[nsp-sec] 188.72.198.251 (AS28753)
Thomas Hungenberg
th.lab at hungenberg.net
Fri Apr 8 03:24:31 EDT 2011
Mike Tancsa schrieb:
> ----------- nsp-security Confidential --------
>
> Anyone have any info on this IP ? It was a common denominator in a
> number of local endpoints that seem to have been infected via (I think,
> but am not certain yet) banner ads from a couple of news sites
188.72.198.0/24 has previously been associated with Bredolab and FakeAV:
http://vil.nai.com/vil/content/v_377509.htm
http://threatexpert.com/report.aspx?md5=fe93dcad9913fcb97c6b91241230b934
If you have further details, I can contact Netdirekt (AS28753) on this.
- Thomas
CERT-Bund Incident Response & Anti-Malware Team
More information about the nsp-security
mailing list