From el.baby@gmail.com Thu Dec 23 15:27:04 2004 From: Mariano Absatz To: discuss@lists.surbl.org Subject: [SURBL-Discuss] phishing attempt Date: Thu, 23 Dec 2004 11:26:40 -0300 Message-ID: <3d8676e04122306264730884d@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6001544564972461558==" --===============6001544564972461558== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi David et al. Just got this phishing attempt referencing: http://211.235.248.74:280/index.php?Ihwt=3DNBKFdEjFBJRXqkQblivPGRDGUPJEYgMMTy= rKcDqEnjCGvtTHDdyjWcPQRBwQTiEpHXcJAtnODPvZjeHMhfXehNVaorQYBvntrqRTKhToYenttVV= paTvtTptYIZWjvktMClHmtpCqvQADLwULooUYGdWocRzydTlGfTUzjxPFnptaMdMcrTaYKWnNONlT= HyALrukCRctgtqhguViMDiKngadWNoPvNphhKtJDvRJOiRVEMeqpndFvdTrQXtlLyuTiMEMiwxYGo= UjdYCtmFYITHbAFiLqHhkQUOEelcdTrXevWGOikMRUvTuachqJnDBttfmFtpyAmDViiJtuykoTfIT= tPkReOtmtzBMHQlheOdnZMHulTIgYrZgikZnarBtRcWAUiTZZKmYzVrKOcQMuQUEdURdlulfxiFqr= mprZEqyAJjoLcdhUYKXREbfYmjvxPMOedtdTzCtiMxWPAdJyOTptIvqXGMuwAjBDrFkRtucVQYLqb= xPPfhiODBLinhGOrtrKMEDVYFQPEDtFbYwggGVIhTRwOzktHETviwptctYGLglMfITkoOVxxMTmmf= vVJopTKGbNOavBhHnmqtzGXudvhXIvdfpMuGHgmIVcIpDQYReoaDWYXaufXeBbiQNEywKKfGNOWrG= VkKjkngjlgFreITgTKVxjqtWwOJkKdRHnDQARYJffpxjZqpRdlpmDziZnTkaXdHkGzKzywEELbNLt= fFwqWIUvRUJLgKIirUPRGopcUUOVIBnNgKgcubylViZcUTklDcfirvklpatZCxN&eml=3DMANGLED= (a)EXAMPLE.COM&Tt=3D Cc-ing SURBL just FYI. The complete message is at the bottom. --=20 Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com Received: from louiskoo.com ([219.251.237.182]) by prxy6.uba.ar (8.12.10/8.12.10) with ESMTP id iBNB6ZEc035962 for ; Thu, 23 Dec 2004 08:06:37 -0300 (ART) Received: from tcfexpress.com (tcfexpress.com [207.250.12.89]) by louiskoo.com with esmtp id 0D0E50BB10 for ; Thu, 2= 3 Dec 2004 14:07:24 +0300 Reply-To: TCF Message-ID: <110101c4e8df$85ab0d5f$624d22dc(a)tcfexpress.com> From: TCF Support To: Baby Subject: Debit Card Attention! Date: Thu, 23 Dec 2004 14:07:24 +0300 MIME-Version: 1.0 Content-Type: text/html X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.4682 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-GMX-Antivirus: 0 (no virus found) Return-Path: TCF - Bank Dear TCF Client,
Information to your attention: our bank is switching to newest transactions security standards.
TCF ATM services utilize advanced security technology to protect your personal financial information.
This security update will be effective immediately.
Please click on this reference.

This security upgrade will be effective immediately and requires our customers to update their ATM card information.
Thank you for contacting TCF.
TCF Security Dept.
--===============6001544564972461558==-- From jeffc@surbl.org Fri Dec 24 01:12:56 2004 From: Jeff Chan To: discuss@lists.surbl.org Subject: Re: [SURBL-Discuss] phishing attempt Date: Thu, 23 Dec 2004 16:13:43 -0800 Message-ID: <935828048.20041223161343@surbl.org> In-Reply-To: <3d8676e04122306264730884d@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4762542084242966052==" --===============4762542084242966052== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thursday, December 23, 2004, 6:26:40 AM, Mariano Absatz wrote: > Hi David et al. > Just got this phishing attempt referencing: > http://211.235.248.74:280/index.php?Ihwt=3DNBKFdEjFBJRXqkQblivPGRDGUPJEYgMM= TyrKcDqEnjCGvtTHDdyjWcPQRBwQTiEpHXcJAtnODPvZjeHMhfXehNVaorQYBvntrqRTKhToYentt= VVpaTvtTptYIZWjvktMClHmtpCqvQADLwULooUYGdWocRzydTlGfTUzjxPFnptaMdMcrTaYKWnNON= lTHyALrukCRctgtqhguViMDiKngadWNoPvNphhKtJDvRJOiRVEMeqpndFvdTrQXtlLyuTiMEMiwxY= GoUjdYCtmFYITHbAFiLqHhkQUOEelcdTrXevWGOikMRUvTuachqJnDBttfmFtpyAmDViiJtuykoTf= ITtPkReOtmtzBMHQlheOdnZMHulTIgYrZgikZnarBtRcWAUiTZZKmYzVrKOcQMuQUEdURdlulfxiF= qrmprZEqyAJjoLcdhUYKXREbfYmjvxPMOedtdTzCtiMxWPAdJyOTptIvqXGMuwAjBDrFkRtucVQYL= qbxPPfhiODBLinhGOrtrKMEDVYFQPEDtFbYwggGVIhTRwOzktHETviwptctYGLglMfITkoOVxxMTm= mfvVJopTKGbNOavBhHnmqtzGXudvhXIvdfpMuGHgmIVcIpDQYReoaDWYXaufXeBbiQNEywKKfGNOW= rGVkKjkngjlgFreITgTKVxjqtWwOJkKdRHnDQARYJffpxjZqpRdlpmDziZnTkaXdHkGzKzywEELbN= LtfFwqWIUvRUJLgKIirUPRGopcUUOVIBnNgKgcubylViZcUTklDcfirvklpatZCxN&eml=3DMANGL= ED(a)EXAMPLE.COM&Tt=3D > Cc-ing SURBL just FYI. > The complete message is at the bottom. The phishing host is now on PH and WS: /web/antispam/multi.domains.summed:74.248.235.211 127.0.0.12 900 = B locked, 74.248.235.211 on lists [ws][ph], See: http://www.surbl.org/lists.html You can check these at: http://www.rulesemporium.com/cgi-bin/uribl.cgi It's probably a lot more important to report phishing to the other addresses you used than here.... (I'm not saying this as criticism, just a comment.) Jeff C. -- "If it appears in hams, then don't list it." --===============4762542084242966052==--