[nsp-sec] More stolen FTP credentials
Thomas Hungenberg
th.lab at hungenberg.net
Thu Feb 17 05:15:33 EST 2011
Hi teams,
please find below a list of stolen FTP credentials found in a malware dropzone.
According to the dropzone timestamps, the credentials have been stolen between
2011-02-12 and 2011-02-15.
- Thomas
CERT-Bund Incident Response & Anti-Malware Team
ASN | IP | hostname | CC | username | sanitized password | AS name
286 | 62.41.245.2 | 62.41.245.2 | NL | righton | k******* | KPN KPN Internet Backbone
1103 | 131.211.194.154 | sftp.students.hum.uu.nl | EU | 3342824 | 2******* | SURFNET-NL SURFnet, The Netherlands
1103 | 131.211.194.182 | ftp.students.let.uu.nl | EU | 3342824 | 2******* | SURFNET-NL SURFnet, The Netherlands
1103 | 131.211.194.182 | ftp.students.let.uu.nl | EU | Soliscom/3342824 | 2******* | SURFNET-NL SURFnet, The Netherlands
1103 | 145.19.3.172 | home.hz.nl | EU | hanr0002 | #******* | SURFNET-NL SURFnet, The Netherlands
3265 | 194.109.21.26 | ftp.xs4all.nl | NL | edemunck | a******* | XS4ALL-NL XS4ALL
3265 | 82.94.166.112 | ddjmusic2.inetactief.nl | NL | ftpddjmusic2 | h******* | XS4ALL-NL XS4ALL
3265 | 82.94.204.86 | ftp.marydemunckmortier.nl | NL | eugenedem | V******* | XS4ALL-NL XS4ALL
3265 | 82.94.205.71 | ddjmusic.inetactief.nl | NL | ftpddjmusic | 5******* | XS4ALL-NL XS4ALL
3265 | 83.163.253.104 | 83.163.253.104 | NL | Eus | e******* | XS4ALL-NL XS4ALL
3320 | 217.7.63.54 | 217.7.63.54 | DE | wastockkunden | V******* | DTAG Deutsche Telekom AG
3320 | 93.222.137.246 | intern.spacedave.net | DE | daniel | d******* | DTAG Deutsche Telekom AG
6245 | 205.178.145.156 | 02e8727.netsolhost.com | US | ftp1312669 | l******* | NETWORK-SOLUTIONS - InterNIC Registration Services
6724 | 81.169.145.156 | soma-project.de | DE | soma-project.de | y******* | STRATO STRATO AG
6724 | 81.169.145.87 | www.lommerbaan62.nl | DE | www.lommerbaan62.nl | x******* | STRATO STRATO AG
6724 | 85.214.243.213 | radiodreamtiger.net | DE | rene24inc | q******* | STRATO STRATO AG
6824 | 86.39.128.132 | ftp.schoonheidssalon-lilla.be | BE | admin at schoonlilla | s******* | ALTERCOM-NETWORK Altercom N.V. Belgian IP Network
6824 | 86.39.128.132 | www.shammyspub.be | BE | admin at shammyspub | s******* | ALTERCOM-NETWORK Altercom N.V. Belgian IP Network
6824 | 86.39.128.134 | www.britishness.be | BE | britishn | L******* | ALTERCOM-NETWORK Altercom N.V. Belgian IP Network
6824 | 86.39.128.140 | www.intraweb.be | BE | intraweb | V******* | ALTERCOM-NETWORK Altercom N.V. Belgian IP Network
6824 | 86.39.128.160 | ftp.thepoliceparties.be | BE | thepolic | B******* | ALTERCOM-NETWORK Altercom N.V. Belgian IP Network
6824 | 86.39.128.160 | www.Heyens.be | BE | heyens | F******* | ALTERCOM-NETWORK Altercom N.V. Belgian IP Network
8455 | 91.217.56.69 | ftp.betteroptionsllp.nl | NL | better | b******* | ATOM86-AS ATOM86 Autonomous System
8455 | 95.142.107.247 | ftp2.ddjmusic.com | NL | ddjmusicedemunck | D******* | ATOM86-AS ATOM86 Autonomous System
