Phishing Out The Goldman Code Fishers

Tyler Durden's picture
Still out in the boonies, so a few more days without extended analysis. In the meantime, some more amusement on GoldmanGate: Cryptogon has created a piece of html code that Google queries latch on to when searching for "Goldman Sachs Code Torrent", allowing the sysadmin to track which IPs and firms are querrying this keyword. Interesting results. From the website:

I have not seen as much activity from Goldman Sachs as I thought I would on my little honey pot. This is all so far. Then again, this hasn’t even been up 24 hours yet:

204.4.131.140 2009-07-07 12:01:17
/?paged=2
Referrer: http://www.google.com/search?hl=en&rls=com.microsoft%3A*&q=Mr.+Aleynikov+strat&aq=f&oq=&aqi=
Hostname: cflodc1.gs.com*
SEARCH ENGINE: Google (page: 1)*
KEYWORDS: Mr. Aleynikov strat
 
Other interesting visits:

Citadel Investment Group
64.22.160.1 2009-07-07 11:53:59
/?p=9712
Referrer: Direct hit
Hostname: cit1.citadelgroup.com
 
InfoNgen is the first Discovery Engine for business, finance and information professionals that knows what’s critical to you. Extracts relevant and timely information buried on the web, within emails, in desktop documents or on network drives. Identifies trends and connections between topics, companies or products that might not otherwise be apparent. And delivers results in real time.

63.87.234.186 2009-07-07 05:12:58
/?p=9712
Referrer: Direct hit
Hostname: host186.infongen.com

Batterymarch is a global equity specialist, investing in approximately 50 countries for clients around the world. Our unique quantitative strategies combine the power of technology with the wisdom of experienced fundamental investors.

199.58.12.24 2009-07-07
21:12:51
/?p=9712
Referrer: http://www.google.com/reader/view/
Hostname: smtp.batterymarch.com

U.S. Army
128.190.125.2 2009-07-07 17:59:55
/?p=9712
Referrer: Direct hit
Hostname: wks125-2.belvoir.army.mil

Clough Capital

74.201.46.1 2009-07-07 17:38:18
/?p=9712
Referrer: Direct hit
Hostname: host1.cloughcapital.com

Microsoft

131.107.0.101 2009-07-07 17:09:44
/?p=9712
Referrer: From your blog
Hostname: tide531.microsoft.com

The Benefit Company

66.184.209.18 2009-07-07 16:20:15
/?p=9712
Referrer: Direct hit
Hostname: 66.184.209.18

At ECBridge™, we know that information is the lifeblood of today’s business. Our experienced, international team helps clients plan, implement and manage innovative e-business solutions. We can help
your firm gain competitive advantage, by extending the reach of your company’s information.

207.111.251.165 2009-07-07 16:12:14
/?p=9712
Referrer: Direct hit
Hostname: mail.ecbridge.com

New York City Police Department

206.212.185.216 2009-07-07 12:49:12
/?p=9712
Referrer: From your blog
Hostname: 206.212.185.216

City of Houston
204.235.227.149 2009-07-07 12:05:43
/?p=9712Referrer: From your blog
Hostname: 204.235.227.149

Note: U.S. Department of Homeland

Security is obsessed with this post, and with Cryptogon, today. There are at least a couple of DHS employees who read Cryptogon as a matter of routine, but the activity over the last 24 hours shows 10 visits, 43 page views from five different hosts/IPs:

sbcp5.dhs.gov 204.248.24.164
bcp1.cbp.dhs.gov 63.167.255.151
bcp3.cbp.dhs.gov 63.167.255.153
sbcp6.dhs.gov 204.248.24.165
sbcp3.dhs.gov 204.248.24.162

Not sure how long Cryptogon will be able to keep this page up, so check it out while you can. And let other comparable games begin.
 
hat tip Dora