AdGuardVPNForWindows icon indicating copy to clipboard operation
AdGuardVPNForWindows copied to clipboard
verified publisher icon AdguardTeam

Why is Adguard VPN connecting to an IP that is used for Metasploit?

Open techcow2 opened this issue 1 year ago • 3 comments

Please answer the following questions for yourself before submitting an issue.

  • [X] I checked the knowledge base and found no answer
  • [X] I checked to make sure that this issue has not already been filed

AdGuard VPN version

2.3.2

Environment

- OS: Windows 11 Build 22631

- Other network-level software: n/a

Which DNS server do you use?

Cloudflare DNS

Custom DNS

No response

Use Wintun

  • [ ] yes, I do

Issue Details

Steps to reproduce: 1.The only way to reproduce this issue is to run malwarebytes with real time detection (that i know of)

Expected Behavior

The app should not be connecting to an IP address flagged by multiple vendors for Metasploit usage.

Actual Behavior

Malwarebytes is constantly flagging Adguard VPN for using an IP address flagged by multiple vendors for Metasploit usage.

Screenshots

Alert from Malwarebytes showing the IP address

Screenshot 2024-07-31 030728

Additional Information

I would blame this as a false flag, however, the problem is dealing with an IP address that Adguard is certainly connecting to. A false flag can pretty much be ruled out, since the problem is with the IP.

  • https://www.virustotal.com/gui/url/947f6d421846a893a46168be11a5a694f9b8552cc309a0f8d5d54830bc5c6df6/detection

techcow2 avatar Aug 01 '24 09:08 techcow2

@techcow2 do you connect to a location when this alert appears? Could you specify your steps to reproduce it please.

Aydinv13 avatar Aug 01 '24 11:08 Aydinv13

@techcow2 do you connect to a location when this alert appears? Could you specify your steps to reproduce it please.

No, as a matter of fact I did not have Adguard VPN open, running or connected to anything. The application was closed, including from the taskbar area near the system time and date. This happens frequently throughout the day.

techcow2 avatar Aug 01 '24 11:08 techcow2

@techcow2 do you connect to a location when this alert appears? Could you specify your steps to reproduce it please.

No, as a matter of fact I did not have Adguard VPN open, running or connected to anything. The application was closed, including from the taskbar area near the system time and date. This happens frequently throughout the day.

@Aydinv13 Also worth mentioning...this problem occurred before a fresh installation of Windows 11 and not long after. The same issue.

techcow2 avatar Aug 01 '24 11:08 techcow2

Narrowed this issue down to a problem with my computer, not the fault of AdGuard VPN. I'm sorry for the false alert.

techcow2 avatar Aug 03 '24 22:08 techcow2