'Phishing' spams for 2007

Here is the monthly breakdown of the number of phishing spams that I have received. These are the latest variant of the lotto scam, that was itself a development of the Nigerian 419 scam. The aim is to pretend to be an e-mail from a bank or credit card company, and get you to enter your account numbers and pin numbers on a bogus website. Your account is then cleared of its funds, or huge charges are racked up on your credit card.

The 'phished as' below refers to how the spammer disguises the URL with in the spam. With HTML formatted e-mails, the displayed URL can easily be made different from the actual destination e-mail address.

 Here the spammer has quoted a URL appearing to go to the natWest Online Banking website at nwolb.com. If you mouse over the suspect URL, the correct destination is displayed in the bottom left hand corner of the browser window. In this case the actual phished URL was:

029e1ae.netsolhost.com/UpdateYourAccountInformation/UpdateYourAccountInformationUpdateYourAccountInformation/UpdateYourAccountInformation/Login.aspx.htm

where 029e1ae is a server on the netsolhost.com domain, which is an IP address registered in Canada.

Month

Count

Most spamvertised information
January

8

 The perennial favourite of phishers, PayPal, appears this month.
February

13

 Several banks get phished twice this month.
March

29

 Barclays bank and PayPal are this months favourite phishing targets. Also getting a spammer in Hong Kong calling themselves 'United Cargo Solutions' and 'Lux Capital' phishing for personal details under the guise of job offers.
April

54

 A spammer keeps phishing BB&T Com [bbt.com] with bogus domains located in different countries, such as bbport.hk, cliform.cn, jweb.at and mainid.tw The Hong Kong phishing spammer naws calls itself "Aegis Capital Group LLC".
May

38

 PayPal is the phishers favourite this month.
June

23

 Royal Bank of Scotland is the favourite phishing scam this month.
July

27

 Nationwide Bank is this month's favourite.
August

44

 Concerted phish attach against the Royal Bank of Scotland, with 'sessionid' style spams.
September

55

 NatWest is this month's phishing target.
October

59

 NatWest is again this month's phishing target.
November

55

 NatWest, Abbey and Paypal get phished for this month.
December

62

 Abbey National Online Banking appears several times this month.

As to the breakdown of percentages of the total number of spam types received, it is as follows:

Only around 2% of total spams received, but they are increasing in number through the year.

REMEMBER !!!

The first line is the phished 'hook' as it appears in the spam e-mail. This is where the spammer wants you to think you are going too.

The second line is the actual website set up by the spammer to imitate a legitimate website.
This is where your ID, password and PIN gets stolen!

I have tried to highlight the services and companies being phished.

ALSO !!!

Don't think about visiting any of the spammers websites; if they are not phishing for your account details and passwords, they will try to download a virus or trojan on to your computer.

Month

Some of the phishing attempts
January
phishes as "Click here to login and restore your account access"
phishes to "PayPal account phishing suppressed by gmail"
phishes as "http://www.barclays.co.uk/cprocedure/id073557322/go.html"
phishes to "http://www.barclays.co.uk.cprocedure.id5278658.holip.sa.com/go.html"
phishes as "http://global.etrade.com/memberstart_ref073311/member"
phishes to "http://global.etrade.com.memberstart_ref7060714.1/member"
phishes as "Chase banking HERE"
phishes to "http://www.9ci.com/upload/.online/www.chase.com/online/
haseHrefurlname.chaseccprivacysecurity/start.htm cmd=LogIn"
phishes as "https://www.bankofamerica.com/"
phishes to "http://www.mayfair-events.com/.www.bankofamerica.com/.../e-online-banking/index.htm"
phishes as "https://new.egg.com/security/customer/logon?youraccounts"
phishes to "http://www.virgendelasflores.com.ar/boletin/www.new.egg.com/security/customer/youraccounts/
phishes as "http://www.53.com/bankingportal/session/conf"
phishes to "http://www.53.com.bankingportal.id8574934194349.totfit.biz/conf"
phishes as "http://0xc9.0x9b.0xe0.0xfc/eBayISAPI.dll"
phishes to "yosdude72( 13)"
February

phishes as "Go To RegionsNet Online"
phishes to "0xc9.0x10.0xfc.0xcb/secure.regionsnet.com/EBanking/logon/user.htm"

phishes as "View the eBay dispute thread to respond"
phishes to "http://shortlinks.co.uk/18k"
phishes as "http://www.catawbavalleybank.com/int_internet.asp"
phishes to "http://200.80.233.58/.web/catawba/check.php"
phishes as "https://secure.regionsnet.com/EBanking/logon/user?a=defaultAffiliate"
phishes to "http://200.80.233.58/.web/regions/secure.regionsnet.com/EBanking/logon/check.php"
phishes as "LLoyds TSB Account Expiration Alert!"
phishes to "www.fightclubsw.de/manistats/history/lloydstsb.co.uk/logon.html"
phishes as "click here"
phishes to "http://capitaloneverifyed.com/index.htm"
phishes as "Update Your Record"
phishes to "http://www.fightclubsw.de/manistats/history/Rbcbank.com/rbunxcgi.php"
phishes as "Lloyds TSB Account Expiration Alert!"
phishes to "http://www.rockombia.org/artes/lloydstsb.co.uk/logon.html"
phishes as "chaseonline.chase.com"
phishes to "207.14.77.2/~steve/index.html"
phishes as "TheShop(499)"
phishes to "http://mylenico.club.fr/inc/index.htm?SignIn&co_partnerId=2&pUserId=&siteid=0SignIn&co_part...o_
partnerId=...gif=&UsingSSL=&ru=http%3A%2F%2Fwww.ebay.com
&pp=&pa2=&errm...ngEmail=&isChecko...In&co_partnerId...y/iSL.ru.ppa2.errmsg.r"
phishes as "Sign in to Bank of America Online Banking"
phishes to "http://grommet.nl/www.bankofamerica.com/.../bankofamerica/online_bofa_banking/"
phishes as "signin.ebay.com/ebaymotors/ws/eBayISAPI.dl?RewardSurvey"
phishes to "home.doramail.com/personal12221/padalsk...9t4ls9net.html"
phishes as "View the ebay dispute thread to respond"
phishes to "ffm158.dekundenserver.de/~mvriedb9/sign.html"
March phishes as "https://online.halifax.co.uk/form_mem/sign in"
phishes to "http://www.rockombia.org/artes/update/index.php" 
phishes as "eBay account farringtons*noel ( 2177 )"
phishes to "home.doramail.com/myquestions/aikhajhdk...kjghalkjg.html"
phishes as "[Lloyds TSB Bank] Account Expiration Alert!"
phishes to "vetzikian.hello.fr/lloyds/logon.html"
phishes as "Go To RegionsNet Online"
phishes to "http://0xd2bcda37/service/regions06/"
phishes as "Click here to update your PayPal Information"
phishes to "http://rds.yahoo.com/_ylt=A0o...2076/**http://218.58.76.99/...paypal.comcgi...31b.htm"
phishes as "click here to complete the Capital One renew form with your current information"
phishes to "protec-info-capitalone.com/index.htm"
phishes as "www4.usbank.com/internetBanking/LoginRouter"
phishes to "www.fsguilde.com/ds/flash/www.usbank.com/"
phishes as "Please click here to continue to Chase Banking"
phishes to "hazardousproject.info/dat_file/www.chase.com/index.html"
phishes as "chaseonline.chase.com/renew.php?uur=462f&uid=532g5fd "
phishes to "marilynphoto.com/~info/chaseonline.chase.com/"
April phishes as "wachovia.com/secure/update/ssl.cfm"
phishes to "xn--cck1dycxdu36t.com/ad/fga/Wachovia_Online/AuthServiceaction%3dpresentLogin/"

