Hi rickyyeung,
I agree with you that the suspicious/malicious URI is not on that domain, I had to be more specific and say that there certainly are dubious contents at whatever is hosting "enter.wanwan4399.com". Someone from Taizhou node network should know
There is a proxy running there as SUPER USER 81/tcp open hosts2-ns? This leads somewhere to the internal networks.
Latest virus found from that IP:
https://www.virustotal.com/nl/file/4d28ef08091ceaa61ca5772d40aa90ed18048fc139371493acf1a7a9dcfb8e85/analysis/netblock.pedantic.org link dynamically-assigned reverse DNS entries
spam.pedantic.org
uribl.swinog.ch
ips.backscatterer.org
b.barracudacentral.org
ix.dnsbl.manitu.net
tor.dan.me.uk -All TOR nodes, entry & exit
torexit.dan.me.uk -Exit TOR nodes only.
virus-msrbl - Hosts found sending virus mails
phishing-msrbl - Hosts found sending phishing mails
images-msrbls - Hosts found sending mail contaning spam images
msrbl - All the msrbl lists combined
spamcop
rbl.efnetrbl.org -Hosts are added by our bots as users connect with hacked boxes and open proxies.
virbl - Lists 's that sent more than 2 virus in the last 24 hours
dev.null.dk ?
dialups.mail-abuse.org ?
dul.orca.bc.ca GONE
blackholes.five-ten-sg.com
spamsources.fabel.dk
sbl.spamhaus.org Direct UBE sources, verified spam services and ROKSO spammers
xbl.spamhaus.org Illegal 3rd party exploits, including proxies, worms and trojan exploits
polonus