Malware Threat in the Blond_Lilly ad

Looks like the Malware Threat that I have been seeing is also in the pictures on the Blond_Lilly ad. Her web site does not work either.

Web site is working fine actually--has been all day. And there's nothing "in" the pictures on my ad--no embedded links or anything. What exactly are you referring to?

Not trying to be a white knight here... As a geek, I do run a number of anti-malware programs, including a couple that will give me real-time notification of any malware trying to play dirty with my machine.

That being said, I've never seen either of them go off when I've either read Lily's ads or visited her website, and scans I've run with my other (non-real-time) anti-malware and antivirus software have come up negative (and I did those scans several days to a week or so after either reading her ad or visiting her website). I'd need to know a little more about what's setting off the original poster's alarms before I could express an intelligent opinion on what's going on.

Cheers,

bcg

This is the error that is showing when I attempt to respond to this message

16:16:26 IP-BLOCK 85.17.184.2

The error is being logged in the Malwarebyte's anti-malware log file.

Therefore, I believe the issue has to be with BlondLilly's picture or the ECCIE advertising banner in the upper right hand corner. Since, I don't think it would be the ECCIE advertising banner, I would tend to take that BlondLilly's picture is the culprit.

This is the error that is showing when I attempt to respond to this message

16:16:26 IP-BLOCK 85.17.184.2

The error is being logged in the Malwarebyte's anti-malware log file.

Therefore, I believe the issue has to be with BlondLilly's picture or the ECCIE advertising banner in the upper right hand corner. Since, I don't think it would be the ECCIE advertising banner, I would tend to take that BlondLilly's picture is the culprit. Originally Posted by niceguy4u2010

Interesting.

I would suspect the ad banner, myself. I'm not aware of many (if any) pictures that harbor malware, whereas a fair number of ad servers have been compromised and feed malware to people who visit sites served by the ad server.

FWIW, the IP address referenced in your log entry resolves to a domain called escortsite.com, not to ECCIE (which has an IP address of 174.123.112.146, according to a quick NSLOOKUP). I'm still suspecting another vector other than ECCIE or the picture.

ETA: OTOH, a quick NSLOOKUP on blondlily.com resolves to the escortsite.com IP address (which means her page is hosted there, most likely). Ok; if Lily's linking to her picture on her website at escortsite.com, that might be the vector that your program is complaining about. Lily may need to confer with her host server admin as well. You may be onto something.

Best to refer this to the mods or site admin to look into the issue.

Cheers,

bcg

Thanks for the information.

My pics aren't linked to anything. And I use the same host as most other escort websites do. Am I missing something? Has someone's computer been damaged or something due to something I put up?

My pics aren't linked to anything. And I use the same host as most other escort websites do. Am I missing something? Has someone's computer been damaged or something due to something I put up? Originally Posted by Blond_Lily

Someone's malware detector is logging some sort of issue with the IP address your host has been assigned.

I've not noticed any such problem with either your pictures or your website. More than that I can't say.

If I were in your shoes I'd notify the escortsite.com site admins that someone's installation of Malwarebytes Anti-Malware is logging an issue coming from their IP address (I hope that the ECCIE mods are watching this thread and can tell the appropriate people here that there's some issue that may be affecting banner ads which point to escortsite.com websites). Since so many other escorts use escortsite.com it's not at all clear (IMHO) that it's your site alone which is setting off his copy of Anti-Malware; it could be associated with another escort's site or with a banner ad which points to another site hosted there.

FWIW, I've visited your site several times and it's never set off my malware detectors, and I'm not aware of any claims that anyone has actually been infected with anything either through here or via a visit to your site.

Cheers,

bcg

I have not noticed any problems at Lilys site. I will say this,when I registered at escort-site,I assume the host,somehow picked up an old user name,I had registered under on another escorts website,I don't know how long ago. Somehow,it had detected the old account from my email address.It seemed odd,but that was some time ago, and I have not noticed any problems with my computer. Is it possible that whatever it is,sorry to be so non tech,that found my old account ,or something of that nature could be what the anti-Malware is detecting?

Any time you register for an escort-site website, you must use the same username and password that you used with the one you previously registered with. I hate that feature of it, but all the membership are put into the same pool.

I have placed the information into the Malwarebyte false positive forum for review. An earlier email to Malwarebyte requested the information be placed onto their false positive forum.

Thats interesting. Luckily I have never did have a problem when I was using the escortsite but you never know with the interenet. Keep us posted us guys so we can all learn how to avoid it...You are right Lily but maybe the site will change it if enough providers suggest and or complain about it

This is the error that is showing when I attempt to respond to this message

16:16:26 IP-BLOCK 85.17.184.2

The error is being logged in the Malwarebyte's anti-malware log file.

Therefore, I believe the issue has to be with BlondLilly's picture or the ECCIE advertising banner in the upper right hand corner. Since, I don't think it would be the ECCIE advertising banner, I would tend to take that BlondLilly's picture is the culprit. Originally Posted by niceguy4u2010

I think this means that malwarebytes has 85.17.184.2 flagged as an IP address that contains malware. 85.17.184.2 appears to be a webserver address that contains many web sites. If one of those web sites had malware on it at some time, malwarebytes may have flagged this as a bad IP.

If this is what happened, malwarebytes is doing what it's supposed to do. 85.17.184.2 had malware on it. Even if there was nothing wrong on blondlilly's site, there was something bad on 85.17.184.2. There are over 100 web sites at that address.

http://www.robtex.com/ip/85.17.184.2.html

That makes a lot o'sense. Gracias.

Cheers,

bcg

To be clear, they're not blocked due to content, they're only blocked due to malicious activity on the site that provides the hosting of services.

Once malicious activity is removed, the block will also be removed.


--------------------

Tom Mercado
Malwarebytes Customer Support