[nsp-sec] ACK 174 RE: Stolen FTP credentials
Shelton, Steve
sshelton at Cogentco.com
Tue Apr 19 06:18:33 EDT 2011
ACK for 174, thanks!
Steve Shelton
Sec Engineer
Cogent Communications
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Thomas
Hungenberg
Sent: Tuesday, April 19, 2011 4:09 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] Stolen FTP credentials
----------- nsp-security Confidential --------
Hi,
please find below a list of stolen FTP login credentials found in
several lists
on a server used for malicious activity. Unfortunately, I don't have
information
on when and how the credentials were stolen, but the filenames and
timestamps
of the lists indicate that they were harvested earlier this month.
Format: ASN | IP | CC | hostname | username | sanitized password | AS
desc
- Thomas
CERT-Bund Incident Response & Anti-Malware Team
174 | 130.117.40.98 | US | public.ecafe.hercules.com | usr-ecafe-wd1
| gc****** | COGENT Cogent/PSI
174 | 130.117.93.14 | US | ftp.nunvelaobras.es |
nunvelaobras at nunvelaobras.es | US****** | COGENT Cogent/PSI
174 | 130.117.93.46 | US | ftp.rgbmultimedia.es |
rgbmultimedia at rgbmultimedia.es | N6****** | COGENT Cogent/PSI
174 | 149.7.211.227 | US | mail.glamoo.com | web1
| gl****** | COGENT Cogent/PSI
174 | 149.7.211.235 | US | ws-test.glamoo.com | web1
| gl****** | COGENT Cogent/PSI
174 | 149.7.211.237 | US | ws.glamoo.com | root
| wa****** | COGENT Cogent/PSI
174 | 149.7.211.237 | US | ws.glamoo.com | web1
| ja****** | COGENT Cogent/PSI
174 | 194.36.166.14 | EU | ftp.ocsa-data.net | jack_ot
| ja****** | COGENT Cogent/PSI
174 | 194.36.166.14 | EU | ftp.ocsa-data.net |
visuland.eoweo.com | au****** | COGENT Cogent/PSI
174 | 194.36.166.41 | EU | node1-5.ocsa-data.net | ghalem
| va****** | COGENT Cogent/PSI
174 | 194.36.166.41 | EU | node1-5.ocsa-data.net |
newvisuland.ouvaton.org | au****** | COGENT Cogent/PSI
174 | 194.36.166.41 | EU | node1-5.ocsa-data.net | stephane_ftp
| va****** | COGENT Cogent/PSI
174 | 194.36.166.41 | EU | node1-5.ocsa-data.net |
visuland.eoweo.com | pa****** | COGENT Cogent/PSI
174 | 194.36.166.41 | EU | visuland.eoweo.com |
ftp.ocsa-data.net | va****** | COGENT Cogent/PSI
174 | 194.36.166.42 | EU | node1-6.ocsa-data.net |
newvisuland.ouvaton.org | au****** | COGENT Cogent/PSI
174 | 194.36.166.42 | EU | node1-6.ocsa-data.net |
visuland.eoweo.com | va****** | COGENT Cogent/PSI
174 | 199.30.138.69 | US | demoswebsite.net |
mps at demoswebsite.net | mp****** | COGENT Cogent/PSI
174 | 38.101.216.195 | US | ftp.spunlogic.net |
client.vangogh | v0****** | COGENT Cogent/PSI
174 | 38.101.236.49 | US | 38.101.236.49 | shenyun.DJY
| O&****** | COGENT Cogent/PSI
174 | 38.102.41.117 | US | ftp.real-estate.bluechiphosting.com |
realesta | AZ****** | COGENT Cogent/PSI
174 | 38.102.65.160 | US | ftpjcb1.jcb.ca |
acces7482_pharmaprix | sw****** | COGENT Cogent/PSI
174 | 38.108.74.155 | US | 38.108.74.155 | jerrytcsi
| ma****** | COGENT Cogent/PSI
174 | 38.117.238.8 | US | Outpost.clinedavis.com | epogen
| pa****** | COGENT Cogent/PSI
174 | 38.117.97.10 | US | padidehjavid.com |
padidehjavid.com | wt****** | COGENT Cogent/PSI
174 | 38.118.192.181 | US | www.thejmg.com | thehmg
| jm****** | COGENT Cogent/PSI
174 | 38.118.192.181 | US | www.thejmg.com | thejmg
| jm****** | COGENT Cogent/PSI
174 | 80.91.76.33 | EU | 80.91.76.33 | root
| 1X****** | COGENT Cogent/PSI
174 | 80.91.92.5 | EU | ftp.camineo.info | camineo
| ga****** | COGENT Cogent/PSI
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list