Jump to content

emanmb

Membera
  • Content Count

    146
  • Joined

  • Last visited

Community Reputation

0 Neutral

About emanmb

  • Rank
    Advanced Member

Profile Information

  • Location
    Bangkok

Recent Profile Visitors

966 profile views
  1. emanmb

    Spoofed email?

    Yep, didn't see anything that was out of place. Reported it anyway just to be sure. I see we're in nearly the same time zone
  2. emanmb

    Spoofed email?

    I see, this is what is used to post spams in the forums so others can see it, correct?
  3. emanmb

    Spoofed email?

    Thanks @petzl. eman al guhani isn't my name. I got a reply back from DRI which said "Dear Eman Al Guhani,Unfortunately, we do not handle the customer service for Adobe. Please contact them directly with your request through one of the following methods:" This is odd that they addressed that guy despite my actual name being attached to my email account when writing and was in my sig at the end of the email. I'm on Mac OS so I only run Malware Bytes occasionally and AV's are really unneeded. I've only found the Genieo malware once a looong time ago via MB. But to empirically confirm this, I downloaded and ran 2 different antivirus scans and MalwareBytes. Nothing there. LOL now I need to delete the antivirus as it eats up resources when it runs. Anyway, RE: the tracking URL. Why would I do that? Can you run me thru the process? I received another email from Adobe today titled "Welcome to our Creative Cloud family, Eman" despite writing to their abuse team yesterday.
  4. emanmb

    Spoofed email?

    That's what's so odd is this one was not the challenge email but a purchase confirmation with an order # . The first one that arrived was asking for verification. Checking w/my one CC company, there are no new charges and DRI has not replied to me. I'm not gonna sweat it too much but still going to keep an eye out. I thought I was pretty good at spotting spoofs but this one I just can't tell what is going on. Below is the plain text from the emails with the corresponding SC report results in screen shots. FROM ADOBE (no-reply@adobe.com) Hi eman al guhani , Your order has been confirmed, congratulations! Please keep this confirmation as your proof of purchase. If you paid by credit card, the charge for your order will appear on your credit card statement as "DRI Adobe Sales". (E-commerce services are provided by Digital River Ireland Ltd. , an Adobe approved e-commerce reseller) Order Details Order Number: 15377131810 Order Date: 12 September 2019 Seller Address Digital River Ireland Ltd. Unit 153 Shannon Free Zone Shannon, Co. Clare, Ireland Billing Address eman al guhani king khaild street yanbu 46421 Saudi Arabia 530967610 eman.photo@xxx Shipping Address eman al guhani king khaild street yanbu 46421 Saudi Arabia 530967610 eman.photo@xxxx Product Name Qty Ordered Amount Adobe Creative Cloud Photography plan (one-year) 1 SR 37.00 SubTotal SR 37.00 Shipping SR 0 Tax SR 1.85 Total SR 38.85 Payment Digital River will bill each monthly installment of your one-year commitment (plus applicable tax) to the payment information you provide during this sign-up process. Once you receive confirmation from us that your initial payment is confirmed, your service access and one year commitment term will begin. You understand that the cost of your one-year commitment is the total of the monthly installments you will pay during your commitment term. FROM ADOBE (message@adobe.com) You're nearly there Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address. Click the link below and sign in using your new Adobe ID: eman.photo@gmail.com Verify your email Once your email is verified, sign in to Creative Cloud to get started. We're glad you're here, The Creative Cloud team
  5. emanmb

    Spoofed email?

    I am getting emails from Adobe and Digital River Ireland re: an "adobe creative cloud" account which I don't have. "You're nearly there Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address. Click the link below and sign in using your new Adobe ID: eman.photoATXXXX.com Verify your email Once your email is verified, sign in to Creative Cloud to get started." DRI sent me a "Your Adobe Order Confirmation" email today and the adobe email came yesterday, Bangkok time. My email name is emanphoto@ but the address these emails are addressed to is eman.photo@. Notice the period in the middle. So to test this, I sent an email to eman.photo@ and sure enough it came thru to me! If the email came to me, would it also go to the person who created eman.photo? How is this possible with completely different emails? Admittedly different only with a period. Neither digital river nor adobe have any CC card info on me as far as I know. I have emailed DRI to see what they have to say and how to proceed but thought I'd check with the email/spam experts here for any opinions for which I'll be grateful!
  6. emanmb

    abuse AT linode.com

    I did fwd to them and the replies seem genuine at first but then all of them are the same with just a different person signing them.
  7. emanmb