8560 | 74.208.73.182 | 74.208.73.182 | US | administrator | D******* | ONEANDONE-AS 1&1 Internet AG
8560 | 74.208.73.182 | 74.208.73.182 | US | johnreidcars | c******* | ONEANDONE-AS 1&1 Internet AG
8560 | 74.208.73.182 | andchicago.com | US | andchicago | c******* | ONEANDONE-AS 1&1 Internet AG
8560 | 74.208.73.182 | interstateenergyservices.com | US | administrator | D******* | ONEANDONE-AS 1&1 Internet AG
8560 | 74.208.73.182 | www.andchicago.com | US | ANDuser | j******* | ONEANDONE-AS 1&1 Internet AG
8560 | 82.165.50.2 | kreditbetrugpolizei.de | DE | p62166160 | s******* | ONEANDONE-AS 1&1 Internet AG
8560 | 87.106.25.212 | sd-technologies.de | DE | consultant | s******* | ONEANDONE-AS 1&1 Internet AG
8560 | 87.106.25.212 | sd-technologies.de | DE | gewofag | s******* | ONEANDONE-AS 1&1 Internet AG
8560 | 87.106.25.212 | sd-technologies.de | DE | installshield2010 | s******* | ONEANDONE-AS 1&1 Internet AG
8560 | 87.106.25.212 | sd-technologies.de | DE | LV1871 | f******* | ONEANDONE-AS 1&1 Internet AG
8560 | 87.106.25.212 | sd-technologies.de | DE | peter.jancke | l******* | ONEANDONE-AS 1&1 Internet AG
8560 | 87.106.25.212 | sd-technologies.de | DE | Transfer | !******* | ONEANDONE-AS 1&1 Internet AG
8560 | 87.106.25.212 | test.sd-technologies.org | DE | peter.jancke | l******* | ONEANDONE-AS 1&1 Internet AG
8737 | 213.75.8.43 | home.kpnplanet.nl | NL | j.heuvelman1 at kpnplanet.nl | Z******* | PT KPN Internet Solutions
8737 | 213.75.8.43 | home.kpnplanet.nl | NL | j.heuvelman1 | Z******* | PT KPN Internet Solutions
8737 | 81.204.42.155 | 81.204.42.155 | NL | mano | d******* | PT KPN Internet Solutions
8737 | 81.204.42.155 | 81.204.42.155 | NL | ranbdolph | 7******* | PT KPN Internet Solutions
8972 | 188.138.88.53 | xray599.server4you.de | DE | root24inc | q******* | PLUSSERVER-AS PlusServer AG, Germany
8972 | 62.75.175.6 | euve10992.vserver.de | DE | root | n******* | PLUSSERVER-AS PlusServer AG, Germany
8972 | 62.75.193.179 | ftp.rapid-hoster.goracer.de | DE | f109828 | k******* | PLUSSERVER-AS PlusServer AG, Germany
11388 | 66.40.52.177 | www.mybestmediasearch.com | US | ajipra67_freehostia.com | m******* | MAXIM - Peer 1 Dedicated Hosting
12322 | 212.27.63.3 | ftpperso.free.fr | FR | evilrofl | c******* | PROXAD Free SAS
12414 | 212.45.52.209 | sbh87.cervus.nl | NL | sbh8740 | d******* | NL-SOLCON SOLCON
12859 | 213.154.243.22 | 213.154.243.22 | NL | bellen | 0******* | NL-BIT BIT BV
12994 | 213.188.129.113 | www.magenco.nl | NO | w08001581 | N******* | Active ISP AS
12994 | 213.188.129.141 | www.freenergy.net | NO | w09262740 | j******* | Active ISP AS
13184 | 85.176.21.135 | daparadox.dyndns.org | DE | leech | l******* | HANSENET HanseNet Telekommunikation GmbH
13301 | 213.202.225.40 | ftp.biohazard123.bi.ohost.de | DE | biohazard123 | k******* | UNITEDCOLO-AS Autonomous System of unitedcolo.de
13301 | 213.202.225.41 | egrokiller123.eg.ohost.de | DE | egrokiller123 | k******* | UNITEDCOLO-AS Autonomous System of unitedcolo.de
