Jump to content

jprogram

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jprogram

  • Rank
    Member
  1. Does OVH own other servers? Example: velia.net How can I tell if they run under OVH?
  2. OHV makes up about half of the website links in the message. I certainly have tons of work on relorting to the following: #1. e-mail server; #2. web server (based on e-mail's domain name); #3. Google (**trk.com); #4. DigitalOcean (end-of-the-redirect-chain website); #5. Whoever is hosting bogus unsubscribe forms.... Then you got the DNS providers for each server.
  3. That URL is one of many. You can see the list here... https://urlscan.io/ip/45.55.121.131 Not all of those sites are marked malicuous. Maybe rhe one for youmeasurewellness is a false negative?
  4. I'll use this spam as an example... https://www.spamcop.net/sc?id=z6642853265z193d6fb05ee9b701404ec2d508af48b0z If you use the domain name and add either "www", "ww1", or "web" prefixes -- the directory names doesn't matter, they'll redirect you the same way. Here is the chain of redirects (blocking out some details) http://www.uhcphysicianfinder.com/main.html/z9zIiTTp https://www.ks20trk.com/7BZ2W/6JHXF/?sub1=***** https://youmeasurewellness.com/?__ef_tid=442cc3002bca40b3871fef7afecd72d4&oid=4&affid=5 In this case, ks20trk.com was used. It really does not look like a URL shortener -- not saying it's not per se. Who do I go after from the chain? All of them? DNS severs too?
  5. Since April 20, 2020, spammers are now using some kind of web middleware to redirect one URL to a "middleman" URL to reach the destination URL. This trickery is bypassing the e-mail provider's spam filter. Here are those "middleman" URLs: tb42trk.com bx55trk.com ks20trk.com mrm30trk.com ds62trk.com Apparently, those are all owned by Google. So how do they work and what are those sites called?
  6. jprogram

    Link obfuscation flaw?

    Then what about using URL scanners to detect HTTP redirects? (i.e. URLscan) I also want to mention the process of different IP addresses sending the same constructed spam is "Snowshoe spam." To my understanding, some servers do use link obfuscation to detect the "head" of the spammer -- but not the spammer directly. ("All roads lead to...") But if spamcop is not serious on the links, then my next question of concern is: can spamcop even deal with "snowshoe" spam?
  7. jprogram

    Multiple spam redirecting to TopOnlineBargins

    Thanks for finding me the right term. I had two different kinds of snowshoe spam, now it's just one. One is the affiliate marketing spammers (phishing) for Top Online Bargins, and the other is a random hostname redirecting to another random hostname but with a same-styled Symfony webpage. I wonder what would be the best attack to report snowshoe spams without "talking to walls."
  8. I've been getting the same kind of spam for months now. All have something to do with an e-commerce site "Top Online Bargins." Each spam comes from a different website name which all redirects to different listings from toponlinebargins.com . I don't believe they are all associated by Top Online Bargins at all. After some research with URLSCAN, those redirecting websites have the same IP address under Mivocloud. But, here's the strange part: within 24 hours after I received the spam, the redirecting website switched to a single IP address from Psychz. By the way, all the e-mail servers that send the same spam are at completely random server providers. Therefore, I do not know how Spamcop would handle this. Anyone else getting this kind of spam?
  9. jprogram

    Link obfuscation flaw?

    I suppose I could, on my own, e-mail some of the web networks linked on the messages.
  10. I noticed if a spam message has more than eight links the obfuscation process is skipped. But it is skipping important links to scan that could lead to the spammer. For instance, any links using the same domain name as the e-mail's domain name should be scanned regardless. I'm hoping the link obfuscation doesn't get fooled by redirecting sites. I am believing the spam that I'm getting are deliberately flooding with links to bypass the obfuscation.
  11. Forgive a newbie for posting this, but after navigating a forum full of broken links and jargon, I needed to know a little more about Mailhost. I've gotten Mailhost setup to my e-mail by copy+paste the configuration e-mail with the headers onto Spamcop. I originally tried to forward the e-mail configuation but it was unsuccessful. So, my question is: what to do next? Is there anything different I need to know about once I got Mailhost set up? Anything I should be looking for?
×