Jump to content

[Resolved] FOUL! /dev/null'ing report for reportphish#wellsfargo.com[at]devnull.spamcop.net


cwg
 Share

Recommended Posts

Report Phish and Email Scams

If you encounter a suspicious email or website that says it's from Wells Fargo, do not respond to it or click any links.

What to do

Never open attachments, click on links, or respond to emails from suspicious or unknown senders. If you receive a suspicious email that appears to be from Wells Fargo, forward the email to reportphish[at]wellsfargo.com.

What is a phish?

Phish or fraudulent emails may contain links to phony websites or request you to share personal or financial information by using clever and compelling language, such as an urgent need to update your information or communicate with you to ensure the security of your accounts.

www.wellsfargo.com privacy_security fraud report fraud

Link to comment
Share on other sites

What IP address were you trying to report? There's something strange with the Wells Fargo servers:

C:\Documents and Settings\Admin>nslookup -type=ptr 151.151.16.15 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

15.16.151.151.in-addr.arpa name = bp11mnsvdc-out.wellsfargo.com

But

Parsing input: 151.151.16.15

No recent reports, no history available

Display data:

"whois 151.151.16.15[at]whois.arin.net" (Getting contact from whois.arin.net )

Redirect to ripe

Display data:

"whois 151.151.16.15[at]whois.ripe.net" (Getting contact from whois.ripe.net)

Redirect to whois.afrinic.net:

Display data:

"whois 151.151.16.15[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)

Organisation contact e-mail = bitbucket[at]ripe.net

iana1-afrinic = bitbucket[at]ripe.net

whois.afrinic.net 151.151.16.15 = bitbucket[at]ripe.net

No reporting addresses found for 151.151.16.15, using devnull for tracking.

Statistics:

151.151.16.15 not listed in bl.spamcop.net

More Information..

151.151.16.15 not listed in dnsbl.njabl.org ( 127.0.0.8 )

151.151.16.15 not listed in dnsbl.njabl.org ( 127.0.0.9 )

151.151.16.15 listed in cbl.abuseat.org ( 127.0.0.2 )

No valid email addresses found, sorry!

Yet

C:\Documents and Settings\Admin>nslookup -type=ptr 167.138.239.94 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

94.239.138.167.in-addr.arpa name = mxdinx01e.wellsfargo.com

And

Parsing input: 167.138.239.94

No recent reports, no history available

Routing details for 167.138.239.94

[refresh/show] Cached whois for 167.138.239.94 : domain.names[at]wachovia.com

Using abuse net on domain.names[at]wachovia.com

abuse net wachovia.com = reportphishing[at]antiphishing.org, phishing-report[at]us-cert.gov, abuse[at]wachovia.com

Using best contacts reportphishing[at]antiphishing.org phishing-report[at]us-cert.gov abuse[at]wachovia.com

Statistics:

167.138.239.94 not listed in bl.spamcop.net

More Information..

167.138.239.94 not listed in dnsbl.njabl.org ( 127.0.0.8 )

167.138.239.94 not listed in dnsbl.njabl.org ( 127.0.0.9 )

167.138.239.94 not listed in cbl.abuseat.org

167.138.239.94 not listed in dnsbl.sorbs.net

Reporting addresses:

reportphishing[at]antiphishing.org

phishing-report[at]us-cert.gov

abuse[at]wachovia.com

May be "just" a cache/DNS thing? I don't see where the "Redirect to whois.afrinic.net" comes from in the first parse (151.151.16.15)

Link to comment
Share on other sites

Nice topic post.

The phishing emails I receive for the common major banks are being picked up by SpamCop and reports are being sent to them.

For the readers of this topic, if in doubt about a site (the main URL) check the website WOT (no I have no connection with them).

As myself and other spam, Scam and Phishing reviewers post scam and phishing site warnings there as they are received. This site also picks up listings and reports from the major web sites; PhishTank, SpamCop and blacklists.

Link to comment
Share on other sites

The thing I've noticed about phishing efforts, on the rare occasion that they arrive in my inbox, is that there's usually something "off" with the email. Being from an organisation you've never done business with is usually fairly obvious, as is asking for details they wouldn't normally ask you for via email.

The first phishing attempt I recall seeing, quite a few years ago now, claimed to be from an organization that I have actually done business with and nearly had me fooled for a moment. Three things made me smell a rat: (1) My account with them was long closed, (2) I'd never used their internet services, and (3) the email came from the "wrong" country.

Edited by lisati
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...