After not being able to connect to: http://www.satinsubmissions.com … I decided to try a Trace Route
to see what was up. This site is a story site only, no porn on it. When I did the trace route yesterday,
the final location was an IPV4 address. I typed that address in the browser (Firefox 47.0.1 on Windows 10 Home
64) and it is going to a very bad, try to take over the computer type of web page. I did not get a problem as I killed Firefox with Task Manager, cleared all history and then restarted it. Avast did not pick up this as a problem.
Also for all users some advice: Be sure you turn off the Auto Session Restore in Firefox or next time you reopen it you would be right back to that same trouble page. The final IP is: 103.224.182.241
Not sure when or who may have hijacked that site.
it is going to a very bad, try to take over the computer type of web pagewas it a fake alert and call this number?
IP History https://virustotal.com/en/ip-address/103.224.182.241/information/
Not sure if a fake, but yes, it did have a call this number. The webpage first came up with a User Login Box, which could not be closed, nor could anything else (x on the tab did nothing) … As mentioned, was able to kill it with Task Manager.
Just figured the team should be aware of it.
There is only a ad when you go directly to that IP and it leads to this :
https://www.virustotal.com/en/url/8de5d15f766fbb3589bb4557971de0b872e253a20d07d1cdea1f11a1f2792f56/analysis/1477655021/
ABP is blocking the malicious ad.
I typed that address in the browserIf you remember the exact url, scan it at VT and post link to result here
I do not recall it. But it should be that IP address I put in the first post. It is possible maybe I mistyped it when I entered it in the web browser yesterday. Not going to try it again and possibly get in trouble.
-http://instantfwding.com/?dn=182.241&pid=7PO2UM885 is in Dr.Web malicious sites list!
-http://instantfwding.com/?dn=182.241&pid=7PO2UM885 is present in the Dr.Web database of unwanted sites!
polonus
The domain seems parked now. The IP you mentioned does indeed have many blocked domains parked on it, but doesn’t seem malicious per se.