Paypal phishing scam supposedly from service@ppal.com, actually sent by authenticated User pzhgp@h4.d2.pl ; fraudulent email has redirect link to phishing URL http://crosspointlife.com/******* (NB: DO NOT CLICK ON LINKS) --------------- Source IP: 5.9.75.114 (This IP address belongs to a High Risk Hosting Provider -refer http://www.abuseipdb.com/check/5.9.75.114). ISP: Hetzner Online AG Host Name: h4.d2.pl Location: Germany. ------------------------------------- Received: from h4.d2.pl ([5.9.75.114]) by COL0-MC1-F36.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Thu, 7 Mar 2013 07:41:57 -0800 Received: from pzhgp by h4.d2.pl with local (Exim 4.80) (envelope-from <pzhgp@h4.d2.pl>) id 1UDcxA-0000a1-Eu for*******; Thu, 07 Mar 2013 16:41:56 +0100 X-Sender: /home/pzhgp/public_html/wordpress To: ****************** Subject: Multiple invalid attempts... From: support <service@ppal.com> ********** Message-Id: <E1UDcxA-0000a1-Eu@h4.d2.pl> Date: Thu, 07 Mar 2013 16:41:56 +0100 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - h4.d2.pl X-AntiAbuse: Original Domain - hotmail.com X-AntiAbuse: Originator/Caller UID/GID - [956 32003] / [47 12] X-AntiAbuse: Sender Address Domain - h4.d2.pl X-Get-Message-Sender-Via: h4.d2.pl: authenticated_id: pzhgp/only user confirmed/virtual account not confirmed X-Source: /bin/bash X-Source-Args: /bin/sh -p /usr/sbin/sendmailphp -t -i X-Source-Dir: pzhgp-oddzial-alwernia-spytkowice.xon.pl:/public_html/wordpress Return-Path: mailto:pzhgp@h4.d2.pl X-OriginalArrivalTime: 07 Mar 2013 15:41:58.0249 (UTC) FILETIME=[4D862590:01CE1B4A] Your account access has been restricted. Dear member, After our screening process this month, we've discovered some invalid entries on your account that got our attention. It seems like someone else then you tried to access your PayPal account. We need you to work with us and make sure this doesn't happend. We need to confirm some of your account information. Please update your profile with your current address and provide some documentation to help confirm your identity. To solve this issue, go to our Resolution Center: <a class="ecxactionLink" target="_blank" href="http://crosspointlife.com/wp-content/index.php" style="text-decoration:none;"> Resolution Center</a></td>
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 5.9.75.114 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.