phishes as "eBay Silver PowerSeller Program - Join now!"
phishes to "mail.sterns.com.au/%2520..%2520/ws/ebay-login/powerseller-update/"
phishes as "wachovia.com/secure/update/ssl.cfm"
phishes to "xn--cck1dycxdu36t.com/ad/fga/Wachovia_Online/AuthServiceaction%3dpresentLogin/"
phishes as "Become an eBay Power Seller"
phishes to "81.91.65.243/modif/ws/ebay-powerseller/?SignIn%26co_partnerI
d%3d2%26pUserId%3d%26siteid%3d0%26pageType%3d%26pa1%3d%26i1%3d%26bshowgif%3d%26UsingSSL%3d%26r"
phishes as "ameslan.gif"
phishes to "barclays.co.uk.procedureid855858848.giltlive.nu/client.html"
phishes as "TUW.gif"
phishes to "https.www.bankofamerica.com.account.type.activation_id968456563./boa/"
phishes as "https://www.banking.us.hsbc.com/HICServlet?cmd_BIBLogin=&ac...uage=en-us®ion=prd"
phishes to "http://208.29.194.201/~info/index.htm"
phishes as "https://www.banking.us.hsbc.com/HICServlet?cmd_BIBLogin=&acc...ge=en-us®ion=prd"
phishes to "http://208.29.194.201/~info/index.htm"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.futuresistem.ro/images/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.futuresistem.ro/images/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "join the eBay Silver PowerSeller Program"
phishes to "ftp://p0_521438:info@ftp.php0h.com/www/dsadas%26co_partnerId%...26favoritenav.html"
phishes as "www.halifax.co.uk/onlineservices/login.asp"
phishes to "www.sueandforrest.com/host/index.html"
phishes as "online.wamu.com/IdentityManagement/Logon.aspx"
phishes to "www.globalprojects.be/ebgo/wawu.htm"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.area07.com/antik/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.area07.com/antik/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.hpdi.ro/images/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.hpdi.ro/images/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "business-eb.client007147311-form.bbt.com/clients/form/b_form.jsp"
phishes to "business-eb.client436877988-form.bbt.com.dgsecure.hk/clients/form/b_form.jsp"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.swattitude.ro/img/www.paypal.com/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "business-eb.client007147311-form.bbt.com/clients/form/b_form.jsp"
phishes to "business-eb.client1762597131-form.bbt.com.bbport.hk/clients/form/b_form.jsp"
phishes as "www.paypal.com/cgi-bin/webscr?cmd=_login-run_resc"
phishes to "www.funlux.be/paypl.html"
phishes as "business-eb.client007147311-form.bbt.com/clients/form/b_form.jsp"
phishes to "business-eb.client15287085-form.bbt.com.cliform.cn/clients/form/b_form.jsp"

phishes as "business-eb.client007147311-form.bbt.com/clients/form/b_form.jsp"
phishes to "business-eb.client59020-form.bbt.com.rixtip.vg/clients/form/b_form.jsp"

phishes as "business-eb.client007147311-form.bbt.com/clients/form/b_form.jsp"
phishes to "business-eb.client5550899668-form.bbt.com.jweb.at/clients/form/b_form.jsp"
phishes as "baggage.gif"
phishes to "business-eb.client07661-form.bbt.com.djkuy.hk/clients/form/b_form.jsp"
phishes as "paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "eshop.harmonny.cz/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "eshop.harmonny.cz/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "PromotionsGateway.com American Express Card"
phishes to "www.geocities.com/cekimyco96574"
phishes as "carboxylic.gif"
phishes to "business-eb.client65809-form.bbt.com.mainid.tw/clients/form/b_form.jsp"
phishes as "eBay dispute details page"
phishes to "rrcs-24-105-140-29.nyc.biz.rr.com/www/index.html"
phishes as "corsage.gif"
phishes to "business-eb.client11794-form.bbt.com.rofjer.info/clients/form/b_form.jsp"

phishes as "Please enroll in our security upgrade by clicking here"
phishes to "web.da-us.citibank.com.6309a46.com/citifi/scripts/login2/index.html?iv=D6C2...A2BF12C"

phishes as "business-eb.client007147311-form.bbt.com/clients/form/b_form.jsp"
phishes to "business-eb.client4380784285-form.bbt.com.mainid.sh/clients/form/b_form.jsp"
phishes as "please review the ebay dispute details page"
phishes to "ns.fjk.ne.jp/~yoko/"
May phishes as "paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "arsnova.ro/css/www.paypal.com/cgi-bin/webscrcmd=_login-run/update.php"

