SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 2 wells fargo emails

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
babyboyuk81
Wannabe Baiter


Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen


PostPosted: Mon Aug 20, 2007 2:43 am Reply with quoteBack to top

2 of the same emails i think...

now i used this http://headertool.apelord.com/headers tool on the ips an im sure there both fromt he same person but il post the info on here...

Quote:
Wells Fargo Security Service Notification (IMPORTANT)

from Wells Fargo <[email protected]> hide details
14-Aug (6 days ago)
reply-to [email protected]
to *********@googlemail.com
date 14-Aug-2007 19:18
subject Wells Fargo Security Service Notification (IMPORTANT)




Dear Wells Fargo Customer,

During our regular update and verification of the Wells Fargo ATM Service®, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.

To update your account information and start using our services please click on the link below:

Link removed. TS


Note: Requests for information will be initiated by Wells Fargo Business Development; this process cannot be externally requested through Customer Support.

Sincerely,
Wells Fargo.com
ATM Service Department.



Accounts Management As outlined in our User Agreement, WellsFargo ® will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.wellsfargo.com/help/index.jhtml


first headertool info which shows 3 spain an 1 united states as the ips

Quote:
Delivered-To: *********@gmail.com
Received: by 10.100.37.6 with SMTP id k6cs378398ank;
Tue, 14 Aug 2007 11:18:43 -0700 (PDT)
Received: by 10.66.222.9 with SMTP id u9mr812424ugg.1187115522569;
Tue, 14 Aug 2007 11:18:42 -0700 (PDT)
Return-Path:
Received: from hs-323.dedicated.hostalia.com ([82.194.74.63])
by mx.google.com with ESMTP id z33si13056971ikz.2007.08.14.11.18.41;
Tue, 14 Aug 2007 11:18:42 -0700 (PDT)
Received-SPF: neutral (google.com: 82.194.74.63 is neither permitted nor denied by domain of [email protected]) client-ip=82.194.74.63;
Received: from nobody by hs-323.dedicated.hostalia.com with local (Exim 4.63)
(envelope-from )
id 1IL0yS-0003E9-MO
for [email protected]; Tue, 14 Aug 2007 20:18:37 +0200
To: [email protected]
Subject: Wells Fargo Security Service Notification (IMPORTANT)
From: Wells Fargo
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Tue, 14 Aug 2007 20:18:36 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hs-323.dedicated.hostalia.com
X-AntiAbuse: Original Domain - googlemail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - hs-323.dedicated.hostalia.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: gabinetdalmau.com:/public_html/Catala


an the recent email....

Quote:
Wells Fargo Security Service Notification (IMPORTANT)

from Wells Fargo <[email protected]> hide details 22:34 (4 hours ago)
reply-to [email protected]
to *********@googlemail.com
date 19-Aug-2007 22:34
subject Wells Fargo Security Service Notification (IMPORTANT)

C



Dear Wells Fargo Customer,

During our regular update and verification of the Wells Fargo ATM Service®, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.

To update your account information and start using our services please click on the link below:

https://online.wellsfargo.com/signon?LOB=CONS

Note: Requests for information will be initiated by Wells Fargo Business Development; this process cannot be externally requested through Customer Support.

Sincerely,
Wells Fargo.com
ATM Service Department.



Accounts Management As outlined in our User Agreement, WellsFargo ® will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
link removed. TS


an headtools info...

Quote:
Delivered-To: *********@gmail.com
Received: by 10.100.37.6 with SMTP id k6cs666936ank;
Sun, 19 Aug 2007 14:34:23 -0700 (PDT)
Received: by 10.67.10.12 with SMTP id n12mr4857978ugi.1187559262285;
Sun, 19 Aug 2007 14:34:22 -0700 (PDT)
Return-Path:
Received: from hs-323.dedicated.hostalia.com ([82.194.74.63])
by mx.google.com with ESMTP id z37si8219574ikz.2007.08.19.14.34.21;
Sun, 19 Aug 2007 14:34:22 -0700 (PDT)
Received-SPF: neutral (google.com: 82.194.74.63 is neither permitted nor denied by domain of [email protected]) client-ip=82.194.74.63;
Authentication-Results: mx.google.com; spf=neutral [email protected]
Received: from nobody by hs-323.dedicated.hostalia.com with local (Exim 4.63)
(envelope-from )
id 1IMsPc-0005Na-HP
for [email protected]; Sun, 19 Aug 2007 23:34:20 +0200
To: [email protected]
Subject: Wells Fargo Security Service Notification (IMPORTANT)
From: Wells Fargo
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Sun, 19 Aug 2007 23:34:20 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hs-323.dedicated.hostalia.com
X-AntiAbuse: Original Domain - googlemail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - hs-323.dedicated.hostalia.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd
X-Source-Dir: gabinetdalmau.com:/public_html/Catala

C


once again it shows 3 spain ips an 1 united states....

now i already forwarded the first email to wells fargos report abuse email address but they aint replied even though i got the exact same one in less than a week...

now i done the whois on the first spain ip "on both the first ips on both emails"which came up from helpfull headtools site someone posted else where an there both the same info as shown below...

Quote:
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Information related to '82.194.64.0 - 82.194.95.255'

inetnum: 82.194.64.0 - 82.194.95.255
org: ORG-HISS1-RIPE
netname: ES-HOSTALIA-20031017
descr: PROVIDER Local Registry
descr: Hostalia Internet S.L.
remarks: http://www.hostalia.com
country: ES
admin-c: HNA16-RIPE
tech-c: HLM-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: HOSTALIA-MNT
mnt-routes: HOSTALIA-MNT
notify: ****@hostalia.com
changed: **********@ripe.net 20031017
changed: *********@ripe.net 20070323
source: RIPE

organisation: ORG-HISS1-RIPE
org-name: Hostalia Internet S.L.
org-type: LIR
address: Calle Cardenal Gardoki 1,
Primera Planta
address: 48008
address: Bilbao
address: Spain
phone: +34 902 012 199
fax-no: +34 902 501 731
e-mail: ****@hostalia.com
admin-c: DGG-RIPE
admin-c: IM795-RIPE
mnt-ref: HOSTALIA-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: **********@ripe.net 20040415
changed: **********@ripe.net 20040622
changed: *********@ripe.net 20040627
changed: *********@ripe.net 20040627
changed: *********@ripe.net 20060307
changed: *********@ripe.net 20060328
changed: *********@ripe.net 20070323
changed: *********@ripe.net 20070706
changed: *********@ripe.net 20070813
source: RIPE

role: Hostalia Network Admin
address: Hostalia Internet S.L.
address: Cardenal Gardoki, 1, Primera Planta
address: 48008 Bilbao
phone: +34 902 999 186
fax-no: +34 902 501 731
e-mail: ********@hostalia.com
admin-c: HLM-RIPE
tech-c: HLM-RIPE
nic-hdl: HNA16-RIPE
remarks: **********************************
remarks: * *
remarks: * Abuse and spam complaints: *
remarks: * *****@hostalia.com *
remarks: * *
remarks: **********************************
abuse-mailbox: *****@hostalia.com
notify: ********@hostalia.com
mnt-by: HOSTALIA-MNT
changed: ****@hostalia.com 20070320
changed: ****@hostalia.com 20070718
source: RIPE

role: Hostalia LIR Management
address: Hostalia Internet S.L.
address: Cardenal Gardoki 1, Primera Planta
address: 48008 Bilbao (Bizkaia)
phone: +34 902 999 186
fax-no: +34 902 501 731
remarks: *********************************
remarks: * *
remarks: * Abuse and spam complaints: *
remarks: * *****@hostalia.com *
remarks: * *
remarks: *********************************
abuse-mailbox: *****@hostalia.com
e-mail: ****@hostalia.com
nic-hdl: HLM-RIPE
tech-c: HLM-RIPE
admin-c: HLM-RIPE
mnt-by: HOSTALIA-MNT
changed: ****@hostalia.com 20031002
changed: ****@hostalia.com 20031010
changed: ****@hostalia.com 20040627
changed: ****@hostalia.com 20040721
changed: ****@hostalia.com 20050908
changed: ****@hostalia.com 20060115
changed: ****@hostalia.com 20070320
changed: ****@hostalia.com 20070718
source: RIPE

