Date: Fri, 9 Feb 2012 20:07:15 +0430
The following information concerns the ACH transfer that was originally effectuated by you or any other person on 02-02-2012.
Transaction status: declined
Supplementary information: Please read the detailed report
2012 NACHA - The Electronic Payments Association
This is a system generated email. Please do not respond.
The malicious payload is synergyledlighting.net/main.php?page=4e4959105994cf84 hosted on 126.96.36.199 (Florida International University, US) and 188.8.131.52 (Singlehop, US). That same domain was found in this spam, although one of the IPs has changed since then.
The Florida International University IP address gives a clue as to what is going on here - these servers are most likely hacked rather than rented. This also explains why some IPs have seemingly legitimate sites on them. Still, blocking access to these IPs is the safest thing to do.