Jump to content

222.73.186.213


MBAM OR SAS

Recommended Posts

Something you might wanna see...

Under "Clickstream"

http://www.alexa.com/siteinfo/991881.com

Anyone see something wrong with the "affiliate" sites there?

Also, on front page. "0.6% to t.991881.com" I can't see why it's there.

For all I can tell, it's a malicious site, but not up to me.

One more edit, contact information seems fake.

china, gd 525100,

gd

79817457 [at] qq.com

Again, another numeric domain?

OK, last one seriously, I was looking at some of the sites it links to, and found that most of 'em end with .ru or .cn or .cn, again all one letter and all numbers.

Link to post
Share on other sites

Based on what I've just seen from that site, I do not believe that would be a good idea. Aside from the drastically annoying popups that lead to phishing and dating sites, it also tried loading one site that attempted to load an exploit (to be fair, it wasn't 991881.com directly, but due to their popups). The domain the exploit attempted to come from is;

img.tongji.linezing.com

Which is also documented at;

http://www.who-is-who-in-gpt.com/forum/ind...showtopic=11081

/edit

Looking further shows 991881.com is a pirate site, and additionally, as mentioned by Noah, has obviously fake WhoIs data (I've reported the site for this).

Domain Name : 991881.com
PunnyCode : 991881.com


Registrant:
Organization : lee Hong
Name : lee Hong
Address : ZH.GD.CN
City : hz
Province/State : GD
Country : CN
Postal Code : 525100

Administrative Contact:
Name : Hong
Organization : lee Hong
Address : MM.GD.CN
City : MM
Province/State : GD
Country : CN
Postal Code : 525100
Phone Number : 86-0551-2361088
Fax : 86-0551-2361088
Email : ken623@21cn.com

Technical Contact:
Name : Hong
Organization : lee Hong
Address : MM.GD.CN
City : MM
Province/State : GD
Country : CN
Postal Code : 525100
Phone Number : --
Fax : --
Email : ken623@21cn.com

Billing Contact:
Name : Hong
Organization : lee Hong
Address : MM.GD.CN
City : MM
Province/State : GD
Country : CN
Postal Code : 525100
Phone Number : --
Fax : --
Email : ken623@21cn.com


WhoIs server: whois.paycenter.com.cn

Link to post
Share on other sites

Thanks for the information both mystery and noah.This site is actually a movie site that I have been using for some time.Never knew it was malicious.

As for the pop ups,I have blocked it using adblock plus and flash block so I should be fine.

Still want it to be unblocked because never had any problems on that site.

Link to post
Share on other sites

Thanks for the information both mystery and noah.This site is actually a movie site that I have been using for some time.Never knew it was malicious.

As for the pop ups,I have blocked it using adblock plus and flash block so I should be fine.

Still want it to be unblocked because never had any problems on that site.

Remember, most sites like this ARE malicious in some kind of shape and form!

Link to post
Share on other sites

What kind of a site is this second site?

Also, Exile recommended this site to me:

http://www.hulu.com/

Safe, free movie and TV viewing!!

So, use that if you wanna watch stuff :( Just thought I'd pass it along to you!

Ok.That site can remain blocked.

Now I'm receiving another warning about 121.9.234.233 while trying to visit so.56.com and I'm sure this is a false positive.

Link to post
Share on other sites

@ MBAM OR SAS

Unfortunately its probably similar to the situation that Mystery and Noah found on the first site...

Personally I'd just avoid movie and tv show sites unless you are viewing a movie or a tv show directly from the shows own website as they can be a hotspot for viruses, malware, etc...

Or for example, on usa network, some of the shows they have episodes online, like,

royalpains.usanetwork.com (just an example, not sure if that is the actual url or not)

For example, I watch Secret Life of the American Teenager (lol I know... haha) and if I miss an episode or want to see a sneek peek, I get it directly off of ABC familys official website... :(

Link to post
Share on other sites

Ok.That site can remain blocked.

Now I'm receiving another warning about 121.9.234.233 while trying to visit so.56.com and I'm sure this is a false positive.

Sadly, this is a well known malicious Chinese IP range. Whilst 121.8 and 121.9 are so far clear of malicious activity themselves, 121.10-13, which belong to the same range, have a plethora of malware and exploits. Until the ISP that owns this range, cleans this up, we cannot unblock them (as with most other Chinese ISP's, I've never been successful in getting a response from them).

Link to post
Share on other sites

Sadly, this is a well known malicious Chinese IP range. Whilst 121.8 and 121.9 are so far clear of malicious activity themselves, 121.10-13, which belong to the same range, have a plethora of malware and exploits. Until the ISP that owns this range, cleans this up, we cannot unblock them (as with most other Chinese ISP's, I've never been successful in getting a response from them).

Thanks for providing all these info.I'll just disable the ip protection for now until mbam includes an exclusion list.

Have a nice day :(

Link to post
Share on other sites

Please remove that picture from your signature as I keep getting pop ups with that signature displayed and this has been discussed in the avast! forum about your penchant for pictures in your signature:

http://forum.avast.com/index.php?topic=47926.0

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.