PhishTank Annual Report. October 2006 September 2007

Similar documents
TMCH Report March February 2017

Lionbridge ondemand for Adobe Experience Manager

DNSSEC Workshop. Dan York, Internet Society ICANN 53 June 2015

(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)

2016 Survey of Internet Carrier Interconnection Agreements

(43) International Publication Date n n / ft * 3 May 2012 ( ) U l / 5 A

WO 2017/ Al. 15 June 2017 ( )

2016 Survey of Internet Carrier Interconnection Agreements

Media Kit e.g. Amsterdam Search

WO 2013/ Al. 17 January 2013 ( ) P O P C T

COMMISSION IMPLEMENTING REGULATION (EU)

eifu Trauma and Extremities

Global Name Registry Registry Operator Monthly Report January 2003

MAWA Forum State of Play. Cooperation Planning & Support Henk Corporaal MAWA Forum Chair

Process overview Blocked Account

IS-13 TOPS Special Solicitation Volume Report

I so want to know about ISO 20022

Secure Inter-domain Routing with RPKI

Release Notes for Translation Workspace

SPAREPARTSCATALOG: CONNECTORS SPARE CONNECTORS KTM ART.-NR.: 3CM EN

TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, W., Houston, Texas (US).

October 1, 2017 MPEG-2 Systems Attachment 1 Page 1 of 7. GE Technology Development, Inc. MY A MY MY A.

SPARE CONNECTORS KTM 2014

Country

22ND CENTURY_J1.xls Government Site Hourly Rate

SMF Transient Voltage Suppressor Diode Series

Devices for LV overvoltage protection : Called Surge Protective Device (SPD) for Low Voltage. Different from high voltage : «surge arrester»

Annex A to the DVD-R Disc and DVD-RW Disc Patent License Agreement Essential Sony Patents relevant to DVD-RW Disc

Add Manufacturer Name & Address

April 1, 2018 ATSC Attachment 1 Page 1 of 12 LG Electronics Inc.

CCH Trust Accounts. Version Release Notes

April 1, 2019 ATSC Attachment 1 Page 1 of 12 LG Electronics Inc.

Profiling Web Archive Coverage for Top-Level Domain & Content Language

TEIN3. Richard Hughes Jones OGF31 EU-Asia Workshop DANTE 23 March The Research and Education Network for Asia-Pacific

Appendix 5-1: Attachment J.1 Pricing Table -1: IMS Ceiling Loaded Rates at Contractor Site

RS-232C Interface Command Table

Global Forum 2007 Venice

Introduction to ISO ACG Seminar Colombo, May Alexandre Kech Head of Securities Market Infrastructures & Standards SWIFT APAC

ENDF/B-VII.1 versus ENDFB/-VII.0: What s Different?

(51) Int Cl.: H04L 12/24 ( ) WU, Qin

Freelancer Guideline: Setting up a profile How to create an ideabook Useful tips Publishing Plan Invoices Communication

IPv6 Address Allocation Policies and Management

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

Media Kit e.g. London Search

Installation Instructions for SAP GUI for Java 7.4

NEW_InnoNet stakeholder analysis

APNIC Update. Amsterdam, Jan 2001 A S I A P A C I F I C N E T W O R K I N F O R M A T I O N

TEPZZ Z47A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G06Q 30/00 ( )

FLIGHTS TO / FROM CANADA ARE DOMESTIC

Installation Instructions for SAP GUI for Java 7.4

Annex A to the MPEG Audio Patent License Agreement Essential Philips, France Telecom and IRT Patents relevant to DVD-Video Disc - MPEG Audio - general

ITU-BDT Regional Seminar on Fixed Mobile Convergence and Guidelines on the smooth transition of existing mobile networks to IMT Session 2.2.

Asia Key Economic and Financial Indicators

UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE Trade Development and Timber Division

CORPORATE PRESENTATION

CitiService News August 1, 2017 Edition No. 8

Data-Intensive Distributed Computing

TEPZZ Z7999A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: B05B 15/04 ( )

CLOUD GROUP TECHNOLOGY FOR THE AGILE TRANSITION.

