[nsp-sec] Stolen HTTP(s) login credentials

SURFcert - Peter p.g.m.peters at utwente.nl
Thu Feb 17 08:53:44 EST 2011 

Thomas,

Thomas Hungenberg wrote on 17-02-2011 14:37:
>
>
> please find below a list of stolen HTTP(s) login credentials found in
> a malware dropzone.
> According to the dropzone timestamps, the credentials have been stolen
> between
> 2011-02-12 and 2011-02-15.
>
Can you enlighten me about the relation between the IP address and the
URL. The URL does not seem to be located on the IP address mentioned.
Are the credentials related to the IP address or the URL?

> ASN | IP | URL | CC | username | sanitized password | AS name
> 1103 | 130.115.142.88 | https://192.168.1.16/admin | EU | admin |
> E******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 130.115.150.37 | http://e-tools.freenet.de/login.php3 | EU |
> Eduros1 | E******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 130.115.150.37 | http://e-tools.freenet.de/login.php3 | EU |
> marion391959 | M******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 145.20.124.41 | https://susi.bigfishgames.de | EU |
> ekaminski at gmx.net | T******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 145.20.124.41 | https://twitter.com | EU | gusdias at gmail.com |
> c******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 145.20.173.42 | http://mjranum.deviantart.com | EU | debeer68 |
> s******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 145.20.188.27 | http://radiodreamtiger.ra.funpic.de/news.php |
> EU | Webmaster | q******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 145.85.2.206 | https://prive.eneco.nl | EU |
> brouwer.bach at kpnplanet.nl | r******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 145.85.2.215 | https://webmail.kpnmail.nl/mail/logon.asp | EU |
> JBekkers2 | j******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 145.85.2.215 | https://webmail.kpnplanet.nl | EU | yvonne.bach
> | y******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 194.171.109.21 | http://www.supremacy1914.com | NL | xbored |
> x******* | SURFNET-NL SURFnet, The Netherlands
> 1103 | 194.171.71.37 | http://shop.maxipharm.de | NL | Privat |
> G******* | SURFNET-NL SURFnet, The Netherlands
>

-- 
Peter Peters                     /------\           SURFnet bv
SURFcert                         | SURF |           cert.surfnet.nl
cert at surfnet.nl                  \-----\ \-----\    Postbus 19035
PGP Key ID 0x5A52C966                   | CERT |    NL-3501 DA  Utrecht
+31 30 2305 305                         \------/    fax: +31 30 2305 329


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 543 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20110217/bcb5dd55/attachment-0001.sig>

More information about the nsp-security mailing list