Jump to content

Multiple spam redirecting to TopOnlineBargins


jprogram
 Share

Recommended Posts

I've been getting the same kind of spam for months now. All have something to do with an e-commerce site "Top Online Bargins."

Each spam comes from a different website name which all redirects to different listings from toponlinebargins.com . I don't believe they are all associated by Top Online Bargins at all. After some research with URLSCAN, those redirecting websites have the same IP address under Mivocloud. But, here's the strange part: within 24 hours after I received the spam, the redirecting website switched to a single IP address from Psychz.


By the way, all the e-mail servers that send the same spam are at completely random server providers. Therefore, I do not know how Spamcop would handle this.


Anyone else getting this kind of spam?

Link to comment
Share on other sites

On 3/25/2020 at 11:58 AM, jprogram said:

By the way, all the e-mail servers that send the same spam are at completely random server providers. Therefore, I do not know how Spamcop would handle this.

They sent it from different ISP to limit how quickly their IP is put into a blocklist.  If they can jump around enough, their can keep sending out their spam for days.  Now if everyone who got it reported it, we could get them on the block lists faster.  This is why they like to remotely use routers and IP cameras to send their spam as they don't care if good people get blocked.  SpamCop does have requirements to be added to the blocking list.  My guess is what you saw for the change from Mivocloud to Psychz is that either they wanted to change, or Mivocloud turned off their service and the spammer moved on.

(In my opinion, the faster we inconvience the spammer, they less they will desire to spam.)

Link to comment
Share on other sites

5 hours ago, gnarlymarley said:

They sent it from different ISP to limit how quickly their IP is put into a blocklist.

I found a term for this called snowshoe spamming.

http://forum.spamcop.net/topic/43662-spam-from-91192400-9119243255-and-21761730-2176173255/?do=findComment&comment=151467

Link to comment
Share on other sites

Thanks for finding me the right term.

I had two different kinds of snowshoe spam, now it's just one. One is the affiliate marketing spammers (phishing) for Top Online Bargins, and the other is a random hostname redirecting to another random hostname but with a same-styled Symfony webpage.

I wonder what would be the best attack to report snowshoe spams without  "talking to walls."

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...