    abuse AT linode.com

    I can say with pretty much confidence that I don't think that when SC gets a message from abuse AT linode.com that translates to the SC user as "ISP has indicated spam will cease; ISP resolved this issue sometime after 8/1/2019, 3:43:07 PM +0700" that it is not likely true as the same ads come to me weekly. I could be wrong, but I have a feeling that abuse AT linode.com uses an auto-responder for spam reports. ¯\_(ツ)_/¯
  8. emanmb

    abuse AT linode.com

    I'm sure I'm not alone here in getting frequent colocrossing spam. Due to it's frequency, I did a little googling. Perhaps others may find these pages of use or of interest. They do have a Twitter page and FB page so it's not like their some totally unresponsive monolith, although maybe so RE: spam https://www.000webhost.com/directory/reviews/colocrossing.com http://spamauditor.org/2017/01/happy-new-year-colocrossing/ https://irulan.net/blocking-colocrossing-spam/
  9. emanmb

    Adware Spreads Quickly on AOL IM

    Not sure how that is even possible now. https://techcrunch.com/2017/10/06/aol-instant-messenger-shut-down/
  10. emanmb

    DIY Reporting

    Yes hence my quotation marks. Also SC may know something I don't. In this instance I just got tired of the host not receiving any info about this spammer thus allowing the spammer to operate w/impunity. I figured, I was already getting their spam somewhat regularly why not see if I can stop it. So yes this may not work in any other instance.
  11. emanmb

    DIY Reporting

    One particular group of spams I get come from linode. com which SC doesn't report to them but to abuse#linode.com A devnull.spamcop.net. So after a lot of emails such as these coming through and being reported only through SC, I took a look at their site and decided they "looked legit enough" for me to fwd the spam to them directly. Seems it might have been worthwhile.
  12. emanmb

    non-functional parsing

    I just ran into this same issue today for the first time. One spam went thru fine, then next one not. Resubmitted and same results. Report page ends with "Parsing HTML part" as per below. "Parsing header: 0: Received: from 144.160.152.215 (EHLO flpd576.prodigy.net) (144.160.152.215) by mta1119.sbc.mail.bf1.yahoo.com with SMTP; Wed, 29 Nov 2017 12:25:47 +0000 Hostname verified: flpd576.prodigy.net Gmail/Postini received mail from YahooMain ( 144.160.152.215 ) 1: Received: from mongelli.ge.ieiit.cnr.it (mongelli.ge.ieiit.cnr.it [150.145.1.42]) by flpd576.prodigy.net (8.14.4 IN altR5 TLS/8.14.4) with ESMTP id vATCPiMp130102 for <x>; Wed, 29 Nov 2017 04:25:46 -0800 Hostname verified: mongelli.ge.ieiit.cnr.it YahooMain received mail from sending system 150.145.1.42 Tracking message source: 150.145.1.42: Routing details for 150.145.1.42 [refresh/show] Cached whois for 150.145.1.42 : muselli@ice.ge.cnr.it Using last resort contacts muselli@ice.ge.cnr.it Message is 16 hours old 150.145.1.42 listed in cbl.abuseat.org ( 1 ) 150.145.1.42 is an open proxy 150.145.1.42 not listed in accredit.habeas.com 150.145.1.42 not listed in plus.bondedsender.org 150.145.1.42 not listed in iadb.isipp.com Finding links in message body Parsing HTML part"
  13. Just found out about this spam reporting address that takes the email you fwd to them and then uses and AI bot to reply and engage the spammer for as long as possible wasting their time. Just got a juicy phishing spam today from .ng pretending to be Chase which will be my first submission. https://youtu.be/jPajqAJWiNA
  14. Aha! Yes I remember seeing that somewhere. No I do not have reports sent to me and will try it just to see. This is where I added my address to do this in the preferences. Thanks!
  15. In several brands of spam I get, my email address is also in the subject and/or in the body of the spam, either built into links or more frequently, "Dear emanmb@_______". Now I realize that changing any part of the spam being reported to SC is frowned upon, but in such cases, what else can I do to remain anonymous except to delete my email from wherever it appears in the report? A sample of the html incorporating my email in their link is below. <html> <head> <title></title> </head> <body> <a href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@--------"> <h2>Get $5730 deposited in your account to go back to school.</h2> <img src="http://w0yoorncgn.cu.cc/img/picture12.jpg/emanmb@---------" usemap="#edu" alt="Click here to Apply Now" /> </a> <map name="edu" id="edu"> <area alt="" title="" href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@---------" shape="default"/> </map> <br><br><br><br><br> </a> <a href="http://www.w0yoorncgn.cu.cc/1a8bb1a7bf24c6016ceaaa727a_92ba6759-01010101e4c5/C/">To Unsubscribe Click Here</a> <h5>To enable all links in this message (including unsubscribe link), please click Not spam on a toolbar</h5> </body> </html>
×