Author |
Message |
babyboyuk81
Wannabe Baiter
Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen
|
Posted:
Mon Aug 20, 2007 2:43 am |
|
2 of the same emails i think...
now i used this http://headertool.apelord.com/headers tool on the ips an im sure there both fromt he same person but il post the info on here...
Quote: |
Wells Fargo Security Service Notification (IMPORTANT)
from Wells Fargo <[email protected]> hide details
14-Aug (6 days ago)
reply-to [email protected]
to *********@googlemail.com
date 14-Aug-2007 19:18
subject Wells Fargo Security Service Notification (IMPORTANT)
Dear Wells Fargo Customer,
During our regular update and verification of the Wells Fargo ATM Service�, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.
To update your account information and start using our services please click on the link below:
Link removed. TS
Note: Requests for information will be initiated by Wells Fargo Business Development; this process cannot be externally requested through Customer Support.
Sincerely,
Wells Fargo.com
ATM Service Department.
Accounts Management As outlined in our User Agreement, WellsFargo � will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
http://www.wellsfargo.com/help/index.jhtml |
first headertool info which shows 3 spain an 1 united states as the ips
Quote: |
Delivered-To: *********@gmail.com
Received: by 10.100.37.6 with SMTP id k6cs378398ank;
Tue, 14 Aug 2007 11:18:43 -0700 (PDT)
Received: by 10.66.222.9 with SMTP id u9mr812424ugg.1187115522569;
Tue, 14 Aug 2007 11:18:42 -0700 (PDT)
Return-Path:
Received: from hs-323.dedicated.hostalia.com ([82.194.74.63])
by mx.google.com with ESMTP id z33si13056971ikz.2007.08.14.11.18.41;
Tue, 14 Aug 2007 11:18:42 -0700 (PDT)
Received-SPF: neutral (google.com: 82.194.74.63 is neither permitted nor denied by domain of [email protected]) client-ip=82.194.74.63;
Received: from nobody by hs-323.dedicated.hostalia.com with local (Exim 4.63)
(envelope-from )
id 1IL0yS-0003E9-MO
for [email protected]; Tue, 14 Aug 2007 20:18:37 +0200
To: [email protected]
Subject: Wells Fargo Security Service Notification (IMPORTANT)
From: Wells Fargo
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Tue, 14 Aug 2007 20:18:36 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hs-323.dedicated.hostalia.com
X-AntiAbuse: Original Domain - googlemail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - hs-323.dedicated.hostalia.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: gabinetdalmau.com:/public_html/Catala |
an the recent email....
Quote: |
Wells Fargo Security Service Notification (IMPORTANT)
from Wells Fargo <[email protected]> hide details 22:34 (4 hours ago)
reply-to [email protected]
to *********@googlemail.com
date 19-Aug-2007 22:34
subject Wells Fargo Security Service Notification (IMPORTANT)
C
Dear Wells Fargo Customer,
During our regular update and verification of the Wells Fargo ATM Service�, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.
To update your account information and start using our services please click on the link below:
https://online.wellsfargo.com/signon?LOB=CONS
Note: Requests for information will be initiated by Wells Fargo Business Development; this process cannot be externally requested through Customer Support.
Sincerely,
Wells Fargo.com
ATM Service Department.
Accounts Management As outlined in our User Agreement, WellsFargo � will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
link removed. TS |
an headtools info...
