Jump to content
jprogram

Multiple spam redirecting to TopOnlineBargins

Recommended Posts

I've been getting the same kind of spam for months now. All have something to do with an e-commerce site "Top Online Bargins."

Each spam comes from a different website name which all redirects to different listings from toponlinebargins.com . I don't believe they are all associated by Top Online Bargins at all. After some research with URLSCAN, those redirecting websites have the same IP address under Mivocloud. But, here's the strange part: within 24 hours after I received the spam, the redirecting website switched to a single IP address from Psychz.


By the way, all the e-mail servers that send the same spam are at completely random server providers. Therefore, I do not know how Spamcop would handle this.


Anyone else getting this kind of spam?

Share this post


Link to post
Share on other sites
On 3/25/2020 at 11:58 AM, jprogram said:

By the way, all the e-mail servers that send the same spam are at completely random server providers. Therefore, I do not know how Spamcop would handle this.

They sent it from different ISP to limit how quickly their IP is put into a blocklist.  If they can jump around enough, their can keep sending out their spam for days.  Now if everyone who got it reported it, we could get them on the block lists faster.  This is why they like to remotely use routers and IP cameras to send their spam as they don't care if good people get blocked.  SpamCop does have requirements to be added to the blocking list.  My guess is what you saw for the change from Mivocloud to Psychz is that either they wanted to change, or Mivocloud turned off their service and the spammer moved on.

(In my opinion, the faster we inconvience the spammer, they less they will desire to spam.)

Share this post


Link to post
Share on other sites

Thanks for finding me the right term.

I had two different kinds of snowshoe spam, now it's just one. One is the affiliate marketing spammers (phishing) for Top Online Bargins, and the other is a random hostname redirecting to another random hostname but with a same-styled Symfony webpage.

I wonder what would be the best attack to report snowshoe spams without  "talking to walls."

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×