phishes as "BB&T - accompaniment.gif"
phishes to "business-eb.client5664273-form.bbt.com.rofjer.info/clients/form/b_form.jsp"
phishes as "MB Trading - dinosaur.gif"
phishes to "session040981.mbtrading.com.cliform.cn/mb/secure/default.asp"
phishes as "To restore your account, please Sign in to Bank Of America Online Banking"
phishes to "so-charmed.net/gallery/include/config/control.do/secure/update/
online.bankofamerica.com/confirmation/login/index.html"
phishes as "www.paypal.com/cgi-bin/webscr.php?cmd/ssl/Account-Limitation/ID-98273328743/"
phishes to "rrcs-67-52-165-78.west.biz.rr.com/psinf.htm"
phishes as "Bank of America Customer Service"
phishes to "www.bankofamerica.com.cgi-bin.imcpprd.dll.ac8a562.com/Ctrl.jsp/BV_UseBVCookie"
phishes as "www.paypal.com/cgi-bin/webscr?cmd=_login-run"
phishes to "218.224.226.126/www.paypal.com/webscr_cmd=_login-run5449/"
phishes as ">>> Dear PayPal Inc. user Click here <<<"
phishes to "mail4.baxy.com/thank.html"
phishes as "session-1280564224.etrade.com/infocenter/userdirectory/form.asp"
phishes to "session-1280564224.etrade.com.ljyybh.cn/infocenter/userdirectory/form.asp"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "cifdesign.ro/area3/www.paypal.com/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "www.halifax-online.co.uk/_mem_bin/formslogin.asp?source=halifaxcoukHOME"
phishes to "lighthousetabernacle.org/components/com_user/www.halifax.co.uk/...-online-banking/"
phishes as "cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120113525429&sspagename=ADME:L:RTQ:US:1"
phishes to "www.seiwakaiingersoll.com/img/icons/tabs/"
phishes as "unlock your Wells Fargo ® Online Banking account at online.wellsfargo.com/login?ZXihop3D"
phishes to "www.bildiskane.se/shop/catalog/images/wells/wells/login.html"
phishes as "Your Bank of America Online Banking is Blocked - Please click on Sign in today"
phishes to "www.hotel-oberrhein.de/class/www.bankofamerica.com/index.htm"
phishes as "Western Union sign in and verify your identity"
phishes to "www.modentic.com.tw/.cgi-bin/wumt/westernunion.com/asp/signin/regLogin/"
phishes as "online.wellsfargo.com/login?ZXJyb3Iubm9Vc2VybmFtZQ%3D%3D"
phishes to "www.mkboutique.fr/images/wells/wells/login.html"
phishes as "Please click on sign in to CIBC Online Banking to continue & ensure your account security"
phishes to "all-free-classifieds.com/cibc/index.htm"
phishes as "www.halifax-online.co.uk/_mem_bin/formslogin.asp"
phishes to "ramakrishna.org.ar/portada/generales/halifax-online.co.uk/_mem_bin/formslogin.asp/"
June phishes as "www.Citibank.com/Restore.Account"
phishes to "store.bgwe.org/catalog/images/Security-Online/.../ www.Citibank.com/us/d.htm"
phishes as "cgi.ebay.com/USD020-iTunes-Gift-Certificate-Card-Digital-Delivery_W0QQit...dZViewItem"
phishes to "home.doramail.com/s...2n12Res12pond1Now1.html"
phishes as "opensession-622531.usaa.com/inet/clientform/data/process.asp"
phishes to "opensession-622531.usaa.com.yourbmx.at/inet/clientform/data/process.asp"
phishes as "Please Log On under your personal Washington Mutual link"
phishes to "0xD2.0x8D.0xDF.0x4B/online.wamu.com/"
phishes as "Amazon.com Account Update"
phishes to "fixpreis.at/images/.style/.upfree.htm"
phishes as "www.lloydstsb.com/signon?LOB=CONS&screenid=Update_Ac"
phishes to "szczep307.futuro.biz.pl/joomla/modules/lloyds/update.html"
phishes as "www.bancaintesa.it/verifica_profilo/index.htm"
phishes to "dierenartspraktijkhvandermast.nl/cache/www.bancaintesa.it/"
phishes as "chaseonline.chase.com/accountservices.jsp"
phishes to "212.122.212.122/.CHASE-MANHATTAN-BANK/index.htm"
phishes as "www.paypal.com/cgi-bin/webscr?cmd=3D_login-run"
phishes to "209.182.59.64/login.htm?PlaceCCInfo_AccountUpdate-cmd=3Dlogin_run"
phishes as "opensession-870974.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "opensession-870974.nationwide.co.uk.hiareshi.tw/clientarea/form/startprocess.asp"
phishes as "www.wachovia.com/secure/update/ssl.cfm"
phishes to "www.fsv-bennstedt.de/cache/service.htm"
phishes as "opensession-932444598.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "http://opensession-932444598.nationwide.co.uk.fullport.tw/.../startprocess.asp"
phishes as "An email regarding this was sent to your email address on file with eBay"
phishes to "www.chopstickz.net/meimei/ch/ebay/verify.../eBayISAPIdll/submit/i/ws/index.html"
phishes as "Go To www.bankofamerica.com"
phishes to "www.mewcrazy.com/forum/acp/.../sitekey.bankofamerica.com/sas/.../index.html"
phishes as "PayPal Dispute Transaction"
phishes to "developpement-ecommerce.com/paypal.co.uk/pay-pal/.../updates-pay-pal/confirm-pay-pal/"
phishes as "eBay dispute details page"
phishes to "sales@phones4u.com"
phishes as "sessionid-8568183004.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-8568183004.rbs.co.uk.portid.ph/customerdirectory/direct/ccf.aspx"
phishes as "Bank of America Online Banking Security Team ~ Sign in to Secured Online Banking"
phishes to "www.lospitijopos.com/joomla/components/com_mosforms/bankofamerica-online-update/index.html"
phishes as "sessionid-7583441.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-7583441.rbs.co.uk.eportid.ph/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-3129596871.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-3129596871.rbs.co.uk.ddyeyh.info/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-3741041193.rbs.co.uk.vllla3.hk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-3741041193.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes as "203.190.143.234/ws/signin.ebay.com/www.ebay.com/eBayISAPI.dllSignIn&pUserIdco/"
phishes to "sales@lwpelectronics.com"
July phishes as "sessionid-09139341.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-09139341.rbs.co.uk.yyuejc.hk/customerdirectory/direct/ccf.aspx"

