jprogram Posted March 25, 2020 Share Posted March 25, 2020 I've been getting the same kind of spam for months now. All have something to do with an e-commerce site "Top Online Bargins." Each spam comes from a different website name which all redirects to different listings from toponlinebargins.com . I don't believe they are all associated by Top Online Bargins at all. After some research with URLSCAN, those redirecting websites have the same IP address under Mivocloud. But, here's the strange part: within 24 hours after I received the spam, the redirecting website switched to a single IP address from Psychz. By the way, all the e-mail servers that send the same spam are at completely random server providers. Therefore, I do not know how Spamcop would handle this. Anyone else getting this kind of spam? Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted March 28, 2020 Share Posted March 28, 2020 On 3/25/2020 at 11:58 AM, jprogram said: By the way, all the e-mail servers that send the same spam are at completely random server providers. Therefore, I do not know how Spamcop would handle this. They sent it from different ISP to limit how quickly their IP is put into a blocklist. If they can jump around enough, their can keep sending out their spam for days. Now if everyone who got it reported it, we could get them on the block lists faster. This is why they like to remotely use routers and IP cameras to send their spam as they don't care if good people get blocked. SpamCop does have requirements to be added to the blocking list. My guess is what you saw for the change from Mivocloud to Psychz is that either they wanted to change, or Mivocloud turned off their service and the spammer moved on. (In my opinion, the faster we inconvience the spammer, they less they will desire to spam.) Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted March 28, 2020 Share Posted March 28, 2020 5 hours ago, gnarlymarley said: They sent it from different ISP to limit how quickly their IP is put into a blocklist. I found a term for this called snowshoe spamming. http://forum.spamcop.net/topic/43662-spam-from-91192400-9119243255-and-21761730-2176173255/?do=findComment&comment=151467 Quote Link to comment Share on other sites More sharing options...
jprogram Posted March 29, 2020 Author Share Posted March 29, 2020 Thanks for finding me the right term. I had two different kinds of snowshoe spam, now it's just one. One is the affiliate marketing spammers (phishing) for Top Online Bargins, and the other is a random hostname redirecting to another random hostname but with a same-styled Symfony webpage. I wonder what would be the best attack to report snowshoe spams without "talking to walls." Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.