[nsp-sec] Stolen FTP credentials ACK AS209 for Qwest.

Hicks, Howard Howard.Hicks at qwest.com
Tue Apr 19 09:19:01 EDT 2011 

209   | 184.97.43.31    | US | 184.97.43.31              | dream            | dr****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 184.97.46.107   | US | 184.97.46.107             | dream            | dr****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 184.97.50.202   | US | 184.97.50.202             | dream            | dr****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 204.26.80.92    | US | support.direct-tech.com   | ftpaccessro      | cl****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 209.181.232.194 | US | 209.181.232.194           | jasont           | br****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 209.181.232.194 | US | 209.181.232.194           | services         | pa****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 216.161.120.197 | US | 216.161.120.197           | dream            | dr****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 63.150.179.7    | US | ftp.tuxedowholesaler.com  | tuxedowholesaler | t1****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 63.150.42.36    | US | intranet.futureus.com     | root             | pR****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 63.227.49.141   | US | 63.227.49.141             | root             | fi****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 63.233.66.235   | US | 63.233.66.235             | alpayftpuser8    | an****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 65.112.21.16    | US | reflexisinc.com           | poona            | 0f****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 65.112.21.17    | US | ftp.reflexisinc.com       | poona            | 0f****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 65.123.12.5     | US | ftp.alientechnology.com   | aliendev         | $r****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 65.124.187.165  | US | ftp.esteban.com           | wtcmemorial-open | bo****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 66.77.246.5     | US | ftp5.missc.net            | njtransit        | @n****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 66.77.86.174    | US | serve.com                 | arkwebsite       | Ke****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 67.132.200.142  | US | ftp.valvesoftware.com     | hlserver         | hl****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 67.133.154.164  | US | SFTP.gtlic.com            | cperri           | cp****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 67.135.30.220   | US | ftp.inttraworks.inttra.com | u1896808         | u1****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 71.36.28.115    | US | ftp.thorneprint.com       | upload at thorneprint.com | th****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 72.164.193.41   | US | ftp.cashcentral.com       | malcolm          | ze****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 72.164.193.53   | US | cclog.cashcentral.com     | root             | cc****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 72.164.94.214   | US | fvpparts.com              | fvpweb           | fv****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 75.167.54.195   | US | 75.167.54.195             | Affilates        | Ha****** | ASN-QWEST - Qwest Communications Company, LLC
209   | 97.125.164.220  | US | 97.125.164.220            | dream            | dr****** | ASN-QWEST - Qwest Communications Company, LLC>

--

Howard Hicks


> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Thomas Hungenberg
> Sent: Tuesday, April 19, 2011 3:09 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Stolen FTP credentials
>
> ----------- nsp-security Confidential --------
>
> Hi,
>
> please find below a list of stolen FTP login credentials
> found in several lists
> on a server used for malicious activity. Unfortunately, I
> don't have information
> on when and how the credentials were stolen, but the
> filenames and timestamps
> of the lists indicate that they were harvested earlier this month.
>
> Format: ASN | IP | CC | hostname | username | sanitized
> password | AS desc
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

More information about the nsp-security mailing list