[nsp-sec] ACK 174 RE: Stolen FTP credentials

Shelton, Steve sshelton at Cogentco.com
Tue Feb 15 08:58:33 EST 2011 

Thanks!

Steve Shelton
Sec Engineer
Cogent Communications

-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dirk Stander
Sent: Tuesday, February 15, 2011 8:35 AM
To: Nsp-Security
Subject: [nsp-sec] Stolen FTP credentials

----------- nsp-security Confidential --------

Hi Teams,

please find attached a list of stolen FTP-credentials, which have
been used to inject IFrames (pointing to visions7[.]net or axstat[.]com)
into legitimate web sites.

The format of the list is:
<ASN> | <IP> | <CC> | <domain name> <user> <pass> | <AS desc>

    kind regards, Dirk Stander (1&1 Internet AG) :.


174 | 149.13.20.19 | US | www.eutdh.cat eutdh eut***** | COGENT
Cogent/PSI
174 | 149.13.20.19 | US | www.esaged.com esaged esa***** | COGENT
Cogent/PSI
174 | 149.7.112.144 | US | ftp.creation-club.de agentur1 age***** |
COGENT Cogent/PSI
174 | 149.7.32.231 | US | 149.7.32.231 seatwave Cpy***** | COGENT
Cogent/PSI
174 | 205.146.68.2 | US | ftp.verticalsol.com admin vsi***** | COGENT
Cogent/PSI
174 | 212.20.142.180 | EU | www.oeko-komp.de web8 ytl***** | COGENT
Cogent/PSI
174 | 212.20.149.208 | EU | 212.20.149.208 twasewitz kol***** | COGENT
Cogent/PSI
174 | 213.146.184.34 | EU | 213.146.184.34 flexiisn fle***** | COGENT
Cogent/PSI
174 | 38.102.41.117 | US | willndaves.bluechiphosting.com willndav
foD***** | COGENT Cogent/PSI
174 | 38.105.71.231 | US | dropbox.teamgroup.tv ssg_rbittman voi***** |
COGENT Cogent/PSI
174 | 38.108.88.78 | US | jesuismontreal.com root abc***** | COGENT
Cogent/PSI
174 | 38.112.61.95 | US | 38.112.61.95 elonii kir***** | COGENT
Cogent/PSI
174 | 38.113.244.221 | US | ftp.murrish00.addr.com murrish0 Gen***** |
COGENT Cogent/PSI
174 | 38.117.170.115 | US | ftp.sterling-sound.com machine8181 735*****
| COGENT Cogent/PSI
174 | 38.117.185.168 | US | ftp.ibi.com INCOMINGFTP ibi***** | COGENT
Cogent/PSI
174 | 38.117.185.168 | US | ftp.ibi.com sr12616 new***** | COGENT
Cogent/PSI
174 | 38.117.204.210 | US | 38.117.204.210 vps ope***** | COGENT
Cogent/PSI
174 | 38.117.97.230 | US | ftp.mets.ir mets.ir k2B***** | COGENT
Cogent/PSI
174 | 38.117.98.202 | US | 38.117.98.202 anonymous ***** | COGENT
Cogent/PSI
174 | 38.119.86.101 | US | app4.agentimage.com rcatalan ro0***** |
COGENT Cogent/PSI
174 | 38.119.86.112 | US | app6.agentimage.com rcatalan ro0***** |
COGENT Cogent/PSI
174 | 38.119.86.31 | US | app1.agentimage.com msantos u3d***** | COGENT
Cogent/PSI
174 | 38.119.86.31 | US | app1.agentimage.com rcatalan ro0***** | COGENT
Cogent/PSI
174 | 38.96.193.32 | US | www.uniqueinternetservices.com tobody duf*****
| COGENT Cogent/PSI
174 | 38.98.237.102 | US | 38.98.237.102 ftpbelmaroil 100***** | COGENT
Cogent/PSI
174 | 38.98.237.102 | US | 38.98.237.102 nextmerchantinc 100***** |
COGENT Cogent/PSI
174 | 38.98.237.102 | US | 38.98.237.102 nextmerchantinc 100***** |
COGENT Cogent/PSI
174 | 38.98.237.102 | US | 38.98.237.102 scgftp 100***** | COGENT
Cogent/PSI
174 | 38.98.237.102 | US | ftp.mensclubatlido.com mcalftp 100***** |
COGENT Cogent/PSI
174 | 38.98.237.102 | US | ftp.aldenconstruction.com AldenConstruction
acf***** | COGENT Cogent/PSI
174 | 38.98.237.102 | US | ftp.bewellamerica.com ftpbewell ftp***** |
COGENT Cogent/PSI
174 | 38.98.237.102 | US | ftp.golfacademyvc.com golfacademyvc.com
100***** | COGENT Cogent/PSI
174 | 38.98.237.102 | US | ftp.journeyinward.com journeyinward.com
100***** | COGENT Cogent/PSI
174 | 38.98.237.102 | US | ftp.thenorthshoreanimalhospital.com nsahftp
nsa***** | COGENT Cogent/PSI
174 | 38.98.237.126 | US | www.sbcselpa.org sbcselpa but***** | COGENT
Cogent/PSI
174 | 81.2.144.250 | EU | 81.2.144.250 oll100 bas***** | COGENT
Cogent/PSI
174 | 81.2.144.253 | EU | 81.2.144.253 oll100 bas***** | COGENT
Cogent/PSI
174 | 81.2.171.93 | EU | 81.2.171.93 a700810 Fun***** | COGENT
Cogent/PSI
174 | 97.107.240.11 | US | jcftp.hold.com oceanview 85u***** | COGENT
Cogent/PSI


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________

More information about the nsp-security mailing list