TEPZZ Z5_748A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION

Asia Key Economic and Financial Indicators

TEPZZ 6 8A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION

(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau

PCT WO 2007/ Al

UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE Trade Development and Timber Division

Asia Key Economic and Financial Indicators

*EP A2* EP A2 (19) (11) EP A2 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2005/37

Eurostat s s Information Society Statistics

BoR (14) 142. Presented by ECTA in relation to the public hearing on the draft BEREC Strategy and draft BEREC Work Programme 2015

HEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017

EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2012/34

EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art. 153(4) EPC

Whole Home Mesh WiFi System. Quick Installation Guide

EIDA European Integrated Data Archives

Road to broadband society: Lithuanian case

Apple Inc. US 6,587,904 US 6,618,785 US 6,636,914 US 6,639,918 US 6,718,497 US 6,831,928 US 6,842,805 US 6,865,632 US 6,944,705 US 6,985,981

TROVIS 6600 Automation System for industrial processes

ica) Inc., 2355 Dulles Corner Boulevard, 7th Floor, before the expiration of the time limit for amending the

Scorciatoie da tastiera - Circad 4.09

Figure 1. (43) International Publication Date WO 2015/ Al 9 July 2015 ( ) W P O P C T. [Continued on nextpage]

1 kg 5 kg 10 kg 15 kg 20 kg 25 kg 30 kg 40 kg 50 kg

CGN in Europe? An Analytical Approach to Policymaking

CEF eid SMO The use of eid in ehealth. ehealth Network meeting 7 June 2016 Amsterdam

INPADOCDB/INPAFAMDB News

An Analysis of Storage Interface Usages at a Large, MultiExperiment Tier 1

Product Retirement Notice

Customer Maintenance Parts List

SMAJ SERIES 400 Watts Suface Mount Transient Voltage Suppressor SMA/DO-214AC. RoHS. Features

Is IPv6 only for the Rich?

Release Notes. V-Series 5.1

TEPZZ 85 9Z_A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION

BASIC PRICE LIST. The price of transportation is added toll in the amount of CZK 1,30 / kg and the current fuel surcharge.

Row 1 This is data This is data

Row 1 This is data This is data. This is data out of p This is bold data p This is bold data out of p This is normal data after br H3 in a table

SURVEY ON APPLICATION NUMBERING SYSTEMS

Release Notes <TC55 Rev B SW V >

Flash Eurobarometer 468. Report. The end of roaming charges one year later

Cooperation Of Space NCPs as a Means to Optimise Services

IPv6 Allocation and Policy Update. Global IPv6 Summit in China 2007 April 12, 2007 Guangliang Pan

30 June 2011 ( ) W / / / / A

Transcription:

PhishTank Annual Report October 2006 September 2007 Published by OpenDNS Oct. 9, 2007

TABLE OF CONTENTS Report Overview.3 Most Spoofed Brands.4 Top U.S. Network Providers Hosting Phishes 5 Top 25 Worldwide Network Providers Hosting Phishes 5 Total Submissions with Valid Breakdown..6 Total Votes with Vote Breakdown..6 Total Submitters..6 Total Verifiers.6 Total Submitter/Voters 7 Top Phish-Hosting IPs with Valid Phish per IP..7 Top Phish-Hosting Domains, with Number of Valid Phishes per Domain.7 Phishes by Country with Relative Percent of Overall Phishes 8 Verifications by Day of Month 11 Verifications per Hour, with Valid/Invalid Breakdown..11 Submissions per Hour, with Valid/Invalid Breakdown...12 Votes per Hour, with Valid/Invalid Breakdown..12 Top Verifiers 13 Average time to Verify 13 2

Overview The PhishTank Annual Report is an analysis of data about verified phishing Web sites submitted to PhishTank. This report includes data from October 1, 2006 to September 30, 2007. Data included in the Annual Report is collected and presented the same way PhishTank collects and presents monthly statistics. Working definition of phishing: Phishing is a fraudulent attempt, usually made through email, to steal personal information. Phishing emails usually appear to come from a well-known organization and ask for personal information such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which one do not have an account. In order for Internet criminals to successfully "phish" personal information, they must get an individual to navigate from an email to a website. Phishing emails will almost always instruct to click a link that takes one to a site where personal information is requested. Legitimate organizations would never request this information via email. About PhishTank: Launched in October 2006 to coincide with National Cyber Security Awareness Month, PhishTank is the world s only collaborative clearinghouse for phishing data. PhishTank employs a sophisticated voting system that requires the community to vote "phish" or "not phish," reducing the possibility of false positives and improving the data s overall breadth and coverage. PhishTank makes all phishing data it accumulates public and available via programmable APIs, which allow other software developers to incorporate anti-phishing elements into their tools. The open access is intended to encourage the sharing of information and increase the chance of eliminating phishing all together. For more information about PhishTank, please visit: www.phishtank.com Note to press: If there is specific data you wish to obtain, not presented in this report, please feel free to contact Allison Rhodes at OpenDNS to make a request: allison@opendns.com 3