phishes as "signin.ebay.com/ws/eBayISAPI.dll?SignIn"
phishes to "0x5037eb02/docs/.dll/link.php"
phishes as "sessionid-234248.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-234248.rbs.co.uk.vnasmdom.cc/customerdirectory/direct/ccf.aspx"
phishes as "www.paypal.com/cgi-bin/webscr?cmd=login-run"
phishes to "203.161.83.215/%20/.us/login-run.php"
phishes as "online.lloydstsb.co.uk/customer.ibc"
phishes to "www.motorintro.com/ads/.web/www.lloydstsb.com/account/logon.ibc/"
phishes as "update.bankofamerica.com"
phishes to "www.informatique-mania.com/images/.boa/"
phishes as "sessionid-644407232.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-644407232.rbs.co.uk.myjude.jp/customerdirectory/direct/ccf.aspx"
phishes as "Click here to activate your PayPal account"
phishes to "srdev.fr/https/www.paypal.com/cgi-bin/webscr/.../udpateinfosPayPalusercmdID12549JDk23/"
phishes as "www.lloydstsb.co.uk /security/alert/custome r.ibc"
phishes to "www.siegenparty.de/components/com_extcalendar/images/customer.ibc.html"
phishes as "opensession-8082265411.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "opensession-8082265411.nationwide.co.uk.poklonuser.hk/clientarea/form/startprocess.asp"
phishes as "opensession-80002.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "opensession-80002.nationwide.co.uk.golpoweber.com/clientarea/form/startprocess.asp"
phishes as "opensession-531457.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "opensession-531457.nationwide.co.uk.fuaraj.com/clientarea/form/startprocess.asp"

phishes as "sessionid-631047.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-631047.rbs.co.uk.ysdtorl.us/customerdirectory/direct/ccf.aspx"

phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "scand.ro/images/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "opensession-380043.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "opensession-380043.nationwide.co.uk.logpass.hk/clientarea/form/startprocess.asp"
phishes as "nfbconnect-595891.northforkbank.com/cashman/banking/ccf.asp"
phishes to "nfbconnect-595891.northforkbank.com.kkl.kg/cashman/banking/ccf.asp"
phishes as "opensession-22618663.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "opensession-22618663.nationwide.co.uk.kleomod.hk/clientarea/form/startprocess.asp"
phishes as "sessionid-13946894.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-13946894.rbs.co.uk.hkxeop.st/customerdirectory/direct/ccf.aspx"
phishes as "opensession-60672.nationwide.co.uk/clientarea/form/startprocess.asp"
phishes to "opensession-60672.nationwide.co.uk.mimomoney.hk/clientarea/form/startprocess.asp"
phishes as "sessionid-707810.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-707810.rbs.co.uk.mimomoney.hk/customerdirectory/direct/ccf.aspx"
phishes as "signin.ebay.com/ws/eBayISAPI.dll?SignIn"
phishes to "0x5367aa3d/.dll/link.php"
phishes as "userconfirmationform-id44375272.ebay.com/userdirectory/eBayISAPI.dll"
phishes to "userconfirmationform-id44375272.ebay.com.okgirt.net/userdirectory/eBayISAPI.dll"
phishes as "www.http://www.wachovia.com/secure/update/ssl.cfm"
phishes to "le-clerc.de/site/mambots/content/geshi/geshi/index.htm"
phishes as "VIVO LTDA© www.vivo.com.br"
phishes to "www.bittyurl.com/?c695e3"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "bartonsmykker.dk/images/sitemap/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "userconfirmationform-id502879.ebay.com/userdirectory/eBayISAPI.dll"
phishes to "userconfirmationform-id502879.ebay.com.hrugor.biz/userdirectory/eBayISAPI.dll"
phishes as "sessionid-526442.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-526442.rbs.co.uk.foc2k.us/customerdirectory/direct/ccf.aspx"
August phishes as "wellsfargo.com/online/Logon.htm"
phishes to "www.coolermaster-europe.com/de/stacker4free/online.wellsfargo.com/logon.html"

phishes as "myaccount.session-4769337.godaddy.com/AccountConfirmation/account.aspx"
phishes to "myaccount.session-4769337.godaddy.com.dckoee.ch/AccountConfirmation/account.aspx"
phishes as "Banca di Roma entrare"
phishes to "wsip-70-183-8-175.ri.ri.cox.net/www.bancadiroma.it/felix/BDR_IB_FLogin.aspx/index.htm"
phishes as "sessionid-579804880.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-579804880.rbs.co.uk.porot.eu/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-9180670.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-9180670.rbs.co.uk.lomdos.hk/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-31168.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-31168.rbs.co.uk.fjwww.hk/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-20689952.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-20689952.rbs.co.uk.force4.li/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-418191.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-418191.rbs.co.uk.ibmig.hk/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-99940.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-99940.rbs.co.uk.portlab.li/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-24821404.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-24821404.rbs.co.uk.nextid.ch/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-9297468889.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-9297468889.rbs.co.uk.jopdo.hk/customerdirectory/direct/ccf.aspx"
phishes as "www.nationwide.co.uk/signon?LOB=CONS&screenid=Update_Ac ct"
phishes to "www.movergospel.com.br/components/com_simpleboard/uploaded/index.html"
phishes as "olb2.nationet.com/Update/Verify/default2.asp"
phishes to "www.hotel-eisvogel.de/www.nationwide.co.uk/olb2.nationet.comdefault2.aspID%...3eb.html"
phishes as "sessionid-78790.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-78790.rbs.co.uk.flloer3.cn/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-389746.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-389746.rbs.co.uk.loorif.hk/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-78234650.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-78234650.rbs.co.uk.ai7euc.hk/customerdirectory/direct/ccf.aspx"
phishes as "Click here to activate your PayPal account"
phishes to "srdev.fr/images/paypal.co.uk/paypal/cgi-bin/.../updates-paypal/confirm-paypal/index.htm"
phishes as "halifax-online.co.uk/_mem_bin/customer/formslogin.asp"
phishes to "anitaberg.pl/campotur/campobusy/www.halifax-online.co.uk/formslogin.asp/"
phishes as "mybusinessbank.alliance-leicester.co.uk/cs70_banking/sbuser.asp"
phishes to "mybusinessbank.alliance-leicester.co.uk.konrjt.cn/cs70_banking/sbuser.asp"
phishes as "sessionid-30160.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-30160.rbs.co.uk.serviceid.hk/customerdirectory/direct/ccf.aspx"
phishes as "Sign in to Bank of America Online Banking"
phishes to "opendock.net/TR/www.BankOfAmeria.com/www.BankOfAmeria.com/.../www.BankOfAmeria.com.html"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.casaleone.ro/images/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "sessionid-370427861.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-370427861.rbs.co.uk.o33nf.hk/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-04180296.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-04180296.rbs.co.uk.cjdue2.hk/customerdirectory/direct/ccf.aspx"
phishes as "www.nationwide.co.uk/update"
phishes to "ctweek.ihostservers.net/db/index.html"
phishes as "login to your Egg Banking account"
phishes to "hoodcompany.com/templates/tmpl1/admin/edit/eggbank/security/customer/logon/URI/new.egg.com/
customer/youraccounts/Egg+Security+Login.htm"
phishes as "To initiate the Nationwide Building Society Re-Confirmation process"
phishes to "www.framipek.sk/limbo/templates/index.html"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.paypal.com.host.jmbc.com/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "you must visit our Western Union account website"
phishes to "lab.etat.com/manual/platform/.../update/regLogin/wumt.westernunion.com/.../counter.php"
phishes as "Go to our Western Union Support Dept website now"
phishes to "intsvr3.tangs.net/mobycar/.%20/.cgi-bin/wumt/.../wumt.westernunion.com/...index.php"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.thepharaohs.info/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "login to your Egg Banking account "
phishes to "hoodcompany.com/templates/.../eggbank/.../new.egg.com/.../Egg%20Security%20Login.htm"
phishes as "sessionid-5603531782.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-5603531782.rbs.co.uk.wovob1v.cn/customerdirectory/direct/ccf.aspx"
phishes as "www.natwest.com"
phishes to "ballack13.org/galery/include/bin/Login.html"
phishes as "Verify Your Bank of America Online Banking Access"
 phishes to "loginssecurity.com/update=_account/security/login.asp/"
phishes as "sessionid-3629730.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-3629730.rbs.co.uk.x-0-x.zj.cn/customerdirectory/direct/ccf.aspx"
phishes as "sessionid-5277642.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-5277642.rbs.co.uk.kiiuue.gx.cn/customerdirectory/direct/ccf.aspx"
phishes as "Click here to activate your PayPal account"
phishes to "srdev.fr/images/paypal.co.uk/paypal/.../confirm-paypal/index.htm"
phishes as "Credit Union National Association 5 questions survey"
phishes to "0x3d112af9/services/paymentprotectorplan/"
phishes as "sessionid-458961.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-458961.rbs.co.uk.adoor4.xj.cn/customerdirectory/direct/ccf.aspx"
phishes as "www.natwest.com"
phishes to "ballack13.org/galery/include/bin/Login.html"
phishes as "w ww.nationwide.co.uk/update"
phishes to "forum.site-assistant.net/updateserver.htm"
phishes as "w ww.nationwide.co.uk/update"
phishes to "forum.site-assistant.net/updateserver.htm"
September phishes as "www.online.wellsfargo.user411394415.com/session.cgisessargs=9M...Fx"
phishes to "www.online.wellsfargo.user411394415.com/session.cgisessargs=9M4...Fx"

