Ok now this is just stupid on the part of wix.com
I was getting some spam where a site on wix.com
was being used as a redirect typical spammer tricks
I have seen for years as I fight against spammers.
Nothing new there.

It is a bunch of fake Dick's Sporting goods emails
saying that I have been chosen to participate in their
customer loyalty program. The spam isn't from Dick's Sporting
Goods. Just some phishing attempt as far as I can see.


https://shoutout.wix.com/so/cdOCngLs9/c?w=kCYnydbHhM6hDUiAY_O5AlENiRqT5mEwPUT2xehM6gc.eyJ1IjoiaHR0cDovLzk2NDU0MjQ1MjQ1Mi5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiZWZkNjEwYzMtNzQyYS00NDVjLTA1Y2UtZTJiZmYyZThkMTFjIiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wM
IP: 185.230.63.199

For the record the spam was relayed though
microsoft.com who was contacted along with
the abuse department at velia.net and hosteurope.de
who are now both godaddy.com companies and don't
respond.

This spam was relayed though IP 40.107.11.51
(microsoft.com)

The spammer used the IP address of 92.204.190.178
to send out this garbage!
(velia.net / hosteurope.de) (AS29066)

https://www.cidr-report.org/cgi-bin/as-report?as=AS29066

So I sent an email to abuse -[at]- wix.com expecting
them to possibly do something about it.

Nope I guess not this was the response I got from Wix.com

"delmi-dominguez (Wix Support)
September 12, 2022 4:58 PM (UTC-04:00)

Hi <NAME REDACTED>,

Thank you for contacting us about this and for reporting spam.

We are sorry to hear that Wix platform was used to send unsolicited emails.

If you don't want to receive any messages from this sender, please be
sure to follow these instructions to unsubscribe: Unsubscribing from an
Email Campaign Mailing List.

We flagged this user's account and we will be monitoring their further
user's activity for spamming. If such an incident happens again we may
block the user's ability to send out newsletters via Wix.

Feel free to notify us in case this happens again.

Best Regards
Delmi | Wix Customer Care "

The link they give me for
"Unsubscribing from an Email Campaign Mailing List."

https://support.wix.com/en/article/unsubscribing-from-an-email-campaign-mailing-list

I emailed them back and said most spammers do not honor remove requests
anyways and that is a bad idea to click on the remove links anyways.

https://www.bustle.com/p/is-it-safe-to-unsubscribe-from-spam-emails-be-careful-what-you-click-18788915

"it actually isn't safe to unsubscribe from spam emails this way — in
fact, some scammers rely on your click to access even more of your
information"

"According to Rick's Daily Tips, a blog run by an A+ certified computer
tech, you shouldn't click the unsubscribe button in any questionable
spam emails. As the blog outlines, doing this can have multiple negative consequences. For one, it can confirm that your email address is indeed
valid, which will likely prompt a spammer to continue contacting you, at
the very least, the website says. Furthermore, clicking the unsubscribe
button in a spam email can also sometimes result in you being linked to
spam websites, including ones that can download viruses to your computer
or encourage you to participate in some type of fraudulent online
activity, the blog emphasizes."


Also I have reported the same spammer a few times now and still getting
spammed and all they do is "flag the account" I keep reporting it they
seem to keep ignoring the abuse. They also say that they are going to
block the ability to send out newsletters via wix but I tell them
clearly in my email that the spam was sent though microsoft.com and
that the spammer is using a site on their network as a redirect but
they didn't seem to clue into that. Duh wix.com!

I have actually gotten the same response from wix.com twice now when
I ask for a manager they just copy and paste the same garbage back
to me again.

So they are just telling me to unsubscribe and won't do anything
about the site on their network. Wow just wow wix.com is dirty as
hell.

The spam was not sent though wix.com the spammer is just using what
is probably a free site on wix.com and I was trying to get the redirect
shut down.

https://www.wix.com/about/terms-of-use

As per their TOS it is a violation of their terms but yet
wix.com won't enforce their TOS.

https://www.wix.com/about/terms-of-use

17. use any of the Wix Services and/or User Platform in connection with
any form of spam, unsolicited mail, fraud, scam, phishing, “chain
letters”, “pyramid schemes” or similar conduct, or otherwise engage in unethical marketing or advertising;

Anyone else have issues with wix.com when you email their abuse
department?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 9/14/22 05:51, Post To Usenet wrote:
..

The spam was not sent though wix.com the spammer is just using what
is probably a free site on wix.com and I was trying to get the redirect
shut down.

..
In my logs only one in 2015
validate4.wix.com=216.185.152.145=hostway.com

I remember that I needed to report to hostway.com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-09-14 12:27 a.m., tjoen wrote:

On 9/14/22 05:51, Post To Usenet wrote:
..

The spam was not sent though wix.com the spammer is just using what
is probably a free site on wix.com and I was trying to get the redirect
shut down.

..
In my logs only one in 2015
validate4.wix.com=216.185.152.145=hostway.com

I remember that I needed to report to hostway.com

No reports on abuseipdb.com for that IP that you were getting
spam from hmmm..

https://www.abuseipdb.com/check/216.185.152.145


Oh I know hostway.com they are horrible they don't act
easily on abuse complaints you gotta keep hounding them.

I was getting spam from IP 64.41.126.152 on hostway.com
quite a while back I remember them.

https://www.abuseipdb.com/check/64.41.126.152

So it looks like after I hounded wix.com this morning that they
finally just removed the site in question from their servers after
at lest a half dozen emails back and forth.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday, 13 September 2022 21:51 -0600,
in article <tfrj3v$2qipk$1@dont-email.me>,
Jamie "Post To Usenet" Baillie <posttousenet@gmail.com> wrote:

Ok now this is just stupid on the part of wix.com
I was getting some spam where a site on wix.com
was being used as a redirect typical spammer tricks
I have seen for years as I fight against spammers.
Nothing new there.

[...]

https://shoutout.wix.com/so/cdOCngLs9/c?w=kCYnydbHhM6hDUiAY_O5AlENiRqT5mEwPUT2xehM6gc.

eyJ1IjoiaHR0cDovLzk2NDU0MjQ1MjQ1Mi5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiZWZkNjEwYzMtNzQyYS00NDVjLTA1Y2UtZTJiZmYyZThkMTFjIiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wM

IP: 185.230.63.199

Jamie,

While you are dissatisfied with the response you received from
wix.com, this URL is no longer functional.

$ curl -ILk https://shoutout.wix.com/so/cdOCngLs9/
HTTP/1.1 404 Not Found
Date: Wed, 14 Sep 2022 19:11:54 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3040
Connection: keep-alive
set-cookie: XSRF-TOKEN=1663182714|Bje7myCPMOWt;Path=/;Domain=.wix.com;Secure;SameSite=None
cache-control: no-cache
content-language: en
vary: Accept-Encoding
X-Seen-By: m0j2EEknGIVUW/liY8BLLsZceaXrH9bpWAOkFMPzqaGWWveFEnegpnkLxzZh8fhS,++r5XCRb/6cYf+PEtyYPdAt3BetCdHe1cuClXjWDyCGqIXnHwzry/fRu1OrE4paF4OpK7JQv7mb0KvO6UfxcQQ==,r6yY0ta7bIKrqK70x072lbvoDo9+MvMZlVIA6AR4lnk=,
ha2BjfnpoaWsa89DnyiXUB1Yad6dhvlcKxvg800NCK5YgeUJqUXtid+86vZww+nL,EJPgQkiJ1uIii9vVxis+2lwWw7qMORmcvF/6uWKFSNVEQfi00LSS7LJu7sdkoLsD/aSFI5dPN02lnqwHvrx+iw==,ha2BjfnpoaWsa89DnyiXUB1Yad6dhvlcKxvg800NCK5YgeUJqUXtid+86vZww+nL,
ha2BjfnpoaWsa89DnyiXUPGKDLkUk1WGrgyrqbm56CCLL1EM3nTI0Ni4xGOkWCVG,xcng7sTk3ADdZYw5QlZiWsxkVtRblJkthXQhkHKBYdp5nLzJ4M0yWgpFItp08ujQkJ8oDNug9pZsfoqDCYwDNf7pQT41djsKuNyL0rYZOaA=,ha2BjfnpoaWsa89DnyiXUJKwyKREZ9Dgux9K66MvTF1YgeUJqUXtid+86vZww+nL,
2fKwxo2iHl5wyQOVdzqd11a47r8T9KQ0CvrmWtlNK+tEQfi00LSS7LJu7sdkoLsDFEjaXeK7m+ZwpkZn6GNgQw==
X-Wix-Request-Id: 1663182714.5094671973419118603
Server: Pepyaka/1.19.10
X-Content-Type-Options: nosniff

