Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by emanmb

  1. 11 hours ago, petzl said:

    "They" seem to have your name, which is a worry.
    Make sure you are running a virus/malware program like windows defender
    Often it's one of your contacts that don't do this, meaning  your information is stolen from them
    Learn how to copy and past a "Tracking URL", Found top of page BEFORE you submit spam.

    Thanks @petzl. eman al guhani isn't my name.  I got a reply back from DRI which said

    "Dear Eman Al Guhani,

    Unfortunately, we do not handle the customer service for Adobe. Please 
    contact them directly with your request through one of the following 

    This is odd that they addressed that guy despite my actual name being attached to my email account when writing and was in my sig at the end of the email.

    I'm on Mac OS so I only run Malware Bytes occasionally and AV's are really unneeded.  I've only found the Genieo malware once a looong time ago via MB. But to empirically confirm this, I downloaded and ran 2 different antivirus scans and MalwareBytes. Nothing there.  LOL now I need to delete the antivirus as it eats up resources when it runs.  

    Anyway, RE: the tracking URL.  Why would I do that?  Can you run me thru the process?

    received another email from Adobe today titled "Welcome to our Creative Cloud family, Eman" despite writing to their abuse team yesterday.  

  2. That's what's so odd is this one was not the challenge email but a purchase confirmation with an order # .  The first one that arrived was asking for verification.

    Checking w/my one CC company, there are no new charges and DRI has not replied to me.  I'm not gonna sweat it too much but still going to keep an eye out.  I thought I was pretty good at spotting spoofs but this one I just can't tell what is going on.  Below is the plain text from the emails with the corresponding SC report results in screen shots.


    FROM ADOBE (no-reply@adobe.com)

    Hi eman al guhani ,

    Your order has been confirmed, congratulations!
    Please keep this confirmation as your proof of purchase. If you paid by credit card, the charge for your order will appear on your credit card statement as "DRI Adobe Sales". (E-commerce services are provided by Digital River Ireland Ltd. , an Adobe approved e-commerce reseller)

    Order Details
    Order Number: 15377131810
    Order Date: 12 September 2019
    Seller Address
    Digital River Ireland Ltd.
    Unit 153 Shannon Free Zone
    Shannon, Co. Clare, Ireland
    Billing Address
    eman al guhani
    king khaild street

    yanbu 46421
    Saudi Arabia
    eman.photo@xxx   Shipping Address
    eman al guhani
    king khaild street

    yanbu 46421
    Saudi Arabia

    Product Name    Qty Ordered    Amount
    Adobe Creative Cloud Photography plan (one-year)    1    SR 37.00

    SR 37.00


    SR 0


    SR 1.85


    SR 38.85

    Digital River will bill each monthly installment of your one-year commitment (plus applicable tax) to the payment information you provide during this sign-up process. Once you receive confirmation from us that your initial payment is confirmed, your service access and one year commitment term will begin. You understand that the cost of your one-year commitment is the total of the monthly installments you will pay during your commitment term.


    FROM ADOBE (message@adobe.com)

    You're nearly there    
         Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address.    
         Click the link below and sign in using your new Adobe ID: eman.photo@gmail.com    
         Verify your email    
         Once your email is verified, sign in to Creative Cloud to get started.    
         We're glad you're here,
    The Creative Cloud team1648797605_ScreenShot2019-09-14at1_22_04PM.thumb.png.bbf39d87847b9de2bd56a55e9808b36a.png


  3. I am getting emails from Adobe and Digital River Ireland re: an "adobe creative cloud" account which I don't have.

    "You're nearly there    
         Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address.    
         Click the link below and sign in using your new Adobe ID: eman.photoATXXXX.com
         Verify your email    
         Once your email is verified, sign in to Creative Cloud to get started."

    DRI sent me a "Your Adobe Order Confirmation" email today and the adobe email came yesterday, Bangkok time.

    My email name is emanphoto@ but the address these emails are addressed to is eman.photo@.  Notice the period in the middle.  So to test this, I sent an email to eman.photo@ and sure enough it came thru to me! 

    If the email came to me, would it also go to the person who created eman.photo?

    How is this possible with completely different emails?  Admittedly different only with a period.

    Neither digital river nor adobe have any CC card info on me as far as I know.  I have emailed DRI to see what they have to say and how to proceed but thought I'd check with the email/spam experts here for any opinions for which I'll be grateful!


  4. On 8/2/2019 at 4:52 AM, petzl said:

    would help if you could give a SpamCop tracking URL or a IP?
    Send a buse report from your email to inode to seee what or if they auto-ack.

    I did fwd to them and the replies seem genuine at first but then all of them are the same with just a different person signing them.

  5. I can say with pretty much confidence that I don't think that when SC gets a message from abuse AT linode.com that translates to the SC user as "ISP has indicated spam will cease; ISP resolved this issue sometime after 8/1/2019, 3:43:07 PM +0700" that it is not likely true as the same ads come to me weekly.

    I could be wrong, but I have a feeling that abuse AT linode.com uses an auto-responder for spam reports.  ¯\_(ツ)_/¯

  6. I'm sure I'm not alone here in getting frequent colocrossing spam.  Due to it's frequency, I did a little googling.  Perhaps others may find these pages of use or of interest.  They do have a Twitter page and FB page so it's not like their some totally unresponsive monolith, although maybe so RE: spam




  7. Yes hence my quotation marks.  Also SC may know something I don't. :) 

    In this instance I just got tired of the host not receiving any info about this spammer thus allowing the spammer to operate w/impunity.  I figured, I was already getting their spam somewhat regularly why not see if I can stop it.  So yes this may not work in any other instance.

  8. One particular group of spams I get come from linode. com which SC doesn't report to them but to abuse#linode.com A devnull.spamcop.net.

    So after a lot of emails such as these coming through and being reported only through SC, I took a look at their site and decided they "looked legit enough" for me to fwd the spam to them directly.  Seems it might have been worthwhile.


    Screen Shot 2017-12-04 at 2.48.19 PM.png

  9. I just ran into this same issue today for the first time.  One spam went thru fine, then next one not.  Resubmitted and same results.  Report page ends with "Parsing HTML part" as per below.

    "Parsing header:
    0: Received: from (EHLO flpd576.prodigy.net) ( by mta1119.sbc.mail.bf1.yahoo.com with SMTP; Wed, 29 Nov 2017 12:25:47 +0000

    Hostname verified: flpd576.prodigy.net
    Gmail/Postini received mail from YahooMain ( )

    1: Received: from mongelli.ge.ieiit.cnr.it (mongelli.ge.ieiit.cnr.it []) by flpd576.prodigy.net (8.14.4 IN altR5 TLS/8.14.4) with ESMTP id vATCPiMp130102 for <x>; Wed, 29 Nov 2017 04:25:46 -0800

    Hostname verified: mongelli.ge.ieiit.cnr.it
    YahooMain received mail from sending system

    Tracking message source:

    Routing details for
    [refresh/show] Cached whois for : muselli@ice.ge.cnr.it
    Using last resort contacts muselli@ice.ge.cnr.it
    Message is 16 hours old listed in cbl.abuseat.org ( 1 ) is an open proxy not listed in accredit.habeas.com not listed in plus.bondedsender.org not listed in iadb.isipp.com

    Finding links in message body

    Parsing HTML part"

  10. In several brands of spam I get, my email address is also in the subject and/or in the body of the spam, either built into links or more frequently, "Dear emanmb@_______".

    Now I realize that changing any part of the spam being reported to SC is frowned upon, but in such cases, what else can I do to remain anonymous except to delete my email from wherever it appears in the report?  

    A sample of the html incorporating my email in their link is below.

    <html> <head> <title></title> </head> <body> <a href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@--------"> <h2>Get $5730 deposited in your account to go back to school.</h2> <img src="http://w0yoorncgn.cu.cc/img/picture12.jpg/emanmb@---------" usemap="#edu" alt="Click here to Apply Now" /> </a> <map name="edu" id="edu"> <area alt="" title="" href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@---------" shape="default"/> </map> <br><br><br><br><br> </a> <a href="http://www.w0yoorncgn.cu.cc/1a8bb1a7bf24c6016ceaaa727a_92ba6759-01010101e4c5/C/">To Unsubscribe Click Here</a> <h5>To enable all links in this message (including unsubscribe link), please click Not spam on a toolbar</h5> </body> </html>

  11. I go this this email from Knujon today and I'm wondering what the SC reference is about.


    Sorry for the lack of communication.

    We have been digging into a scandal which has consumed all of our time, but

    it will be worth it. The final product will shake internet governance to its

    core. This is all due to the contributions KnujOn members have made to this

    project and the issues directly relate to your reported abuse.

    We will be relocating data centers shortly to resolve a number of issues,

    some of you have already noted. The servers at COLDRAIN will gradually stand

    down and be replaced. We are in the process of setting up a new data center

    in the next few days.

    We have also noted the news about SpamCop and will accept any former members

    and do what we can to handle their traffic. The issue is being taken very


    If you have sent us specific questions we will answer them in time. Thank

    you for understanding.


    What news about SC?? Why so serious?

  12. I was going to make my own post about this but fortunately I see I'm not the only one to have noticed this.

    My address issue is similar to salamander



    Finding links in message body

    Parsing HTML part

    Resolving link obfuscation

    http:/ /okra.üþуõ.рф

    Tracking link: http:/ /okra./üþуõ.рф

    No recent reports, no history available

    okra. is not a hostname

    okra. is not a routeable IP address

    Cannot resolve http:/ /okra./üþуõ.рф

    Edited by SteveT to break links to avoid accidental undesired navigation.

  13. Getting a lot of these today. Backing up to the reporting page and clicking submit again sometimes cures it sometimes not,

    500 Internal Server Error

    Sorry, your request could not be processed.

    Typically, this is the result of a temporary problem. Please re-try the operation which caused this error in a minute or two. You can even leave this error screen open and use your browser's "reload" button to re-try. Please do not press reload repeatedly though. Pressing the button more often does not resolve the problem faster. It just makes a bad situation worse.

    If you believe this is a bug which occurs only under specific circumstances or have observed the problem frequently, please contact us with a full description of the problem.