phishes as "Click here to continue , Security Bank Of America"
phishes to "protecting-online.com/www.BankOfAmeria.com/.../e-online-banking/"
phishes as "update your online access code Wachovia Home"
phishes to "onlinesecurity-us.com/securtiy-/onlineservices.wachovia.com/...resentLogin/"
phishes as "www.nfbconnect.com/cashman"
phishes to "nfbconnect.cashman.cgi-bin024522.sslserv57.com/index.php"
phishes as "Click here to activate your PayPal account"
phishes to "www.karahisarliyiz.biz/images/https/paypal.co.uk/p...updates-paypal/confirm-paypal/"
phishes as "onlinesession-1258640.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-1258640.natwest.com.maritanna5.cn/.../start.aspx"
phishes as "onlinesession-05889234.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-05889234.natwest.com.anixt-pop6.cn/.../start.aspx"
phishes as "Click here to activate your PayPal account"
phishes to "www.nasasp.org/https/paypal.com/au/cgi-bin/...updates-paypal/confirm-paypal/"
phishes as "Click here to activate your PayPal account"
phishes to "www.nasasp.org/https/paypal.com/.../updates-paypal/confirm-paypal/"
phishes as "Click here to activate your PayPal account"
phishes to "www.dinamoka.hu/https/cgi/paypal.com/...updates-paypal/confirm-paypal/"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.hotelecho.sk/sitemap/cgi-bin/webscrcmd%3d_login-run/update.php"
phishes as "Click here to Sign in to Online Banking to reactivate your Bank of America Bank account"
phishes to "gsm2you.com/images/www.BankOfAmeria.com/.../www.BankOfAmeria.com.html"
phishes as "rbsdigital-id345679117.rbs.co.uk/rbs_onlineform/customercare/form.aspx"
phishes to "rbsdigital-id345679117.rbs.co.uk.uadmin.com.ai/rbs_onlineform/customercare/form.aspx"
phishes as "onlinesession-755301982.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-755301982.natwest.com.rtport.ch/updatemode/userdatadirectory/start.aspx"
phishes as "rbsdigital-id29821.rbs.co.uk/rbs_onlineform/customercare/form.aspx"
phishes to "rbsdigital-id29821.rbs.co.uk.uadmin.com.ai/rbs_onlineform/customercare/form.aspx"
phishes as "www4.usbank.com/internetBanking/RequestRouter?requestCmd Id=DisplayLoginPage"
phishes to "ejang.new21.org/db/www/USBank/index.html"
phishes as "onlinesession-5934902395.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-5934902395.natwest.com.lo4prt.hi.cn/.../start.aspx"
phishes as "onlinesession-3224842444.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-3224842444.natwest.com.4eflob.cn/updatemode/userdatadirectory/start.aspx"

phishes as "onlinesession-131676.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-131676.natwest.com.lookall.ch/updatemode/userdatadirectory/start.aspx"

