Jump to content

emanmb

Membera
  • Content Count

    146
  • Joined

  • Last visited

Everything posted by emanmb

  1. emanmb

    abuse AT linode.com

    I'm sure I'm not alone here in getting frequent colocrossing spam. Due to it's frequency, I did a little googling. Perhaps others may find these pages of use or of interest. They do have a Twitter page and FB page so it's not like their some totally unresponsive monolith, although maybe so RE: spam https://www.000webhost.com/directory/reviews/colocrossing.com http://spamauditor.org/2017/01/happy-new-year-colocrossing/ https://irulan.net/blocking-colocrossing-spam/
  2. emanmb

    Spoofed email?

    I am getting emails from Adobe and Digital River Ireland re: an "adobe creative cloud" account which I don't have. "You're nearly there Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address. Click the link below and sign in using your new Adobe ID: eman.photoATXXXX.com Verify your email Once your email is verified, sign in to Creative Cloud to get started." DRI sent me a "Your Adobe Order Confirmation" email today and the adobe email came yesterday, Bangkok time. My email name is emanphoto@ but the address these emails are addressed to is eman.photo@. Notice the period in the middle. So to test this, I sent an email to eman.photo@ and sure enough it came thru to me! If the email came to me, would it also go to the person who created eman.photo? How is this possible with completely different emails? Admittedly different only with a period. Neither digital river nor adobe have any CC card info on me as far as I know. I have emailed DRI to see what they have to say and how to proceed but thought I'd check with the email/spam experts here for any opinions for which I'll be grateful!
  3. emanmb

    Spoofed email?

    Yep, didn't see anything that was out of place. Reported it anyway just to be sure. I see we're in nearly the same time zone
  4. emanmb

    Spoofed email?

    I see, this is what is used to post spams in the forums so others can see it, correct?
  5. emanmb

    Spoofed email?

    Thanks @petzl. eman al guhani isn't my name. I got a reply back from DRI which said "Dear Eman Al Guhani,Unfortunately, we do not handle the customer service for Adobe. Please contact them directly with your request through one of the following methods:" This is odd that they addressed that guy despite my actual name being attached to my email account when writing and was in my sig at the end of the email. I'm on Mac OS so I only run Malware Bytes occasionally and AV's are really unneeded. I've only found the Genieo malware once a looong time ago via MB. But to empirically confirm this, I downloaded and ran 2 different antivirus scans and MalwareBytes. Nothing there. LOL now I need to delete the antivirus as it eats up resources when it runs. Anyway, RE: the tracking URL. Why would I do that? Can you run me thru the process? I received another email from Adobe today titled "Welcome to our Creative Cloud family, Eman" despite writing to their abuse team yesterday.
  6. emanmb

    Spoofed email?

    That's what's so odd is this one was not the challenge email but a purchase confirmation with an order # . The first one that arrived was asking for verification. Checking w/my one CC company, there are no new charges and DRI has not replied to me. I'm not gonna sweat it too much but still going to keep an eye out. I thought I was pretty good at spotting spoofs but this one I just can't tell what is going on. Below is the plain text from the emails with the corresponding SC report results in screen shots. FROM ADOBE (no-reply@adobe.com) Hi eman al guhani , Your order has been confirmed, congratulations! Please keep this confirmation as your proof of purchase. If you paid by credit card, the charge for your order will appear on your credit card statement as "DRI Adobe Sales". (E-commerce services are provided by Digital River Ireland Ltd. , an Adobe approved e-commerce reseller) Order Details Order Number: 15377131810 Order Date: 12 September 2019 Seller Address Digital River Ireland Ltd. Unit 153 Shannon Free Zone Shannon, Co. Clare, Ireland Billing Address eman al guhani king khaild street yanbu 46421 Saudi Arabia 530967610 eman.photo@xxx Shipping Address eman al guhani king khaild street yanbu 46421 Saudi Arabia 530967610 eman.photo@xxxx Product Name Qty Ordered Amount Adobe Creative Cloud Photography plan (one-year) 1 SR 37.00 SubTotal SR 37.00 Shipping SR 0 Tax SR 1.85 Total SR 38.85 Payment Digital River will bill each monthly installment of your one-year commitment (plus applicable tax) to the payment information you provide during this sign-up process. Once you receive confirmation from us that your initial payment is confirmed, your service access and one year commitment term will begin. You understand that the cost of your one-year commitment is the total of the monthly installments you will pay during your commitment term. FROM ADOBE (message@adobe.com) You're nearly there Welcome to Creative Cloud, eman. Before we can get started, we need to quickly verify your email address. Click the link below and sign in using your new Adobe ID: eman.photo@gmail.com Verify your email Once your email is verified, sign in to Creative Cloud to get started. We're glad you're here, The Creative Cloud team
  7. emanmb

    abuse AT linode.com

    I did fwd to them and the replies seem genuine at first but then all of them are the same with just a different person signing them.
  8. emanmb

    abuse AT linode.com

    I can say with pretty much confidence that I don't think that when SC gets a message from abuse AT linode.com that translates to the SC user as "ISP has indicated spam will cease; ISP resolved this issue sometime after 8/1/2019, 3:43:07 PM +0700" that it is not likely true as the same ads come to me weekly. I could be wrong, but I have a feeling that abuse AT linode.com uses an auto-responder for spam reports. ¯\_(ツ)_/¯
  9. Just found out about this spam reporting address that takes the email you fwd to them and then uses and AI bot to reply and engage the spammer for as long as possible wasting their time. Just got a juicy phishing spam today from .ng pretending to be Chase which will be my first submission. https://youtu.be/jPajqAJWiNA
  10. emanmb

    Adware Spreads Quickly on AOL IM

    Not sure how that is even possible now. https://techcrunch.com/2017/10/06/aol-instant-messenger-shut-down/
  11. Just curious. Given the huge amount of sites seemingly associated with amazonaws. com in the spam I am reporting, I'm wondering why they don't accept SC reports?
  12. emanmb

    DIY Reporting

    Yes hence my quotation marks. Also SC may know something I don't. In this instance I just got tired of the host not receiving any info about this spammer thus allowing the spammer to operate w/impunity. I figured, I was already getting their spam somewhat regularly why not see if I can stop it. So yes this may not work in any other instance.
  13. emanmb

    DIY Reporting

    One particular group of spams I get come from linode. com which SC doesn't report to them but to abuse#linode.com A devnull.spamcop.net. So after a lot of emails such as these coming through and being reported only through SC, I took a look at their site and decided they "looked legit enough" for me to fwd the spam to them directly. Seems it might have been worthwhile.
  14. emanmb

    non-functional parsing

    I just ran into this same issue today for the first time. One spam went thru fine, then next one not. Resubmitted and same results. Report page ends with "Parsing HTML part" as per below. "Parsing header: 0: Received: from 144.160.152.215 (EHLO flpd576.prodigy.net) (144.160.152.215) by mta1119.sbc.mail.bf1.yahoo.com with SMTP; Wed, 29 Nov 2017 12:25:47 +0000 Hostname verified: flpd576.prodigy.net Gmail/Postini received mail from YahooMain ( 144.160.152.215 ) 1: Received: from mongelli.ge.ieiit.cnr.it (mongelli.ge.ieiit.cnr.it [150.145.1.42]) by flpd576.prodigy.net (8.14.4 IN altR5 TLS/8.14.4) with ESMTP id vATCPiMp130102 for <x>; Wed, 29 Nov 2017 04:25:46 -0800 Hostname verified: mongelli.ge.ieiit.cnr.it YahooMain received mail from sending system 150.145.1.42 Tracking message source: 150.145.1.42: Routing details for 150.145.1.42 [refresh/show] Cached whois for 150.145.1.42 : muselli@ice.ge.cnr.it Using last resort contacts muselli@ice.ge.cnr.it Message is 16 hours old 150.145.1.42 listed in cbl.abuseat.org ( 1 ) 150.145.1.42 is an open proxy 150.145.1.42 not listed in accredit.habeas.com 150.145.1.42 not listed in plus.bondedsender.org 150.145.1.42 not listed in iadb.isipp.com Finding links in message body Parsing HTML part"
  15. In several brands of spam I get, my email address is also in the subject and/or in the body of the spam, either built into links or more frequently, "Dear emanmb@_______". Now I realize that changing any part of the spam being reported to SC is frowned upon, but in such cases, what else can I do to remain anonymous except to delete my email from wherever it appears in the report? A sample of the html incorporating my email in their link is below. <html> <head> <title></title> </head> <body> <a href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@--------"> <h2>Get $5730 deposited in your account to go back to school.</h2> <img src="http://w0yoorncgn.cu.cc/img/picture12.jpg/emanmb@---------" usemap="#edu" alt="Click here to Apply Now" /> </a> <map name="edu" id="edu"> <area alt="" title="" href="http://w0yoorncgn.cu.cc/7viV3yWAetrXvFFdyiMU/emanmb@---------" shape="default"/> </map> <br><br><br><br><br> </a> <a href="http://www.w0yoorncgn.cu.cc/1a8bb1a7bf24c6016ceaaa727a_92ba6759-01010101e4c5/C/">To Unsubscribe Click Here</a> <h5>To enable all links in this message (including unsubscribe link), please click Not spam on a toolbar</h5> </body> </html>
  16. Aha! Yes I remember seeing that somewhere. No I do not have reports sent to me and will try it just to see. This is where I added my address to do this in the preferences. Thanks!
  17. emanmb

    Curious about amazonaws .com

    One could always send it directly to them but since @Lking says reports bounce, that's probably what will happen. My guess is the building of the SCBL is of more importance than reporting to a company's supposed abuse dept.
  18. emanmb

    Curious about amazonaws .com

    Thanks Well that's unfortunate! Just did a little googling and the answer seems apparent from what the domain is associated with.
  19. Came here to post the same thing!
  20. emanmb

    What is Knujon On About?

    I go this this email from Knujon today and I'm wondering what the SC reference is about. "Hello, Sorry for the lack of communication. We have been digging into a scandal which has consumed all of our time, but it will be worth it. The final product will shake internet governance to its core. This is all due to the contributions KnujOn members have made to this project and the issues directly relate to your reported abuse. We will be relocating data centers shortly to resolve a number of issues, some of you have already noted. The servers at COLDRAIN will gradually stand down and be replaced. We are in the process of setting up a new data center in the next few days. We have also noted the news about SpamCop and will accept any former members and do what we can to handle their traffic. The issue is being taken very seriously. If you have sent us specific questions we will answer them in time. Thank you for understanding. -Garth" What news about SC?? Why so serious?
  21. emanmb

    What is Knujon On About?

    Then this is strange then.
  22. emanmb

    Unicode domain names are breaking the parser

    I use the wrong OS to worry too much about the links, but I did click one in iOS 6 or mb it was OSX 10.7 (i think) and it was just a blank page. I'm sure from what petzl is saying that it was probably trying to do something evil tho.
  23. emanmb

    Unicode domain names are breaking the parser

    I was going to make my own post about this but fortunately I see I'm not the only one to have noticed this. My address issue is similar to salamander hxxp://okra.моуе.рф/?r=Click+here+to+proceed Result: Finding links in message body Parsing HTML part Resolving link obfuscation http:/ /okra.üþуõ.рф Tracking link: http:/ /okra./üþуõ.рф No recent reports, no history available okra. is not a hostname okra. is not a routeable IP address Cannot resolve http:/ /okra./üþуõ.рф Edited by SteveT to break links to avoid accidental undesired navigation.
  24. Getting a lot of these today. Backing up to the reporting page and clicking submit again sometimes cures it sometimes not, 500 Internal Server Error Sorry, your request could not be processed. Typically, this is the result of a temporary problem. Please re-try the operation which caused this error in a minute or two. You can even leave this error screen open and use your browser's "reload" button to re-try. Please do not press reload repeatedly though. Pressing the button more often does not resolve the problem faster. It just makes a bad situation worse. If you believe this is a bug which occurs only under specific circumstances or have observed the problem frequently, please contact us with a full description of the problem.
  25. emanmb

    Parsing error

    Yep.
×