Phishing Incident Victims

In this side note we provide an overview of the source IP addresses of potential victims in the UK phishing attack against a major US bank described in phishing technique one. The data below was collected with the help of the compromised UK honeypot and network packet captures. Over a period of about 4 days we observed 265 inbound HTTP requests to the honeypot, presumably recipients of a spam phishing email who were tricked into accessing the redirected content by clicking on the link provided. All were potential victims of the phishing attack, but none actually submitted personal data and therefore the phishing attack was unsucessful.

IP ISP Country OS
4.138.NNN.NNN Level 3 US Windows XP, 2000 SP2+ (NAT!)
4.224.NNN.NNN Level 3 US Windows 98
4.235.NNN.NNN Level 3 US Windows XP, 2000 SP2+ (NAT!)
4.239.NNN.NNN Level 3 US Windows XP, 2000 SP2+
12.202.NNN.NNN AT&T; US FreeBSD 4.7
12.217.NNN.NNN AT&T; US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
12.218.NNN.NNN AT&T; US UNKNOWN
24.16.NNN.NNN Comcast Cable US Windows XP Pro SP1, 2000 SP3
24.58.NNN.NNN Road Runner US Windows XP Pro SP1, 2000 SP3
24.59.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.62.NNN.NNN Comcast Cable US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.90.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.93.NNN.NNN Road Runner US Windows XP Pro SP1, 2000 SP3
24.107.NNN.NNN Charter Comms US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.129.NNN.NNN Comcast Cable US Windows XP Pro SP1, 2000 SP3 (NAT!)
24.140.NNN.NNN Massillon Cable US Windows XP, 2000 SP2+
24.154.NNN.NNN Armstrong Cable US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.160.NNN.NNN Road Runner US UNKNOWN
24.161.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.162.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.163.NNN.NNN Road Runner US Windows 2000 SP4, XP SP1
24.165.NNN.NNN Road Runner US Windows XP Pro SP1, 2000 SP3
24.166.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.208.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
24.209.NNN.NNN Road Runner US Windows XP Pro SP1, 2000 SP3 (firewall!)
24.220.NNN.NNN Midcontinent Comms US UNKNOWN
24.231.NNN.NNN Charter Comms US Windows XP SP1, 2000 SP3
24.239.NNN.NNN Armstrong Cable US Windows XP/2000
24.243.NNN.NNN Service Co LLC US Windows XP Pro SP1, 2000 SP3
63.165.NNN.NNN DIGITEL Prob US OpenBSD 3.0
63.192.NNN.NNN Pacific Bell US Windows 2000 SP4, XP SP1
64.12.NNN.NNN AOL US Linux 2.4 w/o timestamps
64.33.NNN.NNN West Winconsin Telecomn US Windows XP, 2000 SP2+
64.58.NNN.NNN Marlowe & Associates US Windows 98 (2) (NAT!)
64.136.NNN.NNN Juno Online US OpenBSD 3.0
64.136.NNN.NNN Juno Online US OpenBSD 3.0
64.136.NNN.NNN Juno Online US OpenBSD 3.0
64.161.NNN.NNN Pacific Bell Internet US Windows XP Pro SP1, 2000 SP3 (NAT!)
64.216.NNN.NNN SBC Internet US Windows XP Pro SP1, 2000 SP3 (NAT!)
64.222.NNN.NNN Verizon Internet US Windows 2000 SP4, XP SP 1
65.78.NNN.NNN RCN Corporation US FreeBSD 4.7
65.166.NNN.NNN Sprint US Windows 98
65.204.NNN.NNN Eagle Mountain Telecom US FreeBSD 4.8
65.221.NNN.NNN Buckeye Cablevision US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
65.229.NNN.NNN UUNET US Windows XP/2000
66.38.NNN.NNN Brandenburg Telephone Company US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
66.41.NNN.NNN Comcast Cable US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
66.45.NNN.NNN WholeSecurity, Inc US Windows 2000 SP4, XP SP1
66.61.NNN.NNN Road Runner US Windows XP Pro SP1, 2000 SP3
66.67.NNN.NNN Road Runnner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
66.68.NNN.NNN Road Runner US Windows XP Pro SP1, 2000 SP3
66.82.NNN.NNN Hughes Network Systems US UNKNOWN
66.170.NNN.NNN T-NET, Inc US Windows XP, 2000 SP2+
66.188.NNN.NNN Charter Comms US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) (firewall!)