13301 | 213.202.225.41 | ftp.egrokiller123.eg.ohost.de | DE | egrokiller123 | k******* | UNITEDCOLO-AS Autonomous System of unitedcolo.de
13301 | 213.202.225.41 | ftp.egrokiller123.eg.ohost.de | DE | Egrokiller123 | m******* | UNITEDCOLO-AS Autonomous System of unitedcolo.de
13301 | 213.202.225.74 | yukay0ne.yu.funpic.de | DE | yukay0ne | 0******* | UNITEDCOLO-AS Autonomous System of unitedcolo.de
13301 | 213.202.225.74 | yukii66.yu.funpic.de | DE | yukii66 | 0******* | UNITEDCOLO-AS Autonomous System of unitedcolo.de
14116 | 69.49.96.13 | ftp.stellartradingsystems.com | US | stellarftp.stellartradingsystems.com | s******* | INFB-AS - InternetNamesForBusiness.com
15598 | 89.31.143.200 | ws.udag.de | DE | 55410.webmaster | s******* | IP-EXCHANGE IP Exchange GmbH
16131 | 217.67.238.19 | www.safe4data.nl | NL | web191_admin | r******* | GRAFIX-IS Datahouse Alphen aan den Rijn B.V.
16237 | 217.115.202.135 | ftp.venga-business.com | NL | martvandestadt | 8******* | NXS Nxs Internet BV
16265 | 85.17.134.4 | heuvelman.woelmuis.nl | NL | heuvelman | d******* | LEASEWEB LEASEWEB AS
19262 | 71.246.227.3 | ftp.krv72.com | US | eric | p******* | VZGNI-TRANSIT - Verizon Online LLC
19262 | 71.246.227.3 | krv72.com | US | eric | p******* | VZGNI-TRANSIT - Verizon Online LLC
20773 | 80.237.132.117 | lameli.de | DE | ftp1076466-Chrysler | M******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20773 | 80.237.132.117 | lameli.de | DE | ftp1076466-Elke | F******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20773 | 80.237.132.117 | www.lameli.de | DE | 139786 | F******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20773 | 80.237.132.117 | www.lameli.de | DE | ftp1076466-chrysler | M******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20773 | 80.237.133.31 | www.khcomputersysteme.de | DE | ftp10603517-heider | h******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20773 | 80.237.133.31 | www.khcomputersysteme.de | DE | ftp10603517 | h******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20773 | 80.237.133.31 | www.khcomputersysteme.de | DE | ftp41810 | h******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20773 | 80.237.136.138 | ftp.hosteurope.de | DE | ftp41810 | R******* | HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
20825 | 178.203.197.222 | wvw2244.dyndns.org | DE | ftpuser | w******* | UNITYMEDIA Unitymedia NRW GmbH
20969 | 80.79.43.45 | ftp.100p.nl | NL | upload | j******* | NOB-AS Autonomous System of Technicolor NL (formerly NOB)
21155 | 81.4.97.172 | ftp.stoerehelden.nl | NL | md162363 | 8******* | ASN-PROSERVE ProServe B.V. Networks
21155 | 81.4.97.172 | ftp.stoerehelden.nl | NL | md162363 | N******* | ASN-PROSERVE ProServe B.V. Networks
21155 | 83.172.154.101 | emielvandijk.nl | NL | emieldnl | 2******* | ASN-PROSERVE ProServe B.V. Networks
21844 | 174.120.233.220 | www.gorichfast.com | US | gorich99 | k******* | THEPLANET-AS - ThePlanet.com Internet Services, Inc.
