How does this advertising website works?

woomera

Level 7
Thread author
Verified
Jan 15, 2012
594
ok so ive been having trouble blocking a certain AD website, a pop-up, new window ad site 888.com.
ive seen it also as poker888.com or 888poker.com and media.888.com.
interesting thing is i set EAM to block it, doesnt work then moved to Comodo and saw no diff.
thought maybe their drivers are broken and they just dead so i tried blocking malwaretips.com (just for test :p ) and it worked so i opened up cmd and typed "nslookup media.888.com" the result was "10.118.0.1" which is the weird part and the reason comodo nor EAM are able to block this i guess.
so how does this website work? why cant i block it but the hostname? and how the heck they are using a private ip address for a website?
im guessing they are hosting this on a private network and nslookup returning the ip if the actual server and not their gateway? but then gateways NAT these routing's and i should see the gateway ip and not the server right?
 

iPanik

New Member
Feb 28, 2011
530
I get an entirely different ip when i ping that server.

Udklip.PNG


What kind of network are you on?
 

woomera

Level 7
Thread author
Verified
Jan 15, 2012
594
im connected to my vpn server but that shouldnt make any difference, should it?
 

iPanik

New Member
Feb 28, 2011
530
Then i would bet, that address belongs to the vpn service's ad network.
Have you tried using a different DNS server?
Try pinging the site while having the dns set to something like Google's Public DNS @ 8.8.8.8, 8.8.4.4
 

woomera

Level 7
Thread author
Verified
Jan 15, 2012
594
actually i never use the default dns server either from my ISP or the VPN server's but i guess they have the ability to redirect me wherever they want or show pop-ups like this.
but then these questions pops in my head, why didnt adblock / scriptno block these? even the comodo dragon built-in popup blocker!
only alert i got was from wot which kinda blocked the website but i could see the whole websites content behind the blurred area so they are already loaded.
 

woomera

Level 7
Thread author
Verified
Jan 15, 2012
594
i have 888.com , media.888.com , 10.118.0.0/24 all in comodo block list but im still able to open this website
 

woomera

Level 7
Thread author
Verified
Jan 15, 2012
594
tnx for the advice, im reading its syntax tutorial now to figure out how to do it
 

woomera

Level 7
Thread author
Verified
Jan 15, 2012
594
adblock filter didnt work.

iPanik said:
I get an entirely different ip when i ping that server.

Udklip.PNG


What kind of network are you on?
this is really weird, when im on my vpn i get the ip of 10.118.0.1 which is my vpn server dns server and when i disconnect and are on a regular connection the nslookup return my own ip address which is 192.168.10.3.
check the hosts file but its clean.
tried to open it with IE and see the ip address ie connects to and its 208.111.128.7 so i put it in comodo block list and re-opened ie, tried to open the website and still able to. check the ip again that ie is connected to and its the same.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top