Honeynet Project
http://www.honeynet.org
Last Modified: 16th May 2005
In this side note we provide an overview of the source IP addresses of potential victims in the UK phishing attack against a major US bank described in phishing technique one. The data below was collected with the help of the compromised UK honeypot and network packet captures. Over a period of about 4 days we observed 265 inbound HTTP requests to the honeypot, presumably recipients of a spam phishing email who were tricked into accessing the redirected content by clicking on the link provided. All were potential victims of the phishing attack, but none actually submitted personal data and therefore the phishing attack was unsucessful.
| IP | ISP | Country | OS |
| 4.138.NNN.NNN | Level 3 | US | Windows XP, 2000 SP2+ (NAT!) |
| 4.224.NNN.NNN | Level 3 | US | Windows 98 |
| 4.235.NNN.NNN | Level 3 | US | Windows XP, 2000 SP2+ (NAT!) |
| 4.239.NNN.NNN | Level 3 | US | Windows XP, 2000 SP2+ |
| 12.202.NNN.NNN | AT&T | US | FreeBSD 4.7 |
| 12.217.NNN.NNN | AT&T | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 12.218.NNN.NNN | AT&T | US | UNKNOWN |
| 24.16.NNN.NNN | Comcast Cable | US | Windows XP Pro SP1, 2000 SP3 |
| 24.58.NNN.NNN | Road Runner | US | Windows XP Pro SP1, 2000 SP3 |
| 24.59.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.62.NNN.NNN | Comcast Cable | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.90.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.93.NNN.NNN | Road Runner | US | Windows XP Pro SP1, 2000 SP3 |
| 24.107.NNN.NNN | Charter Comms | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.129.NNN.NNN | Comcast Cable | US | Windows XP Pro SP1, 2000 SP3 (NAT!) |
| 24.140.NNN.NNN | Massillon Cable | US | Windows XP, 2000 SP2+ |
| 24.154.NNN.NNN | Armstrong Cable | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.160.NNN.NNN | Road Runner | US | UNKNOWN |
| 24.161.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.162.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.163.NNN.NNN | Road Runner | US | Windows 2000 SP4, XP SP1 |
| 24.165.NNN.NNN | Road Runner | US | Windows XP Pro SP1, 2000 SP3 |
| 24.166.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.208.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 24.209.NNN.NNN | Road Runner | US | Windows XP Pro SP1, 2000 SP3 (firewall!) |
| 24.220.NNN.NNN | Midcontinent Comms | US | UNKNOWN |
| 24.231.NNN.NNN | Charter Comms | US | Windows XP SP1, 2000 SP3 |
| 24.239.NNN.NNN | Armstrong Cable | US | Windows XP/2000 |
| 24.243.NNN.NNN | Service Co LLC | US | Windows XP Pro SP1, 2000 SP3 |
| 63.165.NNN.NNN | DIGITEL | Prob US | OpenBSD 3.0 |
| 63.192.NNN.NNN | Pacific Bell | US | Windows 2000 SP4, XP SP1 |
| 64.12.NNN.NNN | AOL | US | Linux 2.4 w/o timestamps |
| 64.33.NNN.NNN | West Winconsin Telecomn | US | Windows XP, 2000 SP2+ |
| 64.58.NNN.NNN | Marlowe & Associates | US | Windows 98 (2) (NAT!) |
| 64.136.NNN.NNN | Juno Online | US | OpenBSD 3.0 |
| 64.136.NNN.NNN | Juno Online | US | OpenBSD 3.0 |
| 64.136.NNN.NNN | Juno Online | US | OpenBSD 3.0 |
| 64.161.NNN.NNN | Pacific Bell Internet | US | Windows XP Pro SP1, 2000 SP3 (NAT!) |
| 64.216.NNN.NNN | SBC Internet | US | Windows XP Pro SP1, 2000 SP3 (NAT!) |
| 64.222.NNN.NNN | Verizon Internet | US | Windows 2000 SP4, XP SP 1 |
| 65.78.NNN.NNN | RCN Corporation | US | FreeBSD 4.7 |
| 65.166.NNN.NNN | Sprint | US | Windows 98 |
| 65.204.NNN.NNN | Eagle Mountain Telecom | US | FreeBSD 4.8 |
| 65.221.NNN.NNN | Buckeye Cablevision | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 65.229.NNN.NNN | UUNET | US | Windows XP/2000 |
| 66.38.NNN.NNN | Brandenburg Telephone Company | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 66.41.NNN.NNN | Comcast Cable | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 66.45.NNN.NNN | WholeSecurity, Inc | US | Windows 2000 SP4, XP SP1 |
| 66.61.NNN.NNN | Road Runner | US | Windows XP Pro SP1, 2000 SP3 |
| 66.67.NNN.NNN | Road Runnner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 66.68.NNN.NNN | Road Runner | US | Windows XP Pro SP1, 2000 SP3 |
| 66.82.NNN.NNN | Hughes Network Systems | US | UNKNOWN |
| 66.170.NNN.NNN | T-NET, Inc | US | Windows XP, 2000 SP2+ |
| 66.188.NNN.NNN | Charter Comms | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) (firewall!) |
