Sponsored by..

Friday 8 February 2013

radarsky.biz and something evil on 5.135.67.160/28

There is currently an injection attack redirecting visitors to a domains radarsky.biz (for example) hosted on 5.135.67.173 (OVH) and suballocated to:

inetnum:        5.135.67.160 - 5.135.67.175
netname:        MMuskatov-FI
descr:          MMuskatov
country:        FI
org:            ORG-OH6-RIPE
admin-c:        OTC15-RIPE
tech-c:         OTC15-RIPE
status:         ASSIGNED PA
mnt-by:         OVH-MNT
source:         RIPE # Filtered


 "MMuskatov" was involved in this attack too, and a quick inspection of 5.135.67.160/28 doesn't look promising, you might want to block it and 5.135.67.144/28 and 5.135.67.192/28 as well. A deeper analysis is in progress.

No comments: