I just got a paypal phish with this as the target URL: http://www.%66%72%61%75%64%65onli%6E%65access*MUNGED*.com/my_paypal/PayPal/
Which when you hover over it in thunderbird shows up as: www.fraudeonlineaccess*MUNGED*.com Truth in advertising? Ok, so the actual site is just a web host, and the beginning with "fraud" is unintentional on the part of the site operator.. still, it is an amusing choice of hosts for a phisher...