phishes as "onlinesession-37331.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-37331.natwest.com.heruve32.cn/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-49889.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-49889.natwest.com.letvot2.cn/updatemode/userdatadirectory/start.aspx"
phishes as "Continue To Bank of America Online Banking"
phishes to "s0106001346bbf25b.vc.shawcable.net/ancient/++/2/"
phishes as "militarybankonline.bankofamerica.com/efs/servlet/military/login.jsp"
phishes to "militarybankonline-bankofamerica.angelestube.com/"
phishes as "onlinesession-9897140064.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-9897140064.natwest.com.garrif.com/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-9808796.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-9808796.natwest.com.shoeuld.cn/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-5033365.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-5033365.natwest.com.soldofo.gd.cn/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-23856835.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-23856835.natwest.com.ffires.cn/updatemode/userdatadirectory/start.aspx"
phishes as "please contact Financial Trust Bank Benin: finacialbank_directorpayment@yahoo.fr "
phishes to "finacialbank_directorpayment@yahoo.fr"
phishes as "chaseonline.chase.com/online/"
phishes to "www.montin.sk/chaseonline.chase.com/chase.php"
phishes as "www.paypal.com/us/"
phishes to "www.myfriendsonlinecam.com/customers/Customers-Paypal/.../__/login/paypal.php"
phishes as "rbsdigital-id66021.rbs.co.uk/rbs_onlineform/customercare/form.aspx"
phishes to "rbsdigital-id66021.rbs.co.uk.relob.cn/rbs_onlineform/customercare/form.aspx"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "canopus.regmax.net/~demo/images.html"
phishes as "onlinesession-7990980283.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-7990980283.natwest.com.carapic2o.cn/.../start.aspx"
phishes as "onlinesession-31447.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-31447.natwest.com.cara2icho.cn/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-765556780.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-765556780.natwest.com.dj11poison.cn/.../start.aspx"
phishes as "onlinesession-837908946.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-837908946.natwest.com.tron4off1.xz.cn/.../start.aspx"
phishes as "Bank of America Online Banking Support Enroll now"
phishes to "mail.ics.com.ph/icons/.../sitekeys.bankofamerica.us/signon.php?SSL512=yes"
phishes as "rbsdigital-id81932977.rbs.co.uk/rbs_onlineform/customercare/form.aspx"
phishes to "rbsdigital-id81932977.rbs.co.uk.mit4ac.cn/rbs_onlineform/customercare/form.aspx"
phishes as "Halifax Online Accounts Click Here To Start"
phishes to "ilc-exxir.com/img/img/www.halifax-online.co.uk/secure/_mem_/formslogin.asp/index.html"
phishes as "Halifax Online Accounts Click Here To Start"
phishes to "ilc-exxir.com/img/img/www.halifax-online.co.uk/secure/_mem_/formslogin.asp/index.html"
phishes as " To confirm your Bank of America Online Banking records click on the following link"
phishes to "0xd3.0x90.0xcc.0x87/icons/small/www.bankofamerica.com/sslencrypt218bit/online_banking/"
phishes as "olb2.nationet.com/Update/Verify/default2.asp?"
phishes to "www.rizalknights.com/olb2.nationet.com/...=user_cmdID12549JDk23/update/"
phishes as "Click here to Sign in to Bank of America Online Banking"
phishes to "blintec.es/images/www.BankOfAmeria.com/.../www.BankOfAmeria.com.html"
phishes as "onlinesession-02394282.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-02394282.natwest.com.gleli4.gz.cn/updatemode/userdatadirectory/start.aspx"
phishes as "rbsdigital-id871731.rbs.co.uk/rbs_onlineform/customercare/form.aspx"
phishes to "rbsdigital-id871731.rbs.co.uk.v3arian.xz.cn/rbs_onlineform/customercare/form.aspx"
phishes as "onlinesession-3184533.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-3184533.natwest.com.nuca3.cn/updatemode/userdatadirectory/start.aspx"
phishes as "www.nationwide.co.uk/signon?LOB=C ONS&screenid=verify "
phishes to "www.ramseybmx.com/skins/advanced/Nationwide.co.uk/index.html"
phishes as "Log In to Lloyds TSB"
phishes to "www.santocoyotemty.com/inicio/components/com_extcalendar/images//customer.htm"
phishes as "onlinesession-87646256.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-87646256.natwest.com.jovago31.gx.cn/updatemode/userdatadirectory/start.aspx"
phishes as "Bank of America Access Plus Online Banking service"
phishes to "207-172-209-227.c3-0.ded-ubr1.sbo-ded.ma.static.cable.rcn.com/Applet/sitekey/index.htm"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "www.radioinfinit.ro/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "Click here to verify your PayPal Information"
phishes to "www.paypal.com.cgi-bin.webscr.cmd%3d_...rapidvps.com...www.santiagocorp.com.ar/"
October phishes as "sitekey.bankofamerica.com/verification-ID8932784972/"
phishes to "cartonserviceonline.com/boa/signon.php"
phishes as "Reactivate Wachovia Corporation Check Card"
phishes to "student.lkpfc.com/news/active.html"
phishes as "*Renew My Online Lloyds TSB Bank plc profile* "
phishes to "www.tulun.net/nuke/modules/Prise/up.htm"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "gicamondialu.com/cgi-bins/webscr.php?cmd=_login-run"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "196.25.217.70/~m0pe/"
phishes as "onlinesession-36339208.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-36339208.natwest.com.dfllwef.gs.cn/updatemode/userdatadirectory/start.aspx"
phishes as "sessionid-2683329046.rbs.co.uk/customerdirectory/direct/ccf.aspx"
phishes to "sessionid-2683329046.rbs.co.uk.gkiirgm.cn/customerdirectory/direct/ccf.aspx"
phishes as "online.wellsfargo.com/signon?LOB=CONS"
phishes to "e-elson.com/admin/imagen_noticias/.notice/.../concerningyouronlinesecurity/"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "196.25.217.70/~m0pe/"
phishes as "rbsdigital-id024296.rbs.co.uk/rbs_onlineform/customercare/form.aspx"
phishes to "rbsdigital-id024296.rbs.co.uk.ddinghh.in/rbs_onlineform/customercare/form.aspx"
