I was wondering if the community could offer their help. I have McAfee Internet Security installed and I was letting my little cousin stream anime with a linux virtual machine in virtualbox.
He was using the site called animeultima.tv with Firefox and Firefox had adblock and noscript installed. Basically I temporarily allowed mp4upload and he watched about 2 hours of anime before finishing. About 30 minutes before he finished, there was a blocked connection from 50.7.161.2.
He couldn't have clicked on ads since they were disabled and I made sure he was only on animeultima. I couldn't find any recent information about this IP address other than it leading to a site called mostporn.com, which I know he didn't visit because he is 6 and knows nothing of porn.
So could anyone help by finding where this ip address came from and why it tried to connect if it isn't related to animeultima.tv
You'd better stay away from animeultima.tv for a while. The site's been hacked and is silently redirecting visitors to compromised servers that are hosting various exploit kits. One of the signs of this is that the website will try to connect to various sites that the hackers control, and some of them are porn sites.
Reports :
http://sitecheck.sucuri.net/results/animeultima.tv
Details -
http://labs.sucuri.net/db/malware/malware-entry-mwspamseo
http://labs.sucuri.net/db/malware/malware-entry-mwjs69693
http://www.unmaskparasites.com/security-report/?page=www.animeultima.tv
http://www.google.com/safebrowsing/diagnostic?site=www.animeultima.tv
Google says the site was okay on the 23rd but Sucuri reports it as infected 24 hours later
Edit - By the way the porn site name and the IP address don't match up. 'mostporn-dot-com' is hosted on a GoDaddy server at 50.63.202.74 according to
http://www.urlvoid.com/scan/mostporn.com/
Message was edited by: Hayton on 25/08/13 05:37:58 ISTI see, but if I have noscript blocking every script except mp4upload, shouldn't that protect me from the javascript exploit as well as the malware?
Another thing is since I was using virtualbox running a linux virtual machine, could my host OS (Windows Vista) or router have could infected or exploited? Due to that ip address showing up in the list of incoming connections blocked.
If the ip address 50.7.161.2 isn't related to thae ste, mostporn could you offer any information about the ip address?
To the first question : NoScript is supposed to block java and javascript for untrusted sites. If you allowed only mp4upload that should not have altered the permissions for animeultima.tv, but I don't think that site would work properly unless javascript were enabled. I'm not going to try it in Firefox to see if that is the case.
To the second question : I don't know.
To the third question : you gave an incorrect domain name. Information on the actual domain is in the link below. That site has a presence on Steam and on Facebook so possibly the incoming connection request has something to do with one of those.
http://myip.ms/info/whois/50.7.161.2/k/1912111861/website/mostporns.com
I tested the noscript thing and I even disabled javascript in Firefox. The site works fine if I only temporarily allow mp4upload.com to watch from mp4upload. But with javascript disabled in Firefox, I can't get the play button to show until I enable javascript in Firefox. So it seems like the javascript/scripts for animeultima isn't running when I don't allow it with noscript.
As for the link you posted, it doesn't work. I get a 504 Gateway error.
The link is fine. It works for me. 504 is a server error, perhaps you're going through a proxy.
http://pcsupport.about.com/od/findbyerrormessage/a/504error.htm
I managed to view the link, but how could you tell that ip address has a presence on Steam and Facebook?
Not the IP address, the site. Found the information when I was looking up the site/IP info. I can confirm the site is on Facebook. Steam I don't know, I don't use.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: