×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
theflyingmonkey
Former Member
Message 1 of 9

IP Address blocked.

I was wondering if the community could offer their help. I have McAfee Internet Security installed and I was letting my little cousin stream anime with a linux virtual machine in virtualbox.

He was using the site called animeultima.tv with Firefox and Firefox had adblock and noscript installed. Basically I temporarily allowed mp4upload and he watched about 2 hours of anime before finishing. About 30 minutes before he finished, there was a blocked connection from 50.7.161.2.

He couldn't have clicked on ads since they were disabled and I made sure he was only on animeultima. I couldn't find any recent information about this IP address other than it leading to a site called mostporn.com, which I know he didn't visit because he is 6 and knows nothing of porn.

8 Replies
theflyingmonkey
Former Member
Message 2 of 9

Re: IP Address blocked.

So could anyone help by finding where this ip address came from and why it tried to connect if it isn't related to animeultima.tv

Hayton
Reliable Contributor
Reliable Contributor
Message 3 of 9

Re: IP Address blocked.

You'd better stay away from animeultima.tv for a while. The site's been hacked and is silently redirecting visitors to compromised servers that are hosting various exploit kits. One of the signs of this is that the website will try to connect to various sites that the hackers control, and some of them are porn sites.

Reports :

http://sitecheck.sucuri.net/results/animeultima.tv

Details -

http://labs.sucuri.net/db/malware/malware-entry-mwspamseo

http://labs.sucuri.net/db/malware/malware-entry-mwjs69693

http://www.unmaskparasites.com/security-report/?page=www.animeultima.tv

http://www.google.com/safebrowsing/diagnostic?site=www.animeultima.tv

Google says the site was okay on the 23rd but Sucuri reports it as infected 24 hours later

Edit - By the way the porn site name and the IP address don't match up. 'mostporn-dot-com' is hosted on a GoDaddy server at 50.63.202.74 according to

http://www.urlvoid.com/scan/mostporn.com/

Message was edited by: Hayton on 25/08/13 05:37:58 IST
theflyingmonkey
Former Member
Message 4 of 9

Re: IP Address blocked.

I see, but if I have noscript blocking every script except mp4upload, shouldn't that protect me from the javascript exploit as well as the malware?

Another thing is since I was using virtualbox running a linux virtual machine, could my host OS (Windows Vista) or router have could infected or exploited? Due to that ip address showing up in the list of incoming connections blocked.

If the ip address 50.7.161.2 isn't related to thae ste, mostporn could you offer any information about the ip address?

Hayton
Reliable Contributor
Reliable Contributor
Message 5 of 9

Re: IP Address blocked.

To the first question : NoScript is supposed to block java and javascript for untrusted sites. If you allowed only mp4upload that should not have altered the permissions for animeultima.tv, but I don't think that site would work properly unless javascript were enabled. I'm not going to try it in Firefox to see if that is the case.

To the second question : I don't know.

To the third question : you gave an incorrect domain name. Information on the actual domain is in the link below. That site has a presence on Steam and on Facebook so possibly the incoming connection request has something to do with one of those.

http://myip.ms/info/whois/50.7.161.2/k/1912111861/website/mostporns.com

theflyingmonkey
Former Member
Message 6 of 9

Re: IP Address blocked.

I tested the noscript thing and I even disabled javascript in Firefox. The site works fine if I only temporarily allow mp4upload.com to watch from mp4upload. But with javascript disabled in Firefox, I can't get the play button to show until I enable javascript in Firefox. So it seems like the javascript/scripts for animeultima isn't running when I don't allow it with noscript.

As for the link you posted, it doesn't work. I get a 504 Gateway error.

Hayton
Reliable Contributor
Reliable Contributor
Message 7 of 9

Re: IP Address blocked.

The link is fine. It works for me. 504 is a server error, perhaps you're going through a proxy.

http://pcsupport.about.com/od/findbyerrormessage/a/504error.htm

theflyingmonkey
Former Member
Message 8 of 9

Re: IP Address blocked.

I managed to view the link, but how could you tell that ip address has a presence on Steam and Facebook?

Hayton
Reliable Contributor
Reliable Contributor
Message 9 of 9

Re: IP Address blocked.

Not the IP address, the site. Found the information when I was looking up the site/IP info. I can confirm the site is on Facebook. Steam I don't know, I don't use.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community