False positive: 64.237.46.147

[webevil]

Hello,

I'm posting in regards to the fact that my IP 64.237.46.147 is blocked by MalwareBytes' Anti-Malware. I have few sites on same IP / server but all of them does not server any maleware.

I already tested my sites with some other web scanners and none of them reported any suspicious activity so please check this and unblock my IP.

Thanks!

Milos

protection-log-2012-10-09.rar

[webevil]

Any update on this?

[MysteryFCM]

Sorry for missing your post.

This isn't an F/P. The IP was blocked due to 2 domains involved in malicious activities;

porntubese.net

sexxxtape.net

[webevil]

Can you tell me which malicious activities??? Yes those are also my sites and I know that none of them is involved in any suspicious activity.

[MysteryFCM]

Both were found containing images identified as CP, and leading to (and as of a few seconds ago, still leading to) infections via exploits such as those on;

rakohshangeurden.sytes.net / UaYOTy?uPiSp=33 (DO NOT LOAD THIS URL IN A BROWSER)

[webevil]

I searched my sites / server few times and I still cannot find any image identified as CP and leading to infections via exploits ... Maybe your software see something which I cannot find or maybe this is some bug or something ... So can you please give me url of those images or help me to find this exploits? Please understand that I'm strongly against CP or anything illegal.

[MysteryFCM]

I can't give you the URLs to the CP, no.

As far as the exploit, all I had to do was click a couple of random images, and up it popped. There is no specific page on the site that causes it, which leads me to believe it's one of the sites your rotations point to (already ruled out the ad servers being responsible in this case)

[webevil]

Ok, can you help me on some other way?

Is it picture on my site or i have link to website with cp or something else ... I really cannot find anything suspicious.

[MysteryFCM]

The CP is displayed directly on your site (note, this has already been reported to both LE and the IWF, due to the nature of it).

[webevil]

Once again, I really cannot find anything illegal ... Because you cannot give me url directly can maybe your software show me suspicious image?

[MysteryFCM]

The software had nothing to do with it, I checked your site manually, as I do with every site/IP checked.

The reason I cannot give you the offending URL, is due to UK law preventing my doing so. Providing URLs known to contain or suspected to contain CP to anyone other than LE an the IWF, is classed as distribution and thus, illegal.

[webevil]

And how you checked that? How you decide that some URL contain CP?

I will get my lawyer involved into this because you have some very serious charges against me and my websites, but I'm sure that my sites don't contain anything illegal.

[MysteryFCM]

And how you checked that? How you decide that some URL contain CP?

I loaded the site, and saw an image containing CP, nothing more to it than that.

[webevil]

I loaded the site, and saw an image containing CP, nothing more to it than that.

I trough that you are serious company ... But I was definitely wrong.

That is NOT way to check and prove that some site contain cp. You like person is NOT qualified to decide that some image containing cp or not. If you see anything suspected to contain cp you need to inform organizations that fight against it.

So you by yourself decided that my sites contain cp and blocked my sites and only because of that I will get my lawyer involved into this because you have some VERY SERIOUS CHARGES against me without ANY PROOF!

And just to know that I have proof (18 USC § 2257 Compliance Statement) for ALL images on my site and other persons who appear in any visual depiction of sexually explicit conduct appearing or otherwise contained in or at this site were over the age of eighteen years at the time of the creation of such depictions.

[MysteryFCM]

I'm aware of that, which is why the first thing I do with any image containing or suspected to contain CP, is reported to both my LE contact, and the IWF.

[webevil]

Yes, and this is what you should do BUT you should NOT block my sites and mark them as cp sites by yourself, until you get confirmation from LE contact, and the IWF

This is the main problem here.

[MysteryFCM]

There seems to be a misunderstanding here. The CP wasn't the original cause of the block - it wasn't there when I first came across it, only the leads to exploits were, The offending images are the reason I can not remove the block, along with the existing content still leading to exploits such as the one I referenced (as already mentioned, there isn't a specific URL on your site that leads to it, otherwise I'd have provided it - and is the reason that led me to conclude it's one of those in your rotation that is responsible - but it's originating from your site)

[webevil]

Ok, lets put cp on side for now because I'm sure that my sites are clean of that and I have proofs for my images.

Let's back on that exploit which I cannot see / find. Can you tell me where are you clicking so I will try to get also this url leading to exploit. And can you tell me one more time which url I should get?

Thanks!

[webevil]

Also I checked my site with many online tools and all of them reported my site as clean.

Here are results:

http://www.unmaskparasites.com/security-report/?page=www.sexxxtape.net

http://sitecheck.sucuri.net/results/www.sexxxtape.net

https://www.virustotal.com/url/5e11aa88c5292b65c9360114dc330850af21d80101a39ece4323dfacb62ad304/analysis/

http://safeweb.norton.com/report/show?url=www.sexxxtape.net

http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=64.237.46.147

[MysteryFCM]

I've PM'd you the URLs that led to the exploit (again, not always on the first click, which led me to believe it was in the rotation)

[nosirrah]

I had no trouble finding exploits on these sites. In under 30 seconds of clicking I had 2 infections attempting to enter through java.

[webevil]

Can you please tell me where you clicked so I can find them and fix it ... Or suggest some other way how I can find them.

Thanks!