Registrant:Their site is infected with injected code pointing to superkahn.ru:8080/index.php - probably the people who own media-servers.net know nothing about it, but they don't make it easy to be contacted.
Netposition Ltd.
POB 16041
Tel Aviv 61160
Israel
Domain Name: MEDIA-SERVERS.NET
Created on: 19-Sep-04
Expires on: 19-Sep-13
Last Updated on: 17-Feb-09
Administrative Contact:
Administrator, Domain domadmin@netposition.com
Netposition Ltd.
POB 16041
Tel Aviv 61160
Israel
+972.9723928600 Fax --
Technical Contact:
Administrator, Domain domadmin@netposition.com
Netposition Ltd.
POB 16041
Tel Aviv 61160
Israel
+972.9723928600 Fax --
superkahn.ru is registered to:
domain: SUPERKAHN.RU
type: CORPORATE
nserver: ns1.freeonlinednshost.com.
nserver: ns2.freeonlinednshost.com.
nserver: ns3.freeonlinednshost.com.
nserver: ns4.freeonlinednshost.com.
state: REGISTERED, DELEGATED, VERIFIED
person: Private Person
phone: +7 4912 219900
e-mail: dibs@freemailbox.ru
registrar: NAUNET-REG-RIPN
created: 2009.10.28
paid-till: 2010.10.28
source: TC-RIPN
This is multihomed on:
91.121.88.218 (OVH, Paris)
91.121.108.53 (OVH, Paris)
94.23.211.214 (OVH, Paris)
94.75.198.241 (Leaseweb, Amsterdam)
82.192.88.35 (Leaseweb, Amsterdam)
Websense report that this runs a variety of exploit attempts against unpatched Microsoft and Abode products. Quantcast figures say that almost a million US visitors access this site per month, so a lot more worldwide.
No comments:
Post a Comment