phishes as "onlinesession-5822383.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-5822383.natwest.com.oili34.gz.cn/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-0207997.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-0207997.natwest.com.moloit.hk/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-4432008.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-4432008.natwest.com.jack666.in/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-370910.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-370910.natwest.com.hekirty.co.nz/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-88250949.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-88250949.natwest.com.popoe.zj.cn/updatemode/userdatadirectory/start.aspx"
phishes as "log in to PayPal"
phishes to "telekom.webchillers.com.sg/manual/ssl/.../www.paypal.com/cgi-bin/"
phishes as "Click the button To respond to This eBay Notification to send your response via E-Mail"
phishes to "207.236.233.130/eba.html"
phishes as "onlinesession-030693.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-030693.natwest.com.dddmode.cn/updatemode/userdatadirectory/start.aspx"
phishes as "eBay member services - Respond To This Notification"
phishes to "207.236.233.130/eba.html"
phishes as "online.wellsfargo.com/signon?LOB=CONS"
phishes to "urduna.com/2006/.../sessionloadidscriptbywellsfargocustomerforonlineacess/.../"
phishes as "onlinesession-1365388633.natwest.com.zaipall.cn/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-1365388633.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes as "fol.pals.cas.cz/.../isec-halifax/www.halifax-online.co.uk/.../index.html"
phishes to "Halifax Bank Customer Click Here To Start"
phishes as "onlinesession-091991.natwest.com.a344067.gz.cn/.../userdatadirectory/start.aspx"
phishes to "onlinesession-091991.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-681896.natwest.com.1lotip.cn/.../userdatadirectory/start.aspx"
phishes to "onlinesession-681896.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes as "https://signin.ebay.com/ebaymotors/ws/eBayISAPI.dl?RewardSurvey"
phishes to "65.215.31.4/Motors%20Inc.%20-%20Reward%20Survey.html"
phishes as "SERVICE - eBay Inc. - Reward Survey"
phishes to "65.215.31.4/Motors%20Inc.%20-%20Reward%20Survey.html"
phishes as "onlinesession-26858383.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-26858383.natwest.com.jufuer.hk/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-5754217.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-5754217.natwest.com.lloritg.hk/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-5754217.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-5754217.natwest.com.lloritg.hk/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-860805443.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-860805443.natwest.com.nioer4.net.nz/updatemode/userdatadirectory/start.aspx"
phishes as "onlinesession-1610768835.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-1610768835.natwest.com.gjueurg.hk/updatemode/userdatadirectory/start.aspx"
phishes as "Click here to Sign on to Lloyds TSB Online"
phishes to "www.astroceta.com/sitio/administrator/components/customer.htm"
phishes as "www.paypal.com/us/"
phishes to "www.atomicacorn.com/dotProject/includes/paypal.php"
phishes as "onlinesession-5487848499.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-5487848499.natwest.com.deeper4.gx.cn/.../start.aspx"
phishes as "Go To PayPal Online"
phishes to "www.marionetacafebar.com//cubopublico/media/sht/am/redirect.htm"
phishes as "verify your PayPal account information By Clicking Here"
phishes to "www.mommasterminds.com/dt/admin/.www.paypal.com/"
phishes as "onlinesession-570075765.natwest.com/updatemode/userdatadirectory/start.aspx"
phishes to "onlinesession-570075765.natwest.com.77654.li/updatemode/userdatadirectory/start.aspx"
phishes as "Halifax website"
phishes to "www.digitel.fr/images/mux/isec-halifax/www.halifax-online.co.uk/.../index.html"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "milkriver.co.uk/imagini/sitemap/cgi-bin/webscrcmd/update.php"
phishes as "www.paypal.com/cgi-bin/webscr?cmd=_login-submit/?136"
phishes to "213.49.129.5/tapa.html"
phishes as "Silkroad Online will Ban Your account if You didnt accept Privacy Policy & Terms of Use"
phishes to "01fe91c.netsolhost.com/Silkroadonline/Secure/"
phishes as "Silkroad Online will Ban Your account if You didnt accept Privacy Policy & Terms of Use"
phishes to "01fe91c.netsolhost.com/Silkroadonline/Secure/"
phishes as "Silkroad Online will Ban Your account if You didnt accept Privacy Policy & Terms of Use"
phishes to "01fe91c.netsolhost.com/Silkroadonline/Secure/"
phishes as "Silkroad Online will Ban Your account if You didnt accept Privacy Policy & Terms of Use"
phishes to "01fe91c.netsolhost.com/Silkroadonline/Secure/"
phishes as "Silkroad Online will Ban Your account if You didnt accept Privacy Policy & Terms of Use"
phishes to "01fe91c.netsolhost.com/Silkroadonline/Secure/"
phishes as "online.wellsfargo.com/signon?LOB=CONS"
phishes to "www.tarekfayed.com/images/files/logon.htm"
phishes as "online.wellsfargo.com/signon?LOB=CONS"
phishes to "www.tarekfayed.com/images/files/logon.htm"
phishes as "Secure Your TCF National Bank Privacy"
phishes to "www.hermes24.com/termine/subscriber.html"
phishes as "This is your official notification from U.S. Bancorp Alerts to *Renew My Online profile*"
phishes to "soireespc.free.fr/php/modules/Journal/profile.htm"
phishes as "This is your official notification from U.S. Bancorp Alerts to *Renew My Online profile*"
phishes to "soireespc.free.fr/php/modules/Journal/profile.htm"
phishes as "Bank of America Online Banking account"
phishes to "smartpoint.mcv-net.eu/closed.php"
phishes as "www.http://www.wachovia.com/secure/update/ssl. cfm"
phishes to "www.from.me.uk/include/...wachovia%2520online+%2520banking%2520tra...0a+lert.html"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "idelta.deltacr.com/delta.html"
phishes as "sitekey.bankofamerica.com/verification-ID8932784972/"
phishes to "210.22.161.228:90/icons/boaaa.html"
phishes as "Please Login Here and complete the "Steps to Remove PayPal Limitations.""
phishes to "www.cecaba.org.ar/scripts/rdf/sthine.html"
phishes as "Aller mettre à jour votre compte pour PayPal"
phishes to "www.serveurmapx3.com/www.paypal.fr/...42ILckL16...IGI0qgARKV_pf27...HygyKB.htm"
phishes as "Change your e-bay preferences"
phishes to "71.98.246.246/roma.html"
phishes as "Change your e-bay preferences"
phishes to "71.98.246.246/roma.html"
November phishes as "Click here to update your Bank of America account!"
phishes to "www.parkviewchurch.org/onlineid.1.bankofamerica.com/.../bankofamerica/index.html"
phishes as "Accedi a GranPremio Mondo BancoPosta e Verifica Utente"
phishes to "71.227.249.154/kevinhafamily/Kevinha/Top2/login-privati1.html"