185.230.63.199 unalocated.63.wixsite.com : sbl.spamhaus.org : BLOCKED (127.255.255.254)
https://www.spamhaus.org/sbl/query/SBL542518

Additionally:

$ dig +norecurse @dns1.p03.nsone.net shoutout.wix.com | grep IN ;shoutout.wix.com. IN A
shoutout.wix.com. 1800 IN CNAME verticals.wix.com. verticals.wix.com. 300 IN CNAME 168.verticals.sv5.wix.com. 168.verticals.sv5.wix.com. 1800 IN A 185.230.61.168

You may now resume your whine.

- --
David Ritz <dritz@mindspring.com>
"Eminence without merit earns deference without esteem."
- Sebastien-Roch Nicolas de Chamfort (1741-94)

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYyIsHAAKCRBSvCmZGhLe 605qAJ9YShCaxiWUSzjMEZ+4JI/OYkpBCwCg2oYrVelVq5KefUK7BgSkBko1nJU=
=ARKV
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 14 Sep 2022 14:31:40 -0500, David Ritz wrote:

While you are dissatisfied with the response you received from
wix.com, this URL is no longer functional.

Was calling the long URL with the browser. Indeed. It says "Campaign has
been removed".

I also seem to remember that WIX DOES have a working abuse desk.
--
Andreas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-09-14 1:31 p.m., David Ritz wrote:> On Tuesday, 13 September
2022 21:51 -0600,

in article <tfrj3v$2qipk$1@dont-email.me>,
<SNIP a lot of dribble>
You may now resume your whine.

They just disabled it this morning after I posted that long post here
they disabled it the next morning So this was posted before they
disabled it.

It actually didn't get disabled until the next day after I made this
post so your a day late Mr. Ritz.


Whiiiiiiiiiiiinnnnnnnnneeeeee! LOL

There you happy Mr. Ritz?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-09-14 6:12 p.m., Andreas Kohlbach wrote:

On Wed, 14 Sep 2022 14:31:40 -0500, David Ritz wrote:

While you are dissatisfied with the response you received from
wix.com, this URL is no longer functional.

Was calling the long URL with the browser. Indeed. It says "Campaign has
been removed".

I also seem to remember that WIX DOES have a working abuse desk.

I don't know about working :) maybe dysfunctional abuse desk
you have to hound them to get them to actually do anything.

Shouldn't take like 6 emails to get them to disable a site they
seem quite resistant to do anything. But if you push them enough
eventually maybe they will finally do something.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 14 Sep 2022 22:33:00 -0600, Post To Usenet wrote:

On 2022-09-14 6:12 p.m., Andreas Kohlbach wrote:

On Wed, 14 Sep 2022 14:31:40 -0500, David Ritz wrote:

While you are dissatisfied with the response you received from
wix.com, this URL is no longer functional.

Was calling the long URL with the browser. Indeed. It says "Campaign
has
been removed".
I also seem to remember that WIX DOES have a working abuse desk.

I don't know about working :) maybe dysfunctional abuse desk
you have to hound them to get them to actually do anything.

Shouldn't take like 6 emails to get them to disable a site they
seem quite resistant to do anything. But if you push them enough
eventually maybe they will finally do something.

You're probably right. Today it's either bug them again and again (first
get past their bot), that something is done. Or nothing happens at all,
as with Google.