24940 | 188.40.119.82 | 188.40.119.82 | DE | khagemann | M******* | HETZNER-AS Hetzner Online AG RZ
24940 | 188.40.135.18 | pornofreaks.square7.ch | DE | pornofreaks | 0******* | HETZNER-AS Hetzner Online AG RZ
25151 | 85.158.203.62 | www.bfts.nl | NL | bftsnl | c******* | CYSO-AS Cyso Hosting B.V., Alkmaar, The Netherlands
25180 | 83.244.212.250 | 83.244.212.250 | GB | betteroptions | b******* | EXPONENTIAL-E-AS Exponential-e Ltd
25504 | 83.243.58.142 | nfmk.org | DE | nfmk-org | n******* | CRONON-AS Vautron AG
25542 | 94.126.70.12 | ftp.musicplease.nl | NL | umusic49 | k******* | DENIT-AS Denit Internet Services B.V.
25542 | 94.126.70.16 | soulradio.nl | NL | ouoidar657 | y******* | DENIT-AS Denit Internet Services B.V.
29686 | 85.190.39.216 | gabi.radiodreamtiger.server-login.name | DE | web0 | q******* | PROBENETWORKS-AS Probe Networks
29686 | 85.190.43.244 | 85.190.43.244 | DE | r1_U10104-sub1866 | q******* | PROBENETWORKS-AS Probe Networks
31400 | 84.200.12.240 | 84.200.12.240 | DE | root | m******* | ACCELERATED-IT Accelerated IT Services GmbH
32475 | 69.175.104.34 | gameeiland.x10.mx | US | rogiervm | g******* | SINGLEHOP-INC - SingleHop
32613 | 72.55.160.234 | ftp.graps.nl | CA | graps | K******* | IWEB-AS - iWeb Technologies Inc.
32613 | 72.55.160.234 | ftp.graps.nl | CA | graps_klant | w******* | IWEB-AS - iWeb Technologies Inc.
32613 | 72.55.160.234 | ftp.levabeltrading.com | CA | levabeltrading | p******* | IWEB-AS - iWeb Technologies Inc.
34309 | 85.131.153.107 | 85.131.153.107 | DE | ni2868_2 | s******* | LINK11 Link11 GmbH
35028 | 85.236.96.5 | gmgamerz.gaming.multiplay.co.uk | GB | futureforce | h******* | MULTIPLAY Multiplay AS Number
35470 | 178.18.82.184 | ftp.pro-pc.nl | NL | pro-pc_nl | W******* | XL-AS XL Network
42513 | 88.133.11.91 | raiker.dyndns.org | DE | raiker | p******* | TELEVERSA-AS Televersa Online GmbH
48635 | 109.72.87.214 | ftp.pcextreme.nl | NL | cenc.megabed.nl | z******* | PCEXTREME PCextreme B.V.
48635 | 109.72.87.214 | ftp.pcextreme.nl | NL | login.hanraads.org | y******* | PCEXTREME PCextreme B.V.
48635 | 109.72.87.214 | ftp.pcextreme.nl | NL | root.invlissingen.com | G******* | PCEXTREME PCextreme B.V.
48635 | 109.72.87.214 | ftp.pcextreme.nl | NL | school.hanraads.org | O******* | PCEXTREME PCextreme B.V.
49544 | 188.122.76.142 | cafehethaventje.nl | NL | HAVENTJE | N******* | INTERACTIVE3D-AS Interactive3D
49544 | 188.122.76.143 | ftp.cafehethaventje.nl | NL | HAVENTJE at cafehethaventje.nl | N******* | INTERACTIVE3D-AS Interactive3D
49544 | 188.122.76.143 | FTP.cafehethaventje.nl | NL | HAVENTJE | N******* | INTERACTIVE3D-AS Interactive3D
49544 | 213.163.82.165 | ftp.dijk.dk | NL | guidodijk | O******* | INTERACTIVE3D-AS Interactive3D
51468 | 193.202.110.191 | ftp.vd-hurk.nl | DK | vd-hurk | j******* | ONECOM One.com A/S
51468 | 193.202.110.191 | ftp.vd-hurk.nl | DK | vd-hurk.nl | j******* | ONECOM One.com A/S
51696 | 195.211.72.36 | www.bierwinkeltje.nl | NL | deb36011 | W******* | ANTAGONIST-AS Antagonist B.V.
More information about the nsp-security
mailing list