On Sunday, July 31, 2005, 11:37:44 PM, Loren Wilton wrote: > <p><img > src="http://a248.e.akamai.net/7/248/1856/6fbc90232ac38d/www.wellsfargo.com/i > mg/eal_logo_gen.gif"></p> > <p>Dear Wells Fargo customer,</p> > <p> As you may already know, we at Wells Fargo guarantee your <a > href="http://aurum.vup.hr/%7Ewolf/cgi-bin/wellsfargo/signon/CONS&ERROR_CODE/ index.htm">>
> The akamai site is really common in phish these days, since it seems to have > all of the logos for the various financial institutions readily available to > phishers. > The other site, you will not, is NOT using a dotquad. Sure. Phishes probably have three categories of target URIs: 1. IPs: http://1.2.3.4/ 2. self-registered domains: http://fake-paypal.foo/ 3. hacked sites: http://victim-domain.foo/hacked/subdirectory/ Your example appears to be #3. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/