Godaddy is (or was, due to privacy stuff with the whois listings being "anonymized") also kicking customers. But only if their whois contains
false entries. Then they get a couple of days or get removed. I could
verify in the past that they actually kick them. So when checking a
spammer's whois (and they are at Godaddy) and it contains bogus data,
there is a link below to fill out a report.
--
Andreas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 15 Sep 2022 18:47:55 -0600, Post To Usenet wrote:

And another round of abuse coming from wix.com today.

I have multiple tickets created on wix.com about this
matter they told me it was shut down guess the spammer
got the account reactivated some how and it is being
used as a redirect again.

Same site starting with
"https://shoutout.wix.com"

The tickets I have currently on wix.com

ticket number: 1912641432
ticket number: 528989546
ticket number: 519219630
ticket number: 582765959

This one was claiming to be from Ace Hardware
saying that I was chosen to participate in their
loyalty program for free to win a Milwaukee power
drill yet another scam.

https://shoutout.wix.com/so/d9OCxZHEC/c?w=ehOGfXy8Gf5ngvuteeJtFF-fzIxuDsxxl0s3n04yGdE.

eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiOTUzMGU1MjktMjg2MC00NDIzLTBmODItZmE2MmZmM2VjMTE5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0#/22/DKIM/1063503-2088-0

IP: 185.230.60.180 (wix.com)

Which redirects to

http://654546544643243245.storage.googleapis.com/r#/22/DKIM/1063503-2088-0 IP: 142.251.215.240 (google.com)

Then to the real google.com. I wonder why.

https://shoutout.wix.com/so/d9OCxZHEC/c?w=pavIywXBurhwkvav3mP_n1hlw7SpLaKiFUoi0mWuQWs.

eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3UiLCJyIjoiYTU0NzFmMzUtMjUwMy00N2M2LTM5NTYtYThjZmYzYTM0MWI5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0

IP: 185.230.60.180 (wix.com)

Which redirects to

https://indorwork.com/0/0/0/u94318927818a9d30d2768dd52747f194
IP: 69.51.5.225 (highspeedweb.net)

Goes to an unsubscribe page.

I've seen these redirects (to Google and unsubscribe pages) a lot. I
wonder what the real page would be. May be spammy is noticing that I use
Linux and doesn't bother to run an exploit?
--
Andreas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

And another round of abuse coming from wix.com today.


I have multiple tickets created on wix.com about this
matter they told me it was shut down guess the spammer
got the account reactivated some how and it is being
used as a redirect again.

Same site starting with
"https://shoutout.wix.com"


The tickets I have currently on wix.com

ticket number: 1912641432
ticket number: 528989546
ticket number: 519219630
ticket number: 582765959


This one was claiming to be from Ace Hardware
saying that I was chosen to participate in their
loyalty program for free to win a Milwaukee power
drill yet another scam.


https://shoutout.wix.com/so/d9OCxZHEC/c?w=ehOGfXy8Gf5ngvuteeJtFF-fzIxuDsxxl0s3n04yGdE.
eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiOTUzMGU1MjktMjg2MC00NDIzLTBmODItZmE2MmZmM2VjMTE5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0#/22/DKIM/1063503-2088-0
IP: 185.230.60.180 (wix.com)

Which redirects to

http://654546544643243245.storage.googleapis.com/r#/22/DKIM/1063503-2088-0
IP: 142.251.215.240 (google.com)


https://shoutout.wix.com/so/d9OCxZHEC/c?w=pavIywXBurhwkvav3mP_n1hlw7SpLaKiFUoi0mWuQWs.
eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3UiLCJyIjoiYTU0NzFmMzUtMjUwMy00N2M2LTM5NTYtYThjZmYzYTM0MWI5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0
IP: 185.230.60.180 (wix.com)

Which redirects to

https://indorwork.com/0/0/0/u94318927818a9d30d2768dd52747f194
IP: 69.51.5.225 (highspeedweb.net)

Spam was relayed though microsoft.com on IP 40.107.11.91
And the spammer was using the IP address of 92.204.249.46
to send out this garbage.

(velia.net / hosteurope.de) (AS29066)

https://www.cidr-report.org/cgi-bin/as-report?as=AS29066


Another day and yet more abuse where wix.com continues
to be used as a redirect for the spammer's websites.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)