Emails from {redacted}@crowdskout.com falsely claiming to be from DHL demanding money in USD (not my ... show moreEmails from {redacted}@crowdskout.com falsely claiming to be from DHL demanding money in USD (not my currency) for an undelivered item. Email delivery also uses the headers of IP 23.236.62.147 and google.com passing DKIM and SPF. Also, this same company or individual had previously exploited namecheap.com which had also passed checks. show less
Emails from {redacted}@crowdskout.com falsely claiming to be from DHL demanding money in USD (not my ... show moreEmails from {redacted}@crowdskout.com falsely claiming to be from DHL demanding money in USD (not my currency) for an undelivered item. Email delivery also uses the headers of amazonses.com and IP 54.240.78.213 passing DKIM and SPF. Also, this same company or individual had previously exploited namecheap.com which had also passed checks. show less
Report: https://www.namecheap.com/status-updates/archives/74848
Update: Safe Domain. This IP ... show moreReport: https://www.namecheap.com/status-updates/archives/74848
Update: Safe Domain. This IP appears to belong to Namecheap. After submitting a report to Namecheap, an investigation into the matter has taken place regarding a security/host exploit.
Email from CEO of Namecheap: Dear {redacted}
We are writing to inform you of a recent issue with our email system.
Our investigation has revealed that an upstream (third party) system that we use to send emails has been impacted. This caused unauthorized emails being sent on our behalf. We have immediately suspended the sending of emails until the issue is resolved.
We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure.
We kindly request that you ignore these emails and do not click on any links contained within them. Our team is currently working closely with the upstream provider to investigate the root cause.
Fraudulent email claiming to be from DHL but sent from customer support at "@namecheap.com" which is ... show moreFraudulent email claiming to be from DHL but sent from customer support at "@namecheap.com" which is possibly a spoofed Namecheap record despite passing both dkim and spf checks.
Offending IP/Domains: iterable.com, accomplish-delivery.mysafebridge.info, 149.72.141.59
Contents: "We regret to inform you that your parcel was not able to be delivered on the specified date, 12/02/2023. The parcel is currently located in the DHL warehouse near your town.
The reason for the delay was that the sender did not pay the necessary fees for the delivery. To avoid the parcel being returned, we ask that you pay the fee of 6.95 USD. You can track your parcel and pay the fee by clicking the tracking button." show less
DNS CompromiseFraud OrdersPhishingEmail SpamSpoofing
This IP address is trusted but abused by FireFox which invades every other web browser or installed ... show moreThis IP address is trusted but abused by FireFox which invades every other web browser or installed internet connected application. Uninstalling the FireFox web browser or related products stops loopback proxy and scans on windows 10. It is not known why FireFox needs access to other apps but this is clearly invasive and raises red flags on data protection and other user rights. Otherwise this is used for regular windows 10 updates but should not be active for every user interaction on their device similar to those of trojans. show less
Trojan detected by Malwarebytes. Constantly enables a proxy with loopback on Windows 10. If this pro ... show moreTrojan detected by Malwarebytes. Constantly enables a proxy with loopback on Windows 10. If this proxy is disabled and removed it is automatically added back and re-enabled. show less
Open ProxyPort ScanHackingExploited Host
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.
54.240.78.213