phishes as "update.bankofamerica.com/olb/p/LoginMember.do"
phishes to "banomerica.vinahi.com/repution/bankofamerica/online_bofa_banking/e-online-banking/"
phishes as "Accedi a GranPremio Mondo BancoPosta e Verifica Utente"
phishes to "210.245.169.205/bpol/login-privati1.html"
phishes as "www.natwest.co.uk/securesession/action.aspx?refererident=24452970175788...1180"
phishes to "www.natwest.co.uk.daviyungd.li/securesession/action.aspx?refererident=24...1180"
phishes as "www.nationwide.co.uk/.../httpnationwide.co.uk=updating/0,,80120,00.html"
phishes to "thomasbbg.com/unzip%20sasa.zip/ans/www.nationwides.co.uk/.../olb2.nationet.com/...htm"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "idelta.deltacr.com/delta.html"
phishes as "online.bankofamerica.com/IdentityManagament/"
phishes to "smartpoint.mcv-net.eu/closed.php"
phishes as "www.nationwide.co.uk/.../httpnationwide.co.uk=updating/0,,80120,00.html"
phishes to "thomasbbg.com/unzip%20sasa.zip/ans/www.nationwides.co.uk/.../olb2.nationet.com/...htm"
phishes as "online.wellsfargo.com/signon?LOB=CONS"
phishes to "zedoenalles.nl/linkex/security/concerningyourwellsfargoaccountsecuriup...pt/"
phishes as "www.abbey.co.uk/CentralCustomerWeb/Form?session=71113074453456008423747...520"
phishes to "www.abbey.co.uk.e-koy.com.es/CentralCustomerWeb/Formsession=71...520"
phishes as "www.abbey.co.uk/CentralCustomerWeb/Form?session=7296477945238366759088755...661"
phishes to "www.abbey.co.uk.8879.li/CentralCustomerWeb/Form?session=729647794523...661"
phishes as "www.update.nationwide.co.uk/signon?LOB=CONS&screenid=Sign_on"
phishes to "www.gruposigma.com/.../www.nationwides.co.uk/.../olb2.nationet.com/...5.htm"
phishes as "Please respond to this eBay message"
phishes to "0335.0170.0357.06/signin.ebay.co.uk/ws/?...//www.ebay.co.uk/%26_trksid%3dm37"
phishes as "www.natwest.co.uk/securesession/action.aspx?refererident=8560263212744...5955"
phishes to "www.natwest.co.uk.12121.li/securesession/action.aspx?refererid...5955"
phishes as "Your Wells Fargo Online Banking has been deactivated"
phishes to "www.pck1.go.th//maduathong/language/.../wellsfargo-online.com/wf/"
phishes as "Wachovia Security PlusSM Account Security"
phishes to "www.chilltownbdf.com/files/wole/log.htm"
phishes as "Your Free $500 Giftcard is Ready"
phishes to "popwalla.com/imys?e=33MBSTXspIns\ergwrm=174574&l=0"
phishes as "nationwide.co.uk/customerarea/startprocess.aspid=82124975945...6281"
phishes to "nationwide.co.uk.toie3.com.es/customerarea/startprocess.asp?id=82124975945...6281"
phishes as "online.wellsfargo.com/signon?LOB=CONS "
phishes to "zedoenalles.nl/linkex/security/concerningyourwellsfargoac...ipt/"
phishes as "www.paypal.com/login/"
phishes to "www.cannasat.com/admin/Editor/assets/media/redirect.htm"
phishes as "Click here to update your PayPal account information"
phishes to "focamea.com/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "Click here to update your PayPal account information"
phishes to "focamea.com/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "Click here to update your PayPal account information"
phishes to "focamea.com/sitemap/cgi-bin/webscrcmd=_login-run/update.php"
phishes as "sign in to Bank of America Online Banking to continue"
phishes to "inityreggae.com/BOA/www.bankofamerica.com/sslencrypt218bit/online_banking/index.htm"
phishes as "www.paypal.com/us/ "
phishes to "www.paypal.com/paypal/cgi-bin/webscrcmd=_login-run/webscrcmd=_account-run/updates-paypal/confirm-paypal/"
phishes as "www.paypal.com/us/cgi-bin/webscr?cmd=_login-run"
phishes to "milkriver.co.uk/imagini/sitemap/cgi-bin/webscrcmd/update.php"
phishes as "Please take a moment to update your Yahoo credit card informations by Click here"
phishes to "mure.freewebpage.org/aass1.html"
phishes as "you have added michael_sr@verizon.net as a new e-mail address for your PayPal account"
phishes to "mail.akamigas-stem.esdm.go.id/manual/programs/....-inc/www.paypal-inc.com/index.php"
phishes as "nationwide.co.uk/customerarea/startprocess.asp?id=51688166...598"
phishes to "nationwide.co.uk.prostoltd.cn/customerarea/startprocess.asp?id=51688166...598"
phishes as "www.ukbusiness.hsbc.com/bibauth/formStart partnerid=HBEU479687195...1950"
phishes to "www.ukbusiness.hsbc.com.port1954.cn/bibauth/formStart?partnerid=HBEU479687195...1950"
phishes as "The ebay know your fraud intention also if you don`t respond me via eBay in 24 hours westwood1967 will give your name and address to FBI and CIA .I think you are a fucking scammer."
phishes to "74.238.15.66/zara.html"
phishes as "www.natwest.co.uk/securesession/action.aspx?refererident=1369...96077235"
phishes to "www.natwest.co.uk.ne5oe.com/securesession/action.aspx?refererident=1369...96077235"
phishes as "»»» Accedi ai servizi online di Sella it e diventa Utente Verificato"
phishes to "human.tru.ac.th/htmlnuke/site.sella.it/index.php"
phishes as "www.ebay.com"
phishes to "srv77.hosteur.com/index2.htm"
phishes as "Go To RegionsNet Online"
phishes to "cb.web-do.jp"
phishes as "»»» Accedi ai servizi online di Sella it e diventa Utente Verificato"
phishes to "human.tru.ac.th/htmlnuke/site.sella.it/index.php"
phishes as "Nationwide Building Society account activity"
phishes to "clubdutripode.free.fr/components/com_extcalendar/lib/index.html"
phishes as "Nationwide Building Society account activity"
phishes to "clubdutripode.free.fr/components/com_extcalendar/lib/index.html"
phishes as "To perform regular maintenance on your Regions Financial Corporation click here"
phishes to "203.124.230.11/regions.html"
phishes as "To perform regular Regions Financial Corporation maintenance please click here"
phishes to "209.82.39.155/securebank.regions.com/auth/?RXZlbnQxIEp1bDE1"
phishes as "click on log in to Restore Your Lloyds TSB Bank Account Access"
phishes to "leschevronsduleon.free.fe/components/com_forum/sessions/logon.ibc.html"
phishes as "click on log in to Restore Your Lloyds TSB Bank Account Access"
phishes to "leschevronsduleon.free.fe/components/com_forum/sessions/logon.ibc.html"
phishes as "www.natwest.com/securesession/action.aspxrefererident=745...41300519289"
phishes to "www.natwest.com.maruw2.com.es/securesession/action.aspxrefererident=745...41300519289"
phishes as "Your eBay userid has been unactivated"
phishes to "74.238.15.66/zara.html"
phishes as "Security Alert: Your Nation Wide Online Account Is About To Expire "
phishes to "thenurseryshop.com/skin1/pages/database/nationwide/index.html"