% Information related to '82.194.64.0/19AS29558'

route: 82.194.64.0/19
descr: Hostalia Network
origin: AS29558
mnt-by: HOSTALIA-MNT
remarks: ******************************************************
remarks: * *
remarks: * Abuse and spam complaints: *****@hostalia.com *
remarks: * *
remarks: ******************************************************
changed: ****@hostalia.com 20031020
changed: ****@hostalia.com 20040721
source: RIPE


now i noticed this in the above info Abuse and spam complaints: *****@hostalia.com but now id like someones advice on wiether to send this new email to wells fargo abuse or to find out the hostalia.com address an email them regarding both these emails...

hope i got all the info included in this topic correctly

p.s. sorry about the lenth of this message but i wanted to get all the info which it hink i did Smile

_________________
ladies moan about me day an night Cool


pony

Last edited by babyboyuk81 on Mon Aug 20, 2007 5:47 am; edited 1 time in total
View user's profileSend private message
Tsnerd
Not quite a Newb


Joined: 14 Jul 2005
Posts: 41


PostPosted: Mon Aug 20, 2007 2:51 am Reply with quoteBack to top

Hi.

Please send those to [email protected]

There really isn't anything you can do with spoof emails other than report them to the company that is spoofed. They aren't baitable and we don't kill them, normally.

For shits and giggles you can post them at phishfighting.com, also.

_________________

Fakers: many, many, lots; an SSL and a couple of Resellers.
Mortar x 6
AH, AH, AH! Two little !
View user's profileSend private message
babyboyuk81
Wannabe Baiter


Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen


PostPosted: Mon Aug 20, 2007 2:54 am Reply with quoteBack to top

ok cheers again TS im not exspecting a thank you email off wells fargo but i hope they do something about this..

an il also check out that phishfighting site to Cool

_________________
ladies moan about me day an night Cool


pony
View user's profileSend private message
babyboyuk81
Wannabe Baiter


Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen


PostPosted: Mon Aug 20, 2007 4:35 am Reply with quoteBack to top

TS phishfighting.com is a classic an cool site Laughing

_________________
ladies moan about me day an night Cool


pony
View user's profileSend private message
Don
Baiting Guru


Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132


PostPosted: Mon Aug 20, 2007 8:23 am Reply with quoteBack to top

It's also not necessary to run IP checks against phishing mails and WHOIS requests on phishing sites. The mails will be sent out by hijacked zombie PCs in a botnet rather than actual persons and the actual phishing sites will either be hacked legitimate websites or websites set up with fake details at shady hosters.

So don't waste your time and simply forward fishing mails to the appropriate company.

_________________
Mortar x12
No sugar plum fairies have been hurt during the process of creating this message.

**"Freedom? There ain't no fuckin' Freedom!"**
View user's profileSend private messageYahoo MessengerSkype Name
babyboyuk81
Wannabe Baiter


Joined: 19 Jul 2007
Posts: 95
Location: uk - seeking my queen


PostPosted: Mon Aug 20, 2007 2:38 pm Reply with quoteBack to top

thank you don that will make it more useful for me posting emails in future Smile

_________________
ladies moan about me day an night Cool


pony
View user's profileSend private message
Tsnerd
Not quite a Newb


Joined: 14 Jul 2005
Posts: 41


PostPosted: Mon Aug 20, 2007 2:52 pm Reply with quoteBack to top

Hi. Very Happy

Now that you are armed with the knowledge of what to do with a spoof email (forward it to the spoofed company, stick it in a site such as phishfighters, or just delete it) there isn't a need to post any of the other spoof/phishing emails you get.

Honest. Very Happy

_________________

Fakers: many, many, lots; an SSL and a couple of Resellers.
Mortar x 6
AH, AH, AH! Two little !
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT