[nsp-sec] FTP dropzones

Fri Jul 17 04:47:55 EDT 2009

Hi teams,

please find below a list of FTP accounts used as malware dropzones:

6405    | 205.134.162.147  | US | sendemail:XXXXXXXX at sendemail.justfree.com | AIN - AiNET Corporation
6939    | 66.220.9.50      | US | aaron6k:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | akhiljain:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | alucard2603:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | discrude:XXXXXXXX at 66.220.9.50 | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | legend123490:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | lenney:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | reowin97:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | rpg2009:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | scoot021:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | Xyzeffect:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
6939    | 66.220.9.50      | US | ZhiZha:XXXXXXXX at ftp.drivehq.com | HURRICANE - Hurricane Electric, Inc.
7385    | 209.63.57.4      | US | kosmo55.0catch.com:XXXXXXXX at www.0catch.com | INTEGRATELECOM - Integra Telecom, Inc.
10297   | 209.190.85.248   | US | free_3760641:XXXXXXXX at ftp.serverland.co.cc | COLUMBUSNAP - The Columbus Network Access Point, Inc.
11388   | 66.40.52.58      | US | pusmar:XXXXXXXX at stealerby.freehostia.com | MAXIM - Peer 1 Dedicated Hosting
11388   | 66.40.52.5       | US | asdasd9695:XXXXXXXX at ftp.100webspace.net | MAXIM - Peer 1 Dedicated Hosting
11388   | 66.40.52.7       | US | marale911:XXXXXXXX at ptrworm.100webspace.net | MAXIM - Peer 1 Dedicated Hosting
11798   | 69.89.27.220     | US | mahalkan at exebilisim.net:XXXXXXXX at ftp.exebilisim.net | BLUEHOST-AS - Bluehost Inc.
12993   | 193.108.185.35   | LV | snapshots:XXXXXXXX at snapshots.times.lv | DEAC-AS Digitalas Ekonomikas Attistibas Centrs Autonomous System
13760   | 74.114.116.115   | US | steams:XXXXXXXX at steams.hostaim.com | SOUTHERN-LIGHT - Southern Light, LLC
19066   | 96.30.11.108     | US | logs at wr3zhoster.com:XXXXXXXX at modmy.net | WIREDTREE - Cogswell Enterprises Inc.
19318   | 66.45.237.221    | US | billa1.t35.com:XXXXXXXX at ftp.t35.com | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
19318   | 66.45.237.221    | US | hexen23.t35.com:XXXXXXXX at 66.45.237.221 | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
19318   | 66.45.237.221    | US | projectwww.t35.com:XXXXXXXX at ftp.t35.com | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
21844   | 174.132.227.58   | US | zdasdqwe123 at mesazhiislam.org:XXXXXXXX at ftp.mesazhiislam.org | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
26277   | 216.108.235.203  | US | a5718666:XXXXXXXX at tropicslurewithdez.netau.net | PREMIANET - A+Hosting, Inc.
26277   | 216.108.239.5    | US | a1666211:XXXXXXXX at manoaukos.netii.net | PREMIANET - A+Hosting, Inc.
28271   | 201.33.17.110    | BR | inforvoip.t5.com.br:XXXXXXXX at inforvoip.t5.com.br | DataCorpore Serviços e Representações
32748   | 208.100.61.101   | US | dcornel:XXXXXXXX at cornel.ucoz.com | STEADFAST - NoZone, Inc.
33182   | 66.7.199.205     | US | miwese:XXXXXXXX at 66.7.199.205 | DIMENOC---HOSTDIME - HostDime.com, Inc.
40676   | 199.71.213.149   | US | new at dhintaana.net:XXXXXXXX at ftp.dhintaana.net | PSYCHZ - Psychz Networks
42831   | 78.110.164.147   | GB | logs at mykillz.com:XXXXXXXX at mykillz.com | UKSERVERS-AS UK Dedicated Servers Limited
43470   | 194.24.174.34    | PL | soldiers:XXXXXXXX at soldiers.jor.pl | NETWORK-COMMUNICATION NETWORK-COMMUNICATION AS Number
44557   | 194.8.74.120     | RU | leb4life1 at directransfer.net:XXXXXXXX at 194.8.74.120 | DRAGONARA Dragonara Alliance Ltd

     - Thomas

CERT-Bund Incident Response & Anti-Malware Team