See: http://killmalware.com/themoviemonk.com/
found on 144 websites.
2 detections on VT: https://www.virustotal.com/nl/url/d24f2948daa88538251cca2addf81f119d5680bb04dd60a4f2d0c8c50840c309/analysis/#additional-info
One malicious file detected: index.html
Severity: Malicious
Reason: Detected known malicious content.
Details: Threat detected according to previously retrieved information
File size[byte]: 57754
File type: ASCII
Page/File MD5: DC14FD90739734A11C2D31C76C5701B8
Scan duration[sec]: 0.001000 View code attached
Sucuri scan gives: Unable to properly scan your site
IP badness history: https://www.virustotal.com/nl/ip-address/74.220.215.206/information/
See: http://www.ip-finder.me/74.220.215.203/
Detected IP in here: https://malwr.com/analysis/NmVkMWQ5Y2U1ZTAyNGNmNTk1OWNlMGQyMTJhZmVhZDQ/
DrWeb detects as SCRIPT.Virus
polonus
Vulnerable is WordPress Version
3.4
Version does not appear to be latest 4.1.2 - update now.
Received data GET: HTTP/1.1 200 OK
Date: Sun, 26 Apr 2015 15:16:12 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
<HTML>
<HEAD>
<TITLE>HostMonster - Web hosting</TITLE>
<style type="text/css">
<!--
body {
margin-top: 0px;
}
.style2 {font-family: Arial, Helvetica, sans-serif; color: #033b73}
-->
</style>
</HEAD>
<BODY bgcolor="#FFFFFF">
<table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="b7dc73" bgcolor="#EFEFEF">
<tr><td>
<TABLE width="790" border=0 align="center" cellPadding=0 cellSpacing=0>
<TBODY>
<TR>
<TD width=163><img height=98 src="http://www.hostmonster.com/media/shared/general/_hm/logo.jpg" width=163></TD>
<TD vAlign=top>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD><img height=31 src="http://www.hostmonster.com/media/shared/general/_hm/web-hosting-curve.jpg" width=627></TD></TR>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="627" border=0>
<TBODY>
<TR>
<TD width="627" background="http://www.hostmonster.com/media/shared/general/_hm/web-hosting-top-gradient.jpg">
<div style="visiblity: hidden; height: 67px; width: 1px;" /></TD>
</TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>
</td></tr>
<tr><td>
<!-- SHTML Wrapper - Bounce Sniffer -->
<!-- Main site not installed -->
<div align="center">
<h3 class="style2">There is no website configured at this address.</h3>
<p class="style2"><font size=-1>
You are seeing this page because there is nothing configured for the site you have requested.
</font>
<font size=-2>If you think you are seeing this page in error, please contact the site administrator or datacenter
responsible for this site.</font>
</p>
<table cellspacing="8" width="65%">
<tbody>
<tr>
<td width="49%" height="50" onMouseOver="this.style.cssText+='; background-color: #ffffff ; border: Solid 1px #b7dc73 ';this.firstChild.style.color='#5f9c00'" onMouseOut="this.style.cssText+='; background-color: #ffffff ; border: Solid 1px #b7dc73 ';this.firstChild.style.color='#033a72'" onClick="if(this.firstChild.target!='_blank')location.href=this.firstChild.href" style="border: 1px solid #b7dc73; padding: 4px; font-family: 'Arial'; font-weight: bold; font-size: 16px; text-align: center; background-color: #ffffff;"><a href="https://www.hostmonster.com/cgi-bin/cplogin" style="color: #033a72; text-decoration: none; white-space: nowrap; cursor: pointer;">Login to your Account</a>
</td>
<td height="40" onMouseOver="this.style.cssText+='; background-color: #ffffff ; border: Solid 1px #b7dc73 ';this.firstChild.style.color='#5f9c00'" onMouseOut="this.style.cssText+='; background-color: #ffffff ; border: Solid 1px #b7dc73 ';this.firstChild.style.color='#033a72'" onClick="if(this.firstChild.target!='_blank')location.href=this.firstChild.href" style="border: 1px solid #b7dc73; padding: 4px; font-family: 'Arial'; font-weight: bold; font-size: 16px; text-align: center; background-color: #ffffff;"><a href="http://helpdesk.hostmonster.com" style="color: #033a72; text-decoration: none; white-space: nowrap; cursor: pointer;">Support Center</a>
</td>
</tr>
</tbody>
</table>
</div></td></tr>
<tr><td bgcolor="#b7dc73">
<div align="right" class="style2">© 2009 HostMonster.com</div></td>
</tr>
</table>
<script>
var gaJsHost = ("https:" == document.location.protocol) ? "https://ssl." : "http://www.";
document.write("<scr"+"ipt src='" +gaJsHost+ "google-analytics.com/ga.js'></scr"+"ipt>");
</script>
<script>
var pageTracker = _gat._getTracker("UA-9156498-2");
pageTracker._initData();
pageTracker._trackPageview("/user_box/index.html");
</script>
<!--- $Id: default.shtml,v 1.10 2010/06/01 20:03:46 sj Exp $ --->
</BODY>
</HTML>
Kleissner’s VirusTracker states there is active and up malware there:
themoviemonk dot com,74.220.215.206,ns2.hostmonster dot com,Criminals,
ns2.hostmonster.com is a bad zone, main domain scan: Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email. → http://www.dnsinspect.com/hostmonster.com/1430061584
Reverse entries for MX records.
htxp://submission.antispamcloud.com./ → SaferChrome: Insecure login: Password will be transmited in clear to htxp://submission.antispamcloud.com./index.php detected (see report) Login padlock icon
submission.antispamcloud.com .
Alerts (1)
Insecure login (1)
Password will be transmited in clear to htxp://submission.antispamcloud.com./index.php
→ submission.antispamcloud.com .,Ghosted,
polonus (volunteer website security analyst and website error-hunter)
Pondus
April 26, 2015, 5:43pm
3
themoviemonk.com.htm
https://www.virustotal.com/en/file/09c4638b2f2dff12de9999fc20f1e25c336cebf89fc37cba5d857b9a467320ba/analysis/1430070107/
detection confirmed and added by Norman/BlueCoat themoviemonk.com.htm HackScript.B
F-Secure detection added as Trojan.JS.Agent.JOE
Thanks, Pondus, we have detection now.
polonus