65.20.0.12urports to be from NatWest Bank, UK, but is a phishing IP in San Fransisco, USA

Still at it - now sending out bogus invoices.

Now sending e-mails with attachments claiming to be to be invoices from Amazon

Can I please have any info relating to this IP. I am a Law enforcement officer, (off sick for mental health reasons) and a hacker of sorts. I am tracking the criminal gang using this address who have defrauded a good friend of mine.

email supposedly from no-reply@bt.com subject: We've set up your card for paying BT bills Email headed: Thanks for choosing to pay your BT bills by debit or credit card We've set up your a continuous payment authority on your registered card. From IP address 65.20.0.12

65.20.0.12 This IP is sending out spam e-mail concerning NatWest Bank in UK saying: Valued Customer, We have temporarily prevented access to your account for your security, This is due to either of the following reasons; *Your Login Details has been entered incorrectly. *Your Account has been accessed from a blacklisted Location Follow the link below to confirm your identity and re-gain account access. From the header it has a return path and the originating IP address located in San Francisco: Return-Path: <macrosad@plesk115.red166.trevenque.es> X-YahooFilteredBulk: 65.20.0.12

i get emails from these clowns on a daily basis either bt, my bank banks i dont even have account with even paypal they never stop yahoo should make more efforts to track them

I just had an email from this IP address offering a free 10 user licence of Norton Internet Security. I thought it was fake and checked with Symantec. They confirmed

Spam: Spoofing that it originates from TrinityLawns.co.uk looks like phishing coming from my own website but the source is 65.20.0.12

Received email request to book accommodation for one week. He (alias John Brown) asked me to send my address so that he could deposit a cheque to pay for the accommodation. I contacted Homeaway (rental agent) who warned me that this was a cheque scam. I looked at the mail header and IP was 65.20.0.12. Beware all property/rental owners

am getting spurious emails from "HMRC" saying I am due a refund

We received the following email from this IP address: "Dear Sir/madam , Receive Calvary greetings from Miss Ashley Gaskin from Missionary Church of Montana. We have learned much more about the work you do through online and we are so much interested with the good work that you are carrying on and we therefore wish to donate some funding for your project to goes to your project where funds is needed most . Can you please send more information about how to send online donations through a payment gateway portal and advice how long it take before you get the funds donated online? Thanks and Kind Regards, -- Thanks and Kind Regards, Miss Ashley Gaskin Missionary Church Of Montana 259 Burlington Ave Missoula, MT 59801\" They have a website: http://www.mcmontana.org/ An internet search shows that they have previously sent emails with an originating IP address in Kenya. I am not replying!

65.20.0.12 is a spam IP used for dating scams.

They are pretending to be British Telecom!

Still active, now sending a personal data email with an attachment that calims to be Ashley Rasmussen. Don't click on the attachment or give any personal data.

Just got an e'mail from IP: [65.20.0.12] purporting to be twitter and asking me to confirm someone else's e@mail address on a a twitter account that's been dormant for years. I'm sure I have had e'mails from IP: [65.20.0.12] phishing on BT accounts before. It appears to be coming from location it was years ago.

Now purporting to be Medicare Plans,having arrived in my Spam folder. Needless to say I will not be availing myself of it!

They are still at it, after 2/3 years. How can this be so I wonder. They are now today saying they are from Marks and Spencer (M&S) No one seems to be able to put them down do they. Keep save everyone and do not EVER click on a link from such sites.

Received yet another from same IP supposedly from M&S. Maybe I should get them involved and there just might be some action?

I see thousands of emails using my domain, purporting to be from here. Clearly a large spammer.

Still at it, this time mate stuck overseas and needs me to send him money, as he is stuck \'cause his card not working!!

IP 65.20.0.12 Dating scam. Lady befriends you then gets robbed overseas whilst on business trip, or something, then asks you to wire cash to her.

Spam from myjobmatcher.com X-Originating-IP: [65.20.0.12] Authentication-Results: mta1019.bt.mail.ir2.yahoo.com from=; domainkeys=neutral (no sig); from=myjobmatcher.com; dkim=pass (ok) Received: from 127.0.0.1 (EHLO rgin15.bt.int.cpcloud.co.uk) (65.20.0.12) by mta1019.bt.mail.ir2.yahoo.com with SMTP; Sat, 29 Oct 2016 14:55:45 +0000

X-Originating-IP: [65.20.0.12] From: Stefanie Valenzuela <svalenzuela@cftexas.org> To: "xxxxxxxxxx@btinternet.com" <xxxxxxxx@btinternet.com> Cc: Andrzej Kozlowski <andrzej@paragonphilanthropy.com>; Monica Egert Smith <megert@cftexas.org> Sent: Monday, 6 February 2017, 17:13 Subject: Upcoming Recurring Grant from The Margaret Horn Memorial Fund Hello Lesley, Greetings from across the pond! We were bequeathed funds at the time of Margaret Horn’s passing for St. Michael’s Bray-On-Thames. We need a bit of information to allow us to proceed with setting up the annual grant:

This is being listed on a number of my dmarc reports as trying to forge our email addresses. SPF record is preventing them from being successful.