decision.
See why here: http://siteinspector.comodo.com/public/recent_detections/5110869
See: https://www.virustotal.com/url/421a0a8679947056a1ba56c9798af5d6ced145cc043736ab9f778febe2440c67/analysis/1343582582/
also see: http://www.mywot.com/en/scorecard/rkvm.ru?utm_source=addon&utm_content=popup-donuts

polonus

Here I get an alert through mwis: http://www.mwis.ru/index/url/sokkies.nl/
See the IDS alerts for the java malware: http://urlquery.net/report.php?id=107283
Nothing detected here: http://vscan.urlvoid.com/analysis/3dca6d57c377693ed2b2b5f71802f3d8/aW5kZXg=/
Malware and scam site: http://www.mywot.com/en/scorecard/sokkies.nl?utm_source=addon&utm_content=popup-donuts

Probably infected because of Running Plesk 10: wXw.sokkies.nl:8443 Plesk version 10 outdated: Upgrade required (Sucuri scan results)

Potentially Active Threats!
During the last 7 days potentially active threats were detected on the main site of this domain,
according to AVG ThreatLabs

polonus

httX://urlvoid.com/scan/rkvm.ru/

For some reason it is hosted on scumware but i cant get past the verfication to get more info 8)

Anthony

busted!!!1

URL	MD5	IP	 	Threat	 

2012-07-28 17:11:51 hsdsadasdap://rkvm.ru/remont_ofisov.php 9C204332FDFFB5C9033C1DE4BD7E6EEA 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:11:51 htdzvdzvp://rkvm.ru/contact.php FD1F96498CFD1FB294FA8F2ACD0FECBE 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:11:51 hfsfp://rkvm.ru/sostavlenie_smety.php 3A05D3A9A2A741B70F33C5B5CCCA7F70 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:11:50 hsadzfsftp://rkvm.ru/about.php 11991BD3511C331CE51ED24B6545EC6D 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:11:50 htdsafvcdztp://rkvm.ru/service.php C524AD03E9892D07D7E5B0AA87B016A4 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:11:50 htjbjbjbjtp://rkvm.ru/euroremont.php CCD7DFA9D44D0A23D20E042D0C39EA62 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:11:50 htjbjjbtp://rkvm.ru/zakaz.php 5B65D5E5D0539D3FE13656BB23089816 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:04:18 hbbjbjbttp://rkvm.ru/lib.js 3C0EEE5D685FCFE5A7478126E8645D1C 81.177.24.94 RU Trojan-Downloader.JS.Agent.gqu
2012-07-28 17:03:47 htsdtp://rkvm.ru/ukladka-plitki.php 9BC8CFB68E6E61D611A6CA5C804097FA 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:03:46 httzxvzp://rkvm.ru/uborka.php 2102BF6B8ECF9325C8D35D74A00F58FB 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:03:46 htzvzvztp://rkvm.ru/price.php 50B7677D16BD4D369E47FF6AA1C3E3B5 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:03:46 hzvzvttp://rkvm.ru/pereplanirovka_kvartir.php 2E34E84153F4E7D05E328327E283AAD6 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:03:46 httzvzvp://rkvm.ru/garantiy.php 3DE7D5B88D10C1BB9C375A4E2162CCA6 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:03:45 htzvzvtp://rkvm.ru/jquery.mousewheel.min.js 58BA52DB402F61516CBC03164DAD4266 81.177.24.94 RU JS/Agent.NEN trojan
2012-07-28 17:03:45 httvxcvbxp://rkvm.ru/foto1.php 5C7C9151C92DD42E3ECE08F64DAD1D91 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:03:45 hxcv xcv ttp://rkvm.ru/dizain_intererov.php C3F6260F1B63CA6A9E1BDECF14C84412 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-28 17:03:44 httcvxcvp://rkvm.ru/electroproekt.php B3F031206C6DE9B9BCE9763A41B0F243 81.177.24.94 RU JS/Agent.NFO trojan
2012-07-26 19:13:50 httvxcvxp://rkvm.ru/pobelka_potolkov.php 859014B1E5C563AEFA6070D27795B548 81.177.24.94 RU JS/Agent.NFO trojan
2012-06-29 14:29:37 httvcvp://rkvm.ru/articles.php 934531F62B3902B879792AA80329CFA6 RU JS/Agent.NFO trojan
2012-06-29 14:29:36 htvzv tp://rkvm.ru/zastilaem_pol_parketnoi_doskoi.php B2E3BD01EE8AEDA52F38A559C944D0B5 RU JS/Agent.NFO trojan
2012-02-13 02:16:05 htvcxcv tp://rkvm.ru/foto3.php B943ACC6F92FCA26A670493D727151E8 81.177.24.94 RU Trojan.JS.Iframe.xn
2012-02-08 00:15:43 htcvxcvtp://rkvm.ru/teplyi_dom.php E4F4AEDEA4AFEFB941F235E92A8AA718 81.177.24.94 RU Trojan.JS.Iframe.xn

Found it :o

Trojan.JS.Iframe.xn

Additional information which is on Virustotal

SCUMWARE.org URL description
This URL is or was distributing a malware variant of JS/Agent.NFO trojan
Sophos URL description
URL subjected to threat Mal/ScrLd-A.
Websense ThreatSeeker URL category
Uncategorized.
BitDefender domain information
The URL domain/host was seen to host badware at some point in time
Opera domain information
The URL domain/host was seen to host badware at some point in time
Sophos domain information
The URL host was subjected to threat Mal/ScrLd-A.
URL after redirects
htoijiijkjtp://rkvm.ru/zakaz.php
Response code
404
Response headers
date: Sun, 29 Jul 2012 17:23:03 GMT
x-google-cache-control: remote-fetch
content-type: text/html; charset=iso-8859-1
via: HTTP/1.1 GWA
server: Apache/1.3.33-Front-070729.1 (Win32) PHP/5.1.2

At this time, the site looks dead ???

Anthony 8)

Only the malcode on the main site has been closed since 2012-07-30 01:03:25
All the other urls are spewing JS/Dldr.Scripy.A since 2012-07-28 23:22:43 and so are alive and kicking malcode,

polonus