gsm8
join:2004-09-29
Renton, WA
1 edit | irs refund I got this which is funny because I got my refund allready  :
Internal Revenue Service
reply-toaccess@irs.guv,
to
dateTue, May 13, 2008 at 1:16 PM
subjectUnited States Department of the Treasury.
Tax Notification
Internal Revenue Service (IRS)
United States Department of the Treasury
After the last annual calculations of your fiscal
activity we have determined that you are eligible
to receive a tax refund of $184.80.
Please submit the tax refund request and allow us
6-9 days in order to process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying
after the deadline.
To access the form for your tax refund, click here hxxp://212.0.147.105/tax.html.
Regards,
Internal Revenue Service
Document Reference: (92054568 |
|
|
|
| 212.0.147.105 = [ ]
(Asked whois.afrinic.net:43 about 212.0.147.105)
inetnum: 212.0.147.96 - 212.0.147.111
netname: MAZAR-INT
descr: Mazar Int Co.LTD
country: SD
admin-c: AEEA1-AFRINIC
tech-c: MAA2-AFRINIC
tech-c: MAA3-AFRINIC
status: ASSIGNED PA
mnt-lower: MNT-HIBA
mnt-by: SUDATEL-MNT
source: AFRINIC Filtered
parent: 212.0.128.0 - 212.0.159.255
person: Abd Elrahim Elshekh Ahmed
address: Sudan - Khartoum
phone: 249 183 783315
e-mail: a_daboura@hotmail.com
fax-no: 249 183 770366
nic-hdl: AEEA1-AFRINIC
source: AFRINIC Filtered
person: Mohammed Ahmed Abbas
address: Sudan - Khartoum
phone: 249 9226 52660
e-mail: Eng.abbas41@gmail.com
fax-no: 249 183 770366
nic-hdl: MAA2-AFRINIC
source: AFRINIC Filtered
person: Marwa Abdelhameed Ahmed
address: Sudan - Khartoum
phone: 249 9122 92048
e-mail: marwa_16@hotmail.com
fax-no: 249 183 770366
nic-hdl: MAA3-AFRINIC
source: AFRINIC Filtered |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | reply to gsm8
Bad Phish.  |
|
 ptrowskiGot Helix?Premium
join:2005-03-14
Putnam, CT
kudos:4 | I had one sent to me that went to squidworx.com that looked decent. |
|
 KibblesPremium
join:1999-07-31
Mission Viejo, CA | reply to Doctor Olds
Wow...it actually asks for the PIN ?
I wonder how many have actually filled the form?
--
»www.angryrenter.com/ |
|
 SmokChsrWho let the magic smoke out?Premium
join:2006-03-17
Saint Augustine, FL | reply to gsm8
I just received one of these and is wanted to go to..
»www.autotutto.com/www.irs.gov/index.htm |
|
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 |
Another bad phish.  |
|
 Doctor FourMy other vehicle is a TARDISPremium
join:2000-09-05
Dallas, TX
1 edit | reply to gsm8
My mom got one of these in her Yahoo email that Phishtracker
could not decode because the URL was obfuscated into hex:
Return-Path: <calculation@tax.irs.net>
Authentication-Results: mta449.mail.mud.yahoo.com from=tax.irs.net; domainkeys=neutral (no sig)
Received: from 61.9.146.86 (EHLO rmsarchitects.com) (61.9.146.86) by mta449.mail.mud.yahoo.com with SMTP; Fri, 30 May 2008 09:13:05 -0700
Received: from service ([77.110.62.68]) by rmsarchitects.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 May 2008 12:57:07 +1000
Reply-To: calculation@tax.irs.net
From:
Internal Revenue Service<calculation@tax.irs.net>
Add sender to Contacts
Subject: United States Department of the Treasury !
Date: Thu, 29 May 2008 05:01:37 +0200
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Bcc:
Return-Path: calculation@tax.irs.net
Message-ID: <SERVER2BekWo76UaiRN00000438@rmsarchitects.com>
Content-Length: 1639
Tax Notification
Internal Revenue Service (IRS)
United States Department of the Treasury
After the last annual calculations of your fiscal
activity we have determined that you are eligible
to receive a tax refund of $184.80.
Please submit the tax refund request and allow us
6-9 days in order to process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying
after the deadline.
To access the form for your tax refund, click here.
Regards,
Internal Revenue Service
Document Reference: (92054568).
The link leads to: hxxp://0xd327a4dc/usage.html, which
converts to 211.39.164.220 (ignoring the 0x at the
beginning). The original URL leads to a spammy search
page at searchportal.information.com (which appears to be
in the MVPS hosts file).
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 | The link leads to: hxxp://0xd327a4dc/usage.html That seems to be the same as phish #28259
It appears to have been taken down.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.14 |
|
 ropeguruPremium
join:2001-01-25
Mechanicsville, VA
1 edit | reply to gsm8
Looks like they have moved servers??
hxxp://nol2.nol.com.my/sorinel/.secure/.service/.form/refund.php
Which redirects to:
hxxp://www.belleitaliatours.com/main/components/com_jce/secure/online_form/www.irs.gov/0,,id=96596,00.html
Got this one this morning.
Headers for email. Serverpronto is my email server.
Received: from mail.saccocarpet.com (static-71-249-214-220.nycmny.east.verizon.net [71.249.214.220])
by sp2919c.serverpronto.com (8.13.8/8.13.8) with ESMTP id m57D7pGO008575
for ; Sat, 7 Jun 2008 09:07:52 -0400
Received: from User ([75.91.72.59]) by mail.saccocarpet.com with Microsoft SMTPSVC(6.0.3790.3959); |
|
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18
4 edits | Main Page:
Inputs Page 1:
Inputs Page 2:
This one (1) above is currently up and so far has not been reported enough like the other two (2) previous addresses which triggers in Firefox to show the Phish Warning Overlay.
Did you read the notes there? LOL
said by scammers :
Note:
▪ For security reasons, we will record your ip-address and date.
▪ Deliberate wrong inputs are criminally pursued and indicted.
I double-dog dare them to try to indicted me. LOL The Fools. Off to enter "wrong inputs" now. 
UPDATE: Looks like they are MIA LOL
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