Quote: |
Delivered-To: *********@gmail.com
Received: by 10.100.37.6 with SMTP id k6cs666936ank;
Sun, 19 Aug 2007 14:34:23 -0700 (PDT)
Received: by 10.67.10.12 with SMTP id n12mr4857978ugi.1187559262285;
Sun, 19 Aug 2007 14:34:22 -0700 (PDT)
Return-Path:
Received: from hs-323.dedicated.hostalia.com ([82.194.74.63])
by mx.google.com with ESMTP id z37si8219574ikz.2007.08.19.14.34.21;
Sun, 19 Aug 2007 14:34:22 -0700 (PDT)
Received-SPF: neutral (google.com: 82.194.74.63 is neither permitted nor denied by domain of [email protected]) client-ip=82.194.74.63;
Authentication-Results: mx.google.com; spf=neutral [email protected]
Received: from nobody by hs-323.dedicated.hostalia.com with local (Exim 4.63)
(envelope-from )
id 1IMsPc-0005Na-HP
for [email protected]; Sun, 19 Aug 2007 23:34:20 +0200
To: [email protected]
Subject: Wells Fargo Security Service Notification (IMPORTANT)
From: Wells Fargo
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Sun, 19 Aug 2007 23:34:20 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hs-323.dedicated.hostalia.com
X-AntiAbuse: Original Domain - googlemail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - hs-323.dedicated.hostalia.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd
X-Source-Dir: gabinetdalmau.com:/public_html/Catala
C |
once again it shows 3 spain ips an 1 united states....
now i already forwarded the first email to wells fargos report abuse email address but they aint replied even though i got the exact same one in less than a week...
now i done the whois on the first spain ip "on both the first ips on both emails"which came up from helpfull headtools site someone posted else where an there both the same info as shown below...
Quote: |
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Information related to '82.194.64.0 - 82.194.95.255'
inetnum: 82.194.64.0 - 82.194.95.255
org: ORG-HISS1-RIPE
netname: ES-HOSTALIA-20031017
descr: PROVIDER Local Registry
descr: Hostalia Internet S.L.
remarks: http://www.hostalia.com
country: ES
admin-c: HNA16-RIPE
tech-c: HLM-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: HOSTALIA-MNT
mnt-routes: HOSTALIA-MNT
notify: ****@hostalia.com
changed: **********@ripe.net 20031017
changed: *********@ripe.net 20070323
source: RIPE
organisation: ORG-HISS1-RIPE
org-name: Hostalia Internet S.L.
org-type: LIR
address: Calle Cardenal Gardoki 1,
Primera Planta
address: 48008
address: Bilbao
address: Spain
phone: +34 902 012 199
fax-no: +34 902 501 731
e-mail: ****@hostalia.com
admin-c: DGG-RIPE
admin-c: IM795-RIPE
mnt-ref: HOSTALIA-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: **********@ripe.net 20040415
changed: **********@ripe.net 20040622
changed: *********@ripe.net 20040627
changed: *********@ripe.net 20040627
changed: *********@ripe.net 20060307
changed: *********@ripe.net 20060328
changed: *********@ripe.net 20070323
changed: *********@ripe.net 20070706
changed: *********@ripe.net 20070813
source: RIPE
role: Hostalia Network Admin
address: Hostalia Internet S.L.
address: Cardenal Gardoki, 1, Primera Planta
address: 48008 Bilbao
phone: +34 902 999 186
fax-no: +34 902 501 731
e-mail: ********@hostalia.com
admin-c: HLM-RIPE
tech-c: HLM-RIPE
nic-hdl: HNA16-RIPE
remarks: **********************************
remarks: * *
remarks: * Abuse and spam complaints: *
remarks: * *****@hostalia.com *
remarks: * *
remarks: **********************************
abuse-mailbox: *****@hostalia.com
notify: ********@hostalia.com
mnt-by: HOSTALIA-MNT
changed: ****@hostalia.com 20070320
changed: ****@hostalia.com 20070718
source: RIPE
role: Hostalia LIR Management
address: Hostalia Internet S.L.
