I am using McAfee Internet Security with Vista 64-bit Home SP2 and I was using VirtualBox with Ubuntu 12.04 when this happened. So I had an entry in the Netguard tab today. The ip address was 208.73.210.81 and I believe during the time listed, I was trying to go to mangastream.com. However, I noticed in Firefox it said something like loading from ww2.man(can't remember what came after). But I stopped it and the page never loaded.
I typed the url again, but slower and this time it was saying loading from mangastream.com, so it seems I got the risky connection because I may have typed the site in wrong.
The question I have is that a google search shows that ip address as dangerous with something called passive dns replication, so is there any possibility that the ip address could have dropped something in my virtual machine or my router? Or infect my router?
Possible but unlikely if you stopped it in its tracks which I think you did.
Scan with Stinger and Malwarebytes Free and perhaps AdwCleaner and Junkware Redmoval Tool as listed in the last link in my signature below.
I think it was SiteAdvisor probably that threw up the warning rather than Firewall as the latter does things silently usually.
When you said it is possible but unlikely, do you mean it was possible for my router to be infected, my virtual machine, or my actual machine?
After some research I managed to find out that the url I mistyped was mangastram.com rather than mangastream.com (both was without the www.), the ip address of mangastram.com is 69.43.161.205 but it seems that if I add the ww2. in front the ip address becomes 208.73.210.81. So maybe there is a redirect that happened.
What do you mean by I stopped it in its tracks? Are you talking about the fact that I hit the ESC key when I noticed the "waiting for ww2.mangastram.com/ connected to ww2.mangastram.com" and after that I wasn't taken to any other page except the page I was currently on (gamefaqs.com)?
As for the warning, I didn't actually see it since I had my virtual machine running in full screen mode. The only thing I know is that I don't have SiteAdvisor installed on my virtual machine and I only noticed it when I went to check my Security Report on the host machine. It listed 5 risky connections, which I never had any risky connections before and when I checked the Net Guard tab, there was only one entry with the last attempt was from my VirtualBox Manager about 3 hours ago from when I checked.
With the ip address 208.73.210.81 and I have the VirtualBox Manager set to Outgoing in my Firewall Permission, so should I be freaking out because this ip address is listed as doing malicious things on VirusTotal for at least a year (records only go back to about January)?
Message was edited by: Ex_Brit on 05/11/13 4:57:31 EST AMtheflyingmonkey wrote:
When you said it is possible but unlikely, do you mean it was possible for my router to be infected, my virtual machine, or my actual machine? actual machine
After some research I managed to find out that the url I mistyped was mangastram.com rather than mangastream.com (both was without the www.), the ip address of mangastram.com is 69.43.161.205 but it seems that if I add the ww2. in front the ip address becomes 208.73.210.81. So maybe there is a redirect that happened. possibly
What do you mean by I stopped it in its tracks? Are you talking about the fact that I hit the ESC key when I noticed the "waiting for ww2.mangastram.com/ connected to ww2.mangastram.com" and after that I wasn't taken to any other page except the page I was currently on (gamefaqs.com)? yes
As for the warning, I didn't actually see it since I had my virtual machine running in full screen mode. The only thing I know is that I don't have SiteAdvisor installed on my virtual machine and I only noticed it when I went to check my Security Report on the host machine. It listed 5 risky connections, which I never had any risky connections before and when I checked the Net Guard tab, there was only one entry with the last attempt was from my VirtualBox Manager about 3 hours ago from when I checked.
With the ip address 208.73.210.81 and I have the VirtualBox Manager set to Outgoing in my Firewall Permission, so should I be freaking out because this ip address is listed as doing malicious things on VirusTotal for at least a year (records only go back to about January)?
My VM has Full permission in the Firewall otherwise it doesn't work as it is supposed to, I think maybe you are getting warnings because of that? Just a thought.
Thanks. However, I have never gotten any entries in my NetGuard tab since it was implemented. So I don't think it has to do with Permissions. Is there any way to confirm that I got the entry because I was accidentally connecting to the 208.73.210.81 and not because of permissions?
Again, I didn't see any warnings pop up since my VM was in Full Screen Mode. I only noticed it when I saw my Security Report list that there was 5 Risky Connections Attempted and Blocked and when I check the NetGuard Tab, there was only 1 entry there. The entry had the IP Address 208.73.210.81 and it said the program was VirtualBox Manager.
Not sure what to suggest except contact Technical Support - it's free and linked under Useful Links at the top of this page.
That IP belongs to someone in the Los Angeles area I believe. Maybe the box is trying to dial home for an update check and with one-way permissions it's not able to?
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: