First some good news (via the WaPo Security Fix blog): well known black hat web host UkrTeleGroup appears to have vanished from the internet. The bad news is that seems to have morphed into a company called Internet Path which is masquerading as a US company.
Unfortunately, it does not appear that this is an Atrivo / McColo / Estdomains style situation where the bad guys are permanently shut down.. yet. But perhaps continued pressure on upstream providers might have some effect.. who knows?
Oh yeah?? Well then why am I still seeing this when I run tcpdump:
ReplyDelete00:01:08.972388 IP 85.255.112.190.static.ukrtelegroup.com.ua.domain > 192.168.0.46.59234: 27671 2/0/0 CNAME[|domain]
Looks like it's alive and well.