93.184.69.189?

[Double]

Is this a false positive? MBAM seems to have blocked this IP multiple times in one visit attempt. Found at http://oncelebrity.com/ ,  doesn't seem like a bad site.

Posted log below:

 

Update, 6/4/2014 12:29:57 AM, SYSTEM, FONTAINE, Manual, Malware Database, 2014.6.4.1, 2014.6.4.2, 

Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Refresh, Starting, 

Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Stopping, 

Protection, 6/4/2014 12:29:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Stopped, 

Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Refresh, Success, 

Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Starting, 

Protection, 6/4/2014 12:30:27 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, Started, 

Detection, 6/4/2014 12:47:56 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/4/2014 12:47:56 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57685, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57687, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/4/2014 12:47:57 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57688, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57689, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57690, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

Detection, 6/4/2014 12:47:59 AM, SYSTEM, FONTAINE, Protection, Malicious Website Protection, IP, 93.184.69.189, oncelebrity.com, 57691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

(end)

[Spud]

The domain wasn't the reason the IP is blocked which still houses fraud.

[Double]

I'm confused.. isn't the IP address the same as the domain? OnCelebrity is just a celebrity picture site, i don't see how anybody can experience fraud there..

[Spud]

A domain is hosted on an IP that a hosting provider has in its assignment. As such an IP on a hosting server can house thousands of domains just on one IP alone.

 

As I said previously, oncelebrity.com was not one of the malicious domains identified for blocking the IP.

 

Don't be too confident that pictures are all safe, they can be just as malicious (hidden code within). An example of how a picture can be utilised from malicious purposes:

http://blog.malwarebytes.org/security-threat/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/

[David H. Lipman]

Don't be too confident that pictures are malware free, they can be just as malicious (hidden code within).

 

I'd be glad to discuss steganography and other techniques with you but it would drive this thread OT.

However using the qualitative statement "they can be just as malicious" floats the concept to the top of threat levels while in actuality they pose an extremely low level threat.

[Spud]

Changed reply as it was for the OP to help him understand that pictures should not be treated as totally safe.

[Double]

Thanks Spud for sharing that link, it was really interesting.

 

I do have a question though, if you've got a PC with 80,000 images on it, and Malwarebytes said everything was clean, is it considered safe?

 

I use Visipics to separate duplicates, and of the dupes it occasionally finds, the differences i find in some of these images are only related to bytes (KB/MB), not dimension or filetype. I always keep the images with the larger byte size because i feel like I'm saving the original file, keeping in mind that they might have been saved as PNG and re-converted by some as a JPG.

[Spud]

A good question.....next.

 

Others may disagree with me here but no PC is truelly 100% safe no matter how hard you try to protect it. Malware or any other malicious program etc., can and does overwrite files as a way of hiding. Anti-virus/Anti-malware software is only as good as the defs identifying malicious software plus the heuristics to catch all else. There will be times when something from the wild slips through hense knowing your PC, surfing safely and common sense is your best defence in filling this gap.