PimpMyClicks.com?

Discussion in 'malware problems & news' started by Snoop3, Feb 27, 2013.

Thread Status:
Not open for further replies.
  1. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    just wondering what this is. PeerBlock blocked a connection to this site and it said one IP was 239.255.255.250 on UDP port 1900 and the other was 127.0.0.1, which i thought was my own computer but i look up "pimpmyclicks.com" here:

    http://www.webtoolhub.com/tn561350-reverse-ip-domain-lookup.aspx

    and it says the IP for that domain is 127.0.0.1 o_O


    anyway i've been trying to get a DNS caching program to work correctly and the address it says to use for it is 127.0.0.1 so i thought that might be it but that domain sounds kind of suspicious.

    any ideas?
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,727
    Location:
    localhost
    Probably IANA killed it assigning to the domain a non-routable address :)
    Or the domain just expired and was not re-newed. From a quick search it seems that this was originally an adult site :ninja:
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Domain Name: PIMPMYCLICKS.COM
    Registrar: CRONON AG
    Whois Server: whois.cronon.net
    Referral URL: http://www.cronon.net
    Name Server: WNS1.NS-SERVE.NET
    Name Server: WNS2.NS-SERVE.NET
    Status: ok
    Updated Date: 01-oct-2012
    Creation Date: 30-sep-2005
    Expiration Date: 30-sep-2013

    -------------------------------------------------------
    pimpmyclicks.com@wns1.ns-serve.net.:

    pimpmyclicks.com. 600 IN A 127.0.0.1

    pimpmyclicks.com@wns2.ns-serve.net.:

    pimpmyclicks.com. 600 IN A 127.0.0.1
     
  4. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474

    ok, but what's happening on my computer then? seems like this 239.255.255.250 address is used by uPnP and not really a valid IP address. i think i've since disabled uPnP with a GRC freeware program. i'm just wondering if i have a piece of malware that's trying to redirect some of my traffic and get paid for it. or maybe the free DNS caching program i'm trying to figure out is doing this.


    does this mean the same thing - IANA killed the site?
     
    Last edited: Feb 27, 2013
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,727
    Location:
    localhost
    Not sure how you link that web site with the IPs you mention. Both of them are non routable addresses. 239.255.255.250 is used for multicasting by uPnP. If PeerBlock is correct and the call was really to that site than better you investigate which software or component is calling out. To do so you will probably need to turn ON uPnP and check... not an expert on network connection so I cannot help with more specific suggestions. :)
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    It means that the people who have control over the DNS records for PIMPMYCLICKS.COM have configured things so that someone asking for the IP Address of PIMPMYCLICKS.COM will be given an answer of: 127.0.0.1. That IP Address... 127.0.0.1... is a loopback address on the *local* computer. IOW, if you ping or try to connect to PIMPMYCLICKS.COM you will end up pinging or trying to connect to 127.0.0.1 aka your own computer.
     
  7. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    how can they do that? i thought the DNS stuff was supposed to be above board and public record o_O
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,727
    Location:
    localhost
    Most probably they did not pay the bill :)
    You should not worry about how they got 127.0.0.0 but rather checking your system for malware and/or spyware. Go to specialise volunteers malware analyst and post your logs. eg. at bleepingcomputer.com

    Don't be tempted into the "doing it myself". You will never know if you are really clean or not. ;)
     
Thread Status:
Not open for further replies.