I was wondering if the community could offer their help. I have McAfee Internet Security installed and I was letting my little cousin stream anime with a linux virtual machine in virtualbox.
He was using the site called animeultima.tv with Firefox and Firefox had adblock and noscript installed. Basically I temporarily allowed mp4upload and he watched about 2 hours of anime before finishing. About 30 minutes before he finished, there was a blocked connection from 188.8.131.52.
He couldn't have clicked on ads since they were disabled and I made sure he was only on animeultima. I couldn't find any recent information about this IP address other than it leading to a site called mostporn.com, which I know he didn't visit because he is 6 and knows nothing of porn.
So could anyone help by finding where this ip address came from and why it tried to connect if it isn't related to animeultima.tv
You'd better stay away from animeultima.tv for a while. The site's been hacked and is silently redirecting visitors to compromised servers that are hosting various exploit kits. One of the signs of this is that the website will try to connect to various sites that the hackers control, and some of them are porn sites.
Google says the site was okay on the 23rd but Sucuri reports it as infected 24 hours later
Edit - By the way the porn site name and the IP address don't match up. 'mostporn-dot-com' is hosted on a GoDaddy server at 184.108.40.206 according to
http://www.urlvoid.com/scan/mostporn.com/Message was edited by: Hayton on 25/08/13 05:37:58 IST
Another thing is since I was using virtualbox running a linux virtual machine, could my host OS (Windows Vista) or router have could infected or exploited? Due to that ip address showing up in the list of incoming connections blocked.
If the ip address 220.127.116.11 isn't related to thae ste, mostporn could you offer any information about the ip address?
To the second question : I don't know.
To the third question : you gave an incorrect domain name. Information on the actual domain is in the link below. That site has a presence on Steam and on Facebook so possibly the incoming connection request has something to do with one of those.
As for the link you posted, it doesn't work. I get a 504 Gateway error.
The link is fine. It works for me. 504 is a server error, perhaps you're going through a proxy.
I managed to view the link, but how could you tell that ip address has a presence on Steam and Facebook?
Not the IP address, the site. Found the information when I was looking up the site/IP info. I can confirm the site is on Facebook. Steam I don't know, I don't use.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: