YBS PHishing scam alert. NB: Do not click on any links below Sender: ratanako@hl2.siamdata.co.th (id 1Th1KG-0008AS-R4) PHP-Script: http://www.ratanakorn.com/_vti_cnf/AnYiIfY.php for 82.128.3.36 ; IP: 82.128.3.36 located in Lagos, Lagos 05, Nigeria. ISP & Organization: Multi-Links Telecommunications Limited Host Name: ml82.128.3.36.multilinks.com scam sent via host: hl2.siamdata.co.th with ESMTPS id 8FD1713D8E IP:103.22.180.37 ISP: Readydedicated Host Name: hl2.siamdata.co.th Organization: N/A Country: Bangkok, 40 Krung Thep, Thailand Received: from smtp01.siamdata.co.th ([103.22.180.16]) by SNT0-MC2-F19.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Fri, 7 Dec 2012 09:41:17 -0800 Received: from hl2.siamdata.co.th (hl2.siamdata.co.th [103.22.180.37]) by smtp01.siamdata.co.th (Postfix) with ESMTPS id 8FD1713D8E for <************>; Sat, 8 Dec 2012 00:03:09 +0700 (ICT) Received: from ratanako by hl2.siamdata.co.th with local (Exim 4.80) (envelope-from <ratanako@hl2.siamdata.co.th>) id 1Th1KG-0008AS-R4 for *******; Sat, 08 Dec 2012 00:03:00 +0700 To: ****** Subject: Account Status Notification X-PHP-Script: http://www.ratanakorn.com/_vti_cnf/AnYiIfY.php for 82.128.3.36 From: YBS Bank <onlineservice@ybs.co.uk> ******* Content-Transfer-Encoding: 8bit Message-Id: <E1Th1KG-0008AS-R4@hl2.siamdata.co.th> Date: Sat, 08 Dec 2012 00:03:00 +0700 Return-Path: ratanako@hl2.siamdata.co.th X-OriginalArrivalTime: 07 Dec 2012 17:41:18.0032 (UTC) FILETIME=[0FE8D500:01CDD4A2] Status Notification We are contacting you to remind you that our Account Review Team identified some unusual activity in your account. In accordance with YBS User Agreement and to ensure that your account has not been accessed from fraudulent locations, access to your account has been limited. Your account access will remain limited until this issue has been resolved please log in your account by clicking on the link below: href="http://www.iraq-obs.com/images/_vti_cnf/Ybs/login1.do.html" My Account Activity <Regards Online Security Team © YBS Bank plc 2012
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 82.128.3.36 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.