Santander scam sent by 'security@santander.co.uk' with phishing link to http://217.219.20.51/Images/santander.htm (DO NOT CLICK ON THIS LINK) This blacklisted Romanian IP in Arad involved in constant fraudulent emails URL -phishing Link info: site : 217.219.20.51 ISP: Information Technology Company (ITC) Host Name: 217.219.20.51 Organization: Islamic AZAD Univeristy Yasooj Location: Yasooj, 05 Kohkiluyeh va Buyer Ahmadi,Islamic Republic of Iran. again linked to Islamic AZAD Univeristy Yasooj in Yasooj, 05 Kohkiluyeh va Buyer Ahmadi,Islamic Republic of Iran. Received: from ser-piwet.piw-ciechanow.local ([79.188.227.142]) by BAY0-MC4-F19.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Fri, 7 Sep 2012 11:37:04 -0700 Received: from User ([82.77.37.9]) by ser-piwet.piw-ciechanow.local with Microsoft SMTPSVC(6.0.3790.4675); Fri, 7 Sep 2012 20:36:53 +0200 From: "Santander"<security@santander.co.uk> Subject: Unauthorized Access Date: Fri, 7 Sep 2012 21:36:58 +0 ****************** Return-Path: security@santander.co.uk Message-ID: <SER-PIWETDQ3CsYx7Bd00000237@ser-piwet.piw-ciechanow.local> X-OriginalArrivalTime: 07 Sep 2012 18:36:53.0522 (UTC) FILETIME=[C06CF720:01CD8D27] <img border="0" src="http://www.santander.co.uk/csgs/StaticBS?blobcol=urldata&blobheader=image%2Fgif&blobkey=id&blobtable=MungoBlobs&blobwhere=1223401013051&cachecontrol=immediate&ssbinary=true&maxage=3600" width="192" height="77"><p> </p> <p> We recently have determined that different computers have logged on to your Online Banking account and multiple password failures were present before logons. <p> We now need to re-confirm your account information with us.</font></p> <p> If this is not completed by September8, 2012</b> we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes.</font></p> We thank you for your cooperation in this matter.</font></p> <b>Please href="http://217.219.20.51/Images/santander.htm"> click here</a> immediately to verify your identity and automatically reverse the change.</b><br> >Please do not contact us directly as this issue is mainly processed by our Online Banking
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 82.77.37.9 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.