| 67.5.NNN.NNN | Qwest | US | Windows XP, 2000 SP2+ |
| 67.23.NNN.NNN | Adelphia Cable Comms | US | Windows XP Pro SP1, 2000 SP3 |
| 67.38.NNN.NNN | Ameritech Electronic Commerce | US | Windows XP, 2000 SP2+ |
| 67.66.NNN.NNN | SBC Internet Services | US | Windows XP SP1, 2000 SP3 |
| 67.122.NNN.NNN | Pac Bell Internet | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 67.160.NNN.NNN | Comcast Cable | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 67.164.NNN.NNN | Comcast Cable | US | Windows XP Pro SP1, 2000 SP3 (NAT!) |
| 67.167.NNN.NNN | Comcast Cable | US | UNKNOWN |
| 68.10.NNN.NNN | Cox Communications Inc | US | Windows XP Pro SP1, 2000 SP3 |
| 68.14.NNN.NNN | Cox Communications Inc | US | FreeBSD 4.7 |
| 68.32.NNN.NNN | Comcast Cable | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 68.53.NNN.NNN | Comcast Cable | US | Windows XP Pro SP1, 2000 SP3 |
| 68.88.NNN.NNN | SBC Internet Services | US | Windows 2000 SP4, XP SP 1 |
| 68.89.NNN.NNN | SBC Internet Services | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 68.94.NNN.NNN | SBC Internet Services | US | Windows XP Pro SP1, 2000 SP3 (NAT!) |
| 68.103.NNN.NNN | Cox Communications Inc | US | Windows XP Pro SP1, 2000 SP3 |
| 68.109.NNN.NNN | Cox Communications Inc | US | Windows 2000 SP4, XP SP1 |
| 68.205.NNN.NNN | Road Runner | US | UNKNOWN |
| 68.254.NNN.NNN | SBC Internet Services | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 69.23.NNN.NNN | - | - | Windows XP Pro SP1, 2000 SP3 |
| 69.48.NNN.NNN | Choice One Comms | US | Windows XP, 2000 SP2+ |
| 69.59.NNN.NNN | Peak Inc | US | Windows XP/2000 via Cisco |
| 69.132.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 69.133.NNN.NNN | Road Runner | US | Windows XP Pro SP1, 2000 SP3 |
| 69.134.NNN.NNN | Road Runner | US | UNKNOWN |
| 69.135.NNN.NNN | Road Runner | US | Windows 2000 SP4, XP SP1 |
| 69.135.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 69.151.NNN.NNN | SBC Internet Services | US | Windows XP Pro SP1, 2000 SP3 (NAT!) |
| 69.162.NNN.NNN | Adelphia Cable Comms | US | FreeBSD 4.7 |
| 137.229.NNN.NNN | University of Alaska | US | Windows XP Pro SP1, 2000 SP3 |
| 141.154.NNN.NNN | Verizon Internet | US | Windows XP SP1, 2000 SP3 |
| 148.78.NNN.NNN | Starband Comms | US | CacheFlow CacheOS 4.1 (up |
| 149.174.NNN.NNN | CompuServe | US | Linux 2.4 w/o timestamps |
| 152.163.NNN.NNN | AOL | US | Linux 2.4 w/o timestamps |
| 156.36.NNN.NNN | US Bancorp | US | OpenBSD 3.0 |
| 162.83.NNN.NNN | Verizon Internet | US | Windows 2000 SP4, XP SP1 |
| 166.102.NNN.NNN | WRK Internet | - | Windows XP, 2000 SP2+ |
| 166.102.NNN.NNN | WRK Internet | - | Windows XP, 2000 SP2+ |
| 169.207.NNN.NNN | Executive PC, Inc | US | Windows 98 |
| 170.94.NNN.NNN | State of Arkansas | US | Windows 2000 SP4, XP SP1 |
| 172.131.NNN.NNN | AOL | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 172.131.NNN.NNN | AOL | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 204.95.NNN.NNN | Sprint | US | Windows XP, 2000 SP2+ |
| 204.210.NNN.NNN | Road Runner | US | Windows 2000 SP4, XP SP1 |
| 204.210.NNN.NNN | Road Runner | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 205.162.NNN.NNN | Buckeye Cablevision | US | Windows 2000 SP2+, XP SP1 (seldom 98 4.10.2222) |
| 206.148.NNN.NNN | AGIS | US | Windows XP, 2000 SP2+ |
| 206.196.NNN.NNN | US West Internet Services | US | Windows XP Pro SP1, 2000 SP3 |
| 207.89.NNN.NNN | NetLink Systems LLC | US | Windows XP, 2000 SP2+ |
| 207.89.NNN.NNN | NetLink Systems LLC | US | Linux 2.4/2.6 (up |
| 207.231.NNN.NNN | Surewest Internet | US | BSD/OS 3.1 |
| 208.60.NNN.NNN | Local Link | US | Windows XP, 2000 SP2+ |
| 208.187.NNN.NNN | Lanset Comms | US | Windows XP, 2000 SP2+ |
| 208.191.NNN.NNN | SBC Internet | US | Windows XP Pro SP1, 2000 SP3 (NAT!) |
| 209.43.NNN.NNN | IQuest Internet | US | Windows XP, 2000 SP2+ |
| 209.131.NNN.NNN | CenturyTel Internet Holdings Inc | US | Windows 98 |
| 209.206.NNN.NNN | IQuest Internet | US | Windows XP, 2000 SP2+ |
| 209.247.NNN.NNN | Bend Cable | US | Linux 2.4/2.6 (up |
| 216.93.NNN.NNN | Voyager Information Networks | US | Windows XP, 2000 SP2+ |
| 216.228.NNN.NNN | Bend Cable | US | Cisco Content Engine |
Click here to return to the main paper.