Most Spoofed Brands, with Number of Verified Phishes Spoofing that Brand 1. PayPal 31,719 2. ebay, Inc. 31,718 3. Barclays Bank PLC 6,515 4. Bank of America Corporation 5,727 5. Fifth Third Bank 4,191 6. JPMorgan Chase and Co. 1,981 7. Wells Fargo 1,643 8. Volksbanken Raiffeisenbanken 1,341 9. Branch Banking and Trust Company 824 10. Regions Bank 774 11. Wachovia 652 12. HSBC Group 529 13. National City 509 14. Amazon.com 494 15. Poste Italiane 447 16. Citibank 429 17. US Bank 392 18. Capital One 333 19. HSBC 307 20. Western Union 297 21. e-gold 251 22. NatWest Bank 224 23. Citizens Bank 221 24. Internal Revenue Service 199 25. Washington Mutual 159 26. Downey Savings 146 27. Key Bank 145 28. Royal Bank of Canada 143 29. Bank of the West 83 30. TD Canada Trust 75 31. WalMart 48 32. Independent Bank Corp 48 33. Westpac 43 34. BMO Financial 40 35. Marshall & Ilsley Bank 35 36. Alliance Bank 34 37. Royal Bank of Scotland 23 38. CIBC 20 39. Bendigo Bank 18 40. Compass Bank 18 41. Amarillio National Bank 17 42. Associated Bank 16 43. Charter One Bank 16 44. People's Bank 14 45. Comerica Bank 13 46. TD Ameritrade 12 47. Accurint 12 4

48. Development Bank of Singapore 8 49. First Hawaiian Bank 6 50. LaSalle Bank 6 51. Salem Five 4 52. Nantucket Bank 4 53. First Federal Bank of CA 3 54. Sky Financial 3 55. PNC Bank 3 56. Crown Bank 2 57. Bank of Kansas City 2 58. Franklin Bank 1 59. CareerBuilder 1 Top U.S. Network Providers Hosting Phishes with total number of phishes hosted: 1. SBC 53,666 2. Comcast 28,016 3. Road Runner 25,925 4. Charter 12,544 5. Internap Network Services 10,332 6. Inktomi Corporation 9,293 7. XO Communications 8,511 8. Bresnan Communications, LLC 8,408 9. AITNET Advanced Internet Technologies 8,274 10. Park Region Mutual Telephone Co. 7,566 SIMPLENET Simple Network Communications, 11. Inc. 7,455 12. WorldNet Services 6,295 13. Everyone s Internet 5,285 14. INSIGHT COMMUNICATIONS COMPANY, L.P. 4,544 15. Peer 1 Network Inc. 4,333 16. Cox Communications 3,988 17. Global One Communications 3,829 18. Go Daddy Software, Inc. 3,772 19. Oversee.net 3,712 20. BellSouth 3,395 Top 25 Worldwide Networks with Number of Phish Reported 1. Hanaro Telecom Inc. 37,345 2. TTNET TTnet Autonomous System 24,816 3. SBC Internet Services 23,169 4. Korea Telecom 17,567 5. CNCGROUP China169 Backbone 15,406 6. VTR BANDA ANCHA S.A. 15,001 7. PROXAD AS for Proxad ISP 12,207 8. DACOM Corporation 11,427 5

9. No.31,Jin-rong Street 10,326 10. HINET Data Communication 9,250 11. Bresnan Communications, LLC. 8,355 12. DTAG Deutsche Telekom AG 8,046 13. VirtualXS Internet BV 8,043 14. PRMTC Park Region Mutual 7,588 15. Groupe iweb Technologies Inc. 7,368 16. Charter Communications 7,353 17. AITNET 6,929 18. COLT COLT Telecommunications 5,690 19. BACOM Bell Canada 5,457 20. NOOS Autonomous System 5,239 21. Synergetic Medien - AG 5,140 22. SHAW Shaw Communications Inc. 4,788 23. Guangdong Mobile Communication 4,608 24. Oversee.net 4,526 25. INSIGHT COMMUNICATIONS 4,237 Total Submissions with Valid Breakdown +--------+--------+---------+------------+ total valid invalid unverified +--------+--------+---------+------------+ 299084 220225 8760 70099 +--------+--------+---------+------------+ Total Votes with Vote Breakdown +---------+---------+---------+-------------+ total valid invalid i_dont_know +---------+---------+---------+-------------+ 1480159 1352754 84053 43352 +---------+---------+---------+-------------+ Total Submitters +------------------+ total_submitters +------------------+ 5448 +------------------+ Total Verifiers +-----------------+ total_verifiers +-----------------+ 3580 6

