Today, August 25, from 1410 to 1446 UTC, an IP address registered to SERVEREL, a data center or hosting provider based in California, used the QuantumFilament proxy network to access the Tumblr blogging site. Most likely that IP address at SERVEREL, 126.96.36.199, is a third IP address at SERVEREL that has been compromised and used by the QF group. How many more IP addresses at SERVEREL have been hacked and are being abused? I could tell SERVEREL about this, but that doesn’t really solve their issue.
Update 1: Serverel has now been informed. I see activity from this Serverel IP going back to August 3. Even if QuantumFilament is kicked out of Serverel, they hhav hacked into additional data centers/hosting providers worldwide.
Update 2: Serverel writes back:
many thanks for your report. 188.8.131.52 is used by our customer since June 2012 and i think this server could be compromised. This is 100% legitimate customer.
Serverel’s emphasis is that there is a live, legitimate customer using this IP, and they don’t want administrators around the Internet to block this IP, thereby blocking the real customer’s connectivity.
Update 3: More from Serverel:
looks like this server is really in use, we ask end user to escalate this issue and find what is a reason for this report.