* 50.196.77.92 Comcast Cable Miami United States
78.46.37.187 Hetzner Online Ag Nürnberg Germany
*Probable originating IP address
Return-Path: <Restore@natwestbank.co.uk>
Received: from s57.linuxpl.com (s57.linuxpl.com. [78.46.37.187])
by mx.google.com with ESMTPS id dw4si1584765lbc.5.2013.12.19.04.06.08
for
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Thu, 19 Dec 2013 04:06:08 -0800 (PST)
Received-SPF: neutral (google.com: 78.46.37.187 is neither permitted nor denied
by best guess record for domain of
Restore@natwestbank.co.uk) client-ip=78.46.37.187;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 78.46.37.187 is neither permitted nor denied by best
guess record for domain of
Restore@natwestbank.co.uk)
smtp.mail=Restore@natwestbank.co.ukMessage-Id: <52b2e130.84b5700a.3fd1.6e03SMTPIN_ADDED_MISSING@mx.google.com>
Received: from 50-196-77-92-static.hfc.comcastbusiness.net ([50.196.77.92] helo=User)
by s57.linuxpl.com with esmtpa (Exim 4.80.1)
(envelope-from <Restore@natwestbank.co.uk>)
id 1VtcLw-0004ry-In; Thu, 19 Dec 2013 13:05:21 +0100
Reply-To: <Restore@natwestbank.co.uk>
From: "Restore@natwestbank.co.uk"<Restore@natwestbank.co.uk>
Subject: Restore
Date: Thu, 19 Dec 2013 07:05:20 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00E9_01C2A9A6.0710978C"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
This is a multi-part message in MIME format.
------=_NextPart_000_00E9_01C2A9A6.0710978C
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Dear NatWest Bank Customer,
Someone recently try to sign in to your Account.
This person was using an application such as mobile device.
We prevented the sign-in attempt in case this was a hijacker trying to access your account.
Please review the details of the sign-in attempt:
Wednesday, December 18, 2013 10:21:20 PM UTC
IP Address: 74.208.122.11
Location: United States
If you do not recognize this sign-in attempt, someone else might be trying to access your account.
Please Download the form attached to this letter, sign in to your account and update your account
information immediately.
Yours sincerely
NatWest BANK
Attachment: filename="Restore_Form.html" << Phishing form.