+-----------------+ Total Submitter/Voters +------------------------+ total_submitter_voters +------------------------+ 1857 +------------------------+ Top Phish-Hosting IPs with Valid Phish per IP +-----------------+-------+ ip_address count +-----------------+-------+ 221.143.234.20 23366 85.105.190.151 18821 200.120.67.245 12931 221.10.110.67 9679 69.145.198.82 8280 62.129.131.38 7638 64.118.0.183 7566 209.172.59.193 6898 216.117.170.115 5901 211.20.171.111 5841 221.231.147.137 5681 195.20.32.104 5377 81.64.102.104 5139 82.230.158.136 5078 24.205.124.49 5039 217.119.57.19 5022 211.43.204.122 3961 204.13.160.28 3319 211.176.202.19 3162 218.38.140.198 3061 82.230.237.111 2670 216.188.26.235 2489 66.215.145.150 2328 75.81.164.93 2251 219.251.166.157 2175 +-----------------+-------+ Top Phish-Hosting Domains, with Number of Valid Phishes per Domain +----------------+-------+ domain count +----------------+-------+ potreit.cn 2237 proterst.cn 2233 directories.io 2189 itsrtat.cn 2140 promobir.cn 2116 7

dllspro.cn 2087 userpro.io 2037 usersetup.io 2034 userpro.tw 2011 prouserbase.tw 1534 trenkst.jp 1517 udll.tw 1459 usersetup.cn 1361 voila.fr 852 nsserver.ph 782 by.ru 766 mainid.ac 743 stackit.io 705 mainid.sh 683 itfrent.cn 668 postid.cn 665 mainid.tw 654 fastclisp.cn 645 cliform.cn 623 techst.cn 622 +----------------+-------+ Phishes by Country with Relative Percent of Overall Phishes +-------------+---------+ rel_pct country +-------------+---------+ 30.51745856 US 14.42713299 KR 7.14207692 CN 5.07883213 TR 4.80834215 FR 3.91005012 CA 3.36106237 DE 2.97256289 RU 2.60508183 NL 2.43133495 CL 1.96693528 GB 1.83308229 JP 1.63529355 TW 1.10469490 IN 1.03283728 RO 0.98766541 BR 0.97776695 IT 0.96613702 TH 0.81749421 ES 0.78550120 PL 0.71427066 BG 0.67286585 AR 0.53421426 HK 0.46497939 CZ 0.44708313 CO 0.42423460 MX 0.41063421 IL 0.40084572 EU 8

0.35970823 HU 0.35955135 AU 0.35892237 AT 0.31171244 SE 0.28008688 VE 0.23877603 BD 0.23750416 CU 0.23697917 BO 0.23180529 CH 0.21748542 SG 0.20735260 ID 0.19896591 DK 0.17576369 ZA 0.17368556 MY 0.17194023 IE 0.16360044 PT 0.15470509 PH 0.14542156 UA 0.13478243 LV 0.13470319 IR 0.13404061 BE 0.11856682 PA 0.11449749 EC 0.10867575 PE 0.10121392 EG 0.09784358 KZ 0.09033345 GR 0.08316058 MN 0.07061442 SK 0.06960428 AM 0.06739809 NO 0.06705671 MK 0.06205367 EE 0.05344050 SA 0.05308430 CR 0.04564834 PK 0.04348630 GE 0.04286354 SV 0.04214798 MA 0.04028258 LT 0.03891910 LK 0.03474030 FI 0.03389728 GT 0.03217490 PR 0.03202781 VN 0.03107864 NZ 0.03043891 CS 0.02711783 BF 0.02159383 KH 0.01807855 TZ 0.01757637 AE 0.01648171 MD 0.01637776 SI 0.01551968 IS 0.01421130 AP 0.01364263 PY 9