67.5.NNN.NNN Qwest US Windows XP, 2000 SP2+
67.23.NNN.NNN Adelphia Cable Comms US Windows XP Pro SP1, 2000 SP3
67.38.NNN.NNN Ameritech Electronic Commerce US Windows XP, 2000 SP2+
67.66.NNN.NNN SBC Internet Services US Windows XP SP1, 2000 SP3
67.122.NNN.NNN Pac Bell Internet US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
67.160.NNN.NNN Comcast Cable US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
67.164.NNN.NNN Comcast Cable US Windows XP Pro SP1, 2000 SP3 (NAT!)
67.167.NNN.NNN Comcast Cable US UNKNOWN
68.10.NNN.NNN Cox Communications Inc US Windows XP Pro SP1, 2000 SP3
68.14.NNN.NNN Cox Communications Inc US FreeBSD 4.7
68.32.NNN.NNN Comcast Cable US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
68.53.NNN.NNN Comcast Cable US Windows XP Pro SP1, 2000 SP3
68.88.NNN.NNN SBC Internet Services US Windows 2000 SP4, XP SP 1
68.89.NNN.NNN SBC Internet Services US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
68.94.NNN.NNN SBC Internet Services US Windows XP Pro SP1, 2000 SP3 (NAT!)
68.103.NNN.NNN Cox Communications Inc US Windows XP Pro SP1, 2000 SP3
68.109.NNN.NNN Cox Communications Inc US Windows 2000 SP4, XP SP1
68.205.NNN.NNN Road Runner US UNKNOWN
68.254.NNN.NNN SBC Internet Services US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
69.23.NNN.NNN - - Windows XP Pro SP1, 2000 SP3
69.48.NNN.NNN Choice One Comms US Windows XP, 2000 SP2+
69.59.NNN.NNN Peak Inc US Windows XP/2000 via Cisco
69.132.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
69.133.NNN.NNN Road Runner US Windows XP Pro SP1, 2000 SP3
69.134.NNN.NNN Road Runner US UNKNOWN
69.135.NNN.NNN Road Runner US Windows 2000 SP4, XP SP1
69.135.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
69.151.NNN.NNN SBC Internet Services US Windows XP Pro SP1, 2000 SP3 (NAT!)
69.162.NNN.NNN Adelphia Cable Comms US FreeBSD 4.7
137.229.NNN.NNN University of Alaska US Windows XP Pro SP1, 2000 SP3
141.154.NNN.NNN Verizon Internet US Windows XP SP1, 2000 SP3
148.78.NNN.NNN Starband Comms US CacheFlow CacheOS 4.1 (up
149.174.NNN.NNN CompuServe US Linux 2.4 w/o timestamps
152.163.NNN.NNN AOL US Linux 2.4 w/o timestamps
156.36.NNN.NNN US Bancorp US OpenBSD 3.0
162.83.NNN.NNN Verizon Internet US Windows 2000 SP4, XP SP1
166.102.NNN.NNN WRK Internet - Windows XP, 2000 SP2+
166.102.NNN.NNN WRK Internet - Windows XP, 2000 SP2+
169.207.NNN.NNN Executive PC, Inc US Windows 98
170.94.NNN.NNN State of Arkansas US Windows 2000 SP4, XP SP1
172.131.NNN.NNN AOL US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
172.131.NNN.NNN AOL US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
204.95.NNN.NNN Sprint US Windows XP, 2000 SP2+
204.210.NNN.NNN Road Runner US Windows 2000 SP4, XP SP1
204.210.NNN.NNN Road Runner US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
205.162.NNN.NNN Buckeye Cablevision US Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222)
206.148.NNN.NNN AGIS US Windows XP, 2000 SP2+
206.196.NNN.NNN US West Internet Services US Windows XP Pro SP1, 2000 SP3
207.89.NNN.NNN NetLink Systems LLC US Windows XP, 2000 SP2+
207.89.NNN.NNN NetLink Systems LLC US Linux 2.4/2.6 (up
207.231.NNN.NNN Surewest Internet US BSD/OS 3.1
208.60.NNN.NNN Local Link US Windows XP, 2000 SP2+
208.187.NNN.NNN Lanset Comms US Windows XP, 2000 SP2+
208.191.NNN.NNN SBC Internet US Windows XP Pro SP1, 2000 SP3 (NAT!)
209.43.NNN.NNN IQuest Internet US Windows XP, 2000 SP2+
209.131.NNN.NNN CenturyTel Internet Holdings Inc US Windows 98
209.206.NNN.NNN IQuest Internet US Windows XP, 2000 SP2+
209.247.NNN.NNN Bend Cable US Linux 2.4/2.6 (up
216.93.NNN.NNN Voyager Information Networks US Windows XP, 2000 SP2+
216.228.NNN.NNN Bend Cable US Cisco Content Engine