address: Cardenal Gardoki 1, Primera Planta
address: 48008 Bilbao (Bizkaia)
phone: +34 902 999 186
fax-no: +34 902 501 731
remarks: *********************************
remarks: * *
remarks: * Abuse and spam complaints: *
remarks: * *****@hostalia.com *
remarks: * *
remarks: *********************************
abuse-mailbox: *****@hostalia.com
e-mail: ****@hostalia.com
nic-hdl: HLM-RIPE
tech-c: HLM-RIPE
admin-c: HLM-RIPE
mnt-by: HOSTALIA-MNT
changed: ****@hostalia.com 20031002
changed: ****@hostalia.com 20031010
changed: ****@hostalia.com 20040627
changed: ****@hostalia.com 20040721
changed: ****@hostalia.com 20050908
changed: ****@hostalia.com 20060115
changed: ****@hostalia.com 20070320
changed: ****@hostalia.com 20070718
source: RIPE
% Information related to '82.194.64.0/19AS29558'
route: 82.194.64.0/19
descr: Hostalia Network
origin: AS29558
mnt-by: HOSTALIA-MNT
remarks: ******************************************************
remarks: * *
remarks: * Abuse and spam complaints: *****@hostalia.com *
remarks: * *
remarks: ******************************************************
changed: ****@hostalia.com 20031020
changed: ****@hostalia.com 20040721
source: RIPE |
now i noticed this in the above info Abuse and spam complaints: *****@hostalia.com but now id like someones advice on wiether to send this new email to wells fargo abuse or to find out the hostalia.com address an email them regarding both these emails...
hope i got all the info included in this topic correctly
p.s. sorry about the lenth of this message but i wanted to get all the info which it hink i did |
_________________ ladies moan about me day an night
Last edited by babyboyuk81 on Mon Aug 20, 2007 5:47 am; edited 1 time in total |
|
|
|
Tsnerd
Not quite a Newb
Joined: 14 Jul 2005
Posts: 41
|
Posted:
Mon Aug 20, 2007 2:51 am |
|
Hi.
Please send those to [email protected]
There really isn't anything you can do with spoof emails other than report them to the company that is spoofed. They aren't baitable and we don't kill them, normally.
For shits and giggles you can post them at phishfighting.com, also. |
_________________
Fakers: many, many, lots; an SSL and a couple of Resellers.
x 6
AH, AH, AH! Two little ! |
|
|
|
babyboyuk81
Wannabe Baiter
Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen
|
Posted:
Mon Aug 20, 2007 2:54 am |
|
ok cheers again TS im not exspecting a thank you email off wells fargo but i hope they do something about this..
an il also check out that phishfighting site to |
_________________ ladies moan about me day an night
|
|
|
|
babyboyuk81
Wannabe Baiter
Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen
|
Posted:
Mon Aug 20, 2007 4:35 am |
|
TS phishfighting.com is a classic an cool site |
_________________ ladies moan about me day an night
|
|
|
|
Don
Baiting Guru
Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132
|
Posted:
Mon Aug 20, 2007 8:23 am |
|
It's also not necessary to run IP checks against phishing mails and WHOIS requests on phishing sites. The mails will be sent out by hijacked zombie PCs in a botnet rather than actual persons and the actual phishing sites will either be hacked legitimate websites or websites set up with fake details at shady hosters.
So don't waste your time and simply forward fishing mails to the appropriate company. |
_________________ x12
No sugar plum fairies have been hurt during the process of creating this message.
**"Freedom? There ain't no fuckin' Freedom!"** |
|
|
|
babyboyuk81
Wannabe Baiter
Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen
|
Posted:
Mon Aug 20, 2007 2:38 pm |
|
thank you don that will make it more useful for me posting emails in future |
_________________ ladies moan about me day an night
|
|
|
|
Tsnerd
Not quite a Newb
Joined: 14 Jul 2005
Posts: 41
|
Posted:
Mon Aug 20, 2007 2:52 pm |
|
Hi.
Now that you are armed with the knowledge of what to do with a spoof email (forward it to the spoofed company, stick it in a site such as phishfighters, or just delete it) there isn't a need to post any of the other spoof/phishing emails you get.
Honest. |
_________________
Fakers: many, many, lots; an SSL and a couple of Resellers.
x 6
AH, AH, AH! Two little ! |
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|