Santander/Alliance&leicester scam. Host, fep14.mx.upcmail.net (IP 62.179.121.34) and edge03.upcmail.net ([192.168.13.238]), being used by criminal to route Banking phishing scam from IP 95.97.143.48. eg: Santander/Alliance&leicester scam with link redirecting to phishing URL at blacklisted phishing site, http://zonafantasma.tv/wp-content/uplo...(DO NOT CLICK ON LINK- see http://www.phishtank.com/phish_detail.php?phish_id=1783782) Source IP: 95.97.143.48 ISP: UPC NL Host Name: 095-097-143-048.static.chello.nl Organization: UPC NL Location: Amsterdam, 07 Noord-Holland, Netherlands. - - - - - - - - - Received: from fep14.mx.upcmail.net ([62.179.121.34]) by BAY0-MC3-F35.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Sun, 7 Apr 2013 11:09:28 -0700 Received: from edge03.upcmail.net ([192.168.13.238]) by viefep14-int.chello.at (InterMail vM.8.01.05.05 201-2260-151-110-20120111) with ESMTP id <20130407180915.MJME1854.viefep14-int.chello.at@edge03.upcmail.net>; Sun, 7 Apr 2013 20:09:15 +0200 Received: from User ([95.97.143.48]) by edge03.upcmail.net with edge id M68Z1l02S12rmNP0368Z2C; Sun, 07 Apr 2013 20:09:13 +0200 X-SourceIP: 95.97.143.48 From: "Santander/Alliance&leicester"<onlinesecurity@santander.co.uk> Subject: Account Access Blocked Date: Sun, 7 Apr 2013 20:09:11 +0200 *** Message-Id: <20130407180915.MJME1854.viefep14-int.chello.at@edge03.upcmail.net> Return-Path: mailto:onlinesecurity@santander.co.uk X-OriginalArrivalTime: 07 Apr 2013 18:09:28.0569 (UTC) FILETIME=[0B880E90:01CE33BB] We detected fraud activity on your santander current account. Your account has been blocked, Kindly follow the instruction below to reactivate your account immediately. href="http://zonafantasma.tv/wp-content/uploads/index.html" target="_blank"> Click here just verify your account details to allow us re-open your account. Thank you. Santander Online Banking
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 95.97.143.48 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.