0.01286249 BA 0.00954146 MO 0.00920665 LU 0.00902426 MT 0.00803491 CI 0.00652837 BH 0.00602618 UZ 0.00602618 BN 0.00602618 CY 0.00552400 GU 0.00552400 TG 0.00552400 JO 0.00502182 TN 0.00502182 MG 0.00492158 HR 0.00401751 KE 0.00401746 LB 0.00401746 SM 0.00401746 AG 0.00376636 UY 0.00376636 KW 0.00351527 AF 0.00351527 SY 0.00351527 LA 0.00301309 AZ 0.00251091 RW 0.00251091 PS 0.00200873 QA 0.00200873 DO 0.00200873 TT 0.00200873 NP 0.00156932 DZ 0.00151518 RS 0.00150655 GI 0.00110480 BY 0.00100436 PW 0.00100436 CF 0.00100436 SD 0.00100436 NG 0.00100436 LI 0.00083699 ML 0.00065449 BS 0.00054401 FJ 0.00050218 ZW 0.00050218 UG 0.00050218 HT 0.00050218 CM 0.00050218 MU 0.00050218 TM 0.00050218 SN 0.00050218 ET 0.00050218 LY 0.00050218 PG 0.00050218 JM 0.00050218 NA 0.00050218 MW 10

0.00050218 KG 0.00050218 LS 0.00050218 NI 0.00016738 BB 0.00015623 BM +-------------+---------+ Verifications by Day of Month day count valid invalid 1st 8725 8470 254 2nd 8393 8108 284 3rd 9726 9461 264 4th 9687 9421 266 5th 12239 11932 307 6th 11664 11276 387 7th 4775 4483 290 8th 8293 8024 269 9th 7416 7099 316 10th 11398 11081 316 11th 7172 6829 343 12th 8016 7693 323 13th 6055 5800 254 14th 12096 11732 363 15th 5987 5710 277 16th 6765 6521 243 17th 5010 4779 228 18th 5167 4924 243 19th 6557 6226 331 20th 5568 5289 278 21st 5359 5069 289 22nd 7774 7417 357 23rd 6190 5903 286 24th 4242 4003 238 25th 6023 5799 224 26th 6346 6098 247 27th 5490 5206 283 28th 6623 6365 257 29th 6802 6552 249 30th 10187 9920 267 31st 3231 3003 227 Verifications per Hour, with Valid/Invalid Breakdown hour count valid invalid 00 15103 14602 499 01 9257 8873 384 02 7081 6691 389 11

03 7609 7237 371 04 5235 4979 255 05 4371 4132 239 06 7023 6712 310 07 8389 8077 311 08 5058 4821 237 09 4763 4584 178 10 5880 5617 263 11 4492 4276 215 12 13795 13470 324 13 6847 6535 311 14 19071 18745 325 15 11727 11383 342 16 10064 9663 399 17 9194 8879 315 18 10938 10495 443 19 19320 18740 578 20 9199 8812 386 21 8152 7706 445 22 14320 13622 696 23 12088 11541 545 Submissions per Hour, with Valid/Invalid Breakdown hour count valid invalid 00 13305 9965 274 01 10766 7597 252 02 9498 7006 256 03 7931 5516 241 04 9582 6649 247 05 6698 4600 179 06 5131 3636 210 07 5213 3630 211 08 6565 4423 233 09 6209 4310 218 10 6622 4628 281 11 6671 4547 279 12 8557 5692 448 13 10011 6753 405 14 11708 8508 475 15 11280 8290 531 16 11206 7809 428 17 20439 15091 561 18 29644 23251 591 19 23876 16977 527 20 23251 18748 433 21 26364 20481 598 22 19335 15407 443 23 9222 6710 439 Votes per Hour, with Valid/Invalid Breakdown 12

+------+--------+-------+---------+ hour count valid invalid +------+--------+-------+---------+ 00 81105 75435 3850 01 71362 65681 3561 02 63719 57993 3629 03 48776 44290 3036 04 42082 38274 2551 05 37875 34051 2310 06 50549 46084 2933 07 54832 50457 2935 08 50276 46058 3060 09 40902 37592 2065 10 35113 32054 2027 11 33994 30687 1930 12 48929 45181 2335 13 62811 58163 3267 14 55365 49932 3616 15 55349 50120 3497 16 51226 45849 3745 17 56227 50964 3450 18 72097 65007 4689 19 83209 75465 4756 20 83272 75346 4997 21 92766 84873 5348 22 106389 98617 5241 23 101934 94581 5225 Top Verifiers +--------------+--------+ Username Count +--------------+--------+ miowpurr 221042 bowlby4 208427 buaya 203434 JustaPerson 99138 tetak 77227 DougieLawson 54181 Char 44909 punkki 38529 ruralnetcop 34116 polymorp 30039 +--------------+--------+ Average Minutes to Verification +-------------------------+ 2859.97051027 +-------------------------+ 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback