• wix.com tells you to unsubscribe from their spammers

    From Post To Usenet@21:1/5 to All on Tue Sep 13 21:51:27 2022
    Ok now this is just stupid on the part of wix.com
    I was getting some spam where a site on wix.com
    was being used as a redirect typical spammer tricks
    I have seen for years as I fight against spammers.
    Nothing new there.

    It is a bunch of fake Dick's Sporting goods emails
    saying that I have been chosen to participate in their
    customer loyalty program. The spam isn't from Dick's Sporting
    Goods. Just some phishing attempt as far as I can see.


    https://shoutout.wix.com/so/cdOCngLs9/c?w=kCYnydbHhM6hDUiAY_O5AlENiRqT5mEwPUT2xehM6gc.eyJ1IjoiaHR0cDovLzk2NDU0MjQ1MjQ1Mi5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiZWZkNjEwYzMtNzQyYS00NDVjLTA1Y2UtZTJiZmYyZThkMTFjIiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wM
    IP: 185.230.63.199

    For the record the spam was relayed though
    microsoft.com who was contacted along with
    the abuse department at velia.net and hosteurope.de
    who are now both godaddy.com companies and don't
    respond.

    This spam was relayed though IP 40.107.11.51
    (microsoft.com)

    The spammer used the IP address of 92.204.190.178
    to send out this garbage!
    (velia.net / hosteurope.de) (AS29066)

    https://www.cidr-report.org/cgi-bin/as-report?as=AS29066

    So I sent an email to abuse -[at]- wix.com expecting
    them to possibly do something about it.

    Nope I guess not this was the response I got from Wix.com

    "delmi-dominguez (Wix Support)
    September 12, 2022 4:58 PM (UTC-04:00)

    Hi <NAME REDACTED>,

    Thank you for contacting us about this and for reporting spam.

    We are sorry to hear that Wix platform was used to send unsolicited emails.

    If you don't want to receive any messages from this sender, please be
    sure to follow these instructions to unsubscribe: Unsubscribing from an
    Email Campaign Mailing List.

    We flagged this user's account and we will be monitoring their further
    user's activity for spamming. If such an incident happens again we may
    block the user's ability to send out newsletters via Wix.

    Feel free to notify us in case this happens again.

    Best Regards
    Delmi | Wix Customer Care "

    The link they give me for
    "Unsubscribing from an Email Campaign Mailing List."

    https://support.wix.com/en/article/unsubscribing-from-an-email-campaign-mailing-list

    I emailed them back and said most spammers do not honor remove requests
    anyways and that is a bad idea to click on the remove links anyways.

    https://www.bustle.com/p/is-it-safe-to-unsubscribe-from-spam-emails-be-careful-what-you-click-18788915

    "it actually isn't safe to unsubscribe from spam emails this way — in
    fact, some scammers rely on your click to access even more of your
    information"

    "According to Rick's Daily Tips, a blog run by an A+ certified computer
    tech, you shouldn't click the unsubscribe button in any questionable
    spam emails. As the blog outlines, doing this can have multiple negative consequences. For one, it can confirm that your email address is indeed
    valid, which will likely prompt a spammer to continue contacting you, at
    the very least, the website says. Furthermore, clicking the unsubscribe
    button in a spam email can also sometimes result in you being linked to
    spam websites, including ones that can download viruses to your computer
    or encourage you to participate in some type of fraudulent online
    activity, the blog emphasizes."


    Also I have reported the same spammer a few times now and still getting
    spammed and all they do is "flag the account" I keep reporting it they
    seem to keep ignoring the abuse. They also say that they are going to
    block the ability to send out newsletters via wix but I tell them
    clearly in my email that the spam was sent though microsoft.com and
    that the spammer is using a site on their network as a redirect but
    they didn't seem to clue into that. Duh wix.com!

    I have actually gotten the same response from wix.com twice now when
    I ask for a manager they just copy and paste the same garbage back
    to me again.

    So they are just telling me to unsubscribe and won't do anything
    about the site on their network. Wow just wow wix.com is dirty as
    hell.

    The spam was not sent though wix.com the spammer is just using what
    is probably a free site on wix.com and I was trying to get the redirect
    shut down.

    https://www.wix.com/about/terms-of-use

    As per their TOS it is a violation of their terms but yet
    wix.com won't enforce their TOS.

    https://www.wix.com/about/terms-of-use

    17. use any of the Wix Services and/or User Platform in connection with
    any form of spam, unsolicited mail, fraud, scam, phishing, “chain
    letters”, “pyramid schemes” or similar conduct, or otherwise engage in unethical marketing or advertising;

    Anyone else have issues with wix.com when you email their abuse
    department?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tjoen@21:1/5 to Post To Usenet on Wed Sep 14 08:27:23 2022
    On 9/14/22 05:51, Post To Usenet wrote:
    ..
    The spam was not sent though wix.com the spammer is just using what
    is probably a free site on wix.com and I was trying to get the redirect
    shut down.
    ..
    In my logs only one in 2015
    validate4.wix.com=216.185.152.145=hostway.com

    I remember that I needed to report to hostway.com

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to tjoen on Wed Sep 14 08:56:34 2022
    On 2022-09-14 12:27 a.m., tjoen wrote:
    On 9/14/22 05:51, Post To Usenet wrote:
    ..
    The spam was not sent though wix.com the spammer is just using what
    is probably a free site on wix.com and I was trying to get the redirect
    shut down.
    ..
    In my logs only one in 2015
    validate4.wix.com=216.185.152.145=hostway.com

    I remember that I needed to report to hostway.com



    No reports on abuseipdb.com for that IP that you were getting
    spam from hmmm..

    https://www.abuseipdb.com/check/216.185.152.145


    Oh I know hostway.com they are horrible they don't act
    easily on abuse complaints you gotta keep hounding them.

    I was getting spam from IP 64.41.126.152 on hostway.com
    quite a while back I remember them.

    https://www.abuseipdb.com/check/64.41.126.152

    So it looks like after I hounded wix.com this morning that they
    finally just removed the site in question from their servers after
    at lest a half dozen emails back and forth.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Ritz@21:1/5 to Jamie "Post To Usenet" Baillie on Wed Sep 14 14:31:40 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Tuesday, 13 September 2022 21:51 -0600,
    in article <tfrj3v$2qipk$1@dont-email.me>,
    Jamie "Post To Usenet" Baillie <posttousenet@gmail.com> wrote:

    Ok now this is just stupid on the part of wix.com
    I was getting some spam where a site on wix.com
    was being used as a redirect typical spammer tricks
    I have seen for years as I fight against spammers.
    Nothing new there.

    [...]

    https://shoutout.wix.com/so/cdOCngLs9/c?w=kCYnydbHhM6hDUiAY_O5AlENiRqT5mEwPUT2xehM6gc.
    eyJ1IjoiaHR0cDovLzk2NDU0MjQ1MjQ1Mi5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiZWZkNjEwYzMtNzQyYS00NDVjLTA1Y2UtZTJiZmYyZThkMTFjIiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wM
    IP: 185.230.63.199

    Jamie,

    While you are dissatisfied with the response you received from
    wix.com, this URL is no longer functional.

    $ curl -ILk https://shoutout.wix.com/so/cdOCngLs9/
    HTTP/1.1 404 Not Found
    Date: Wed, 14 Sep 2022 19:11:54 GMT
    Content-Type: text/html;charset=utf-8
    Content-Length: 3040
    Connection: keep-alive
    set-cookie: XSRF-TOKEN=1663182714|Bje7myCPMOWt;Path=/;Domain=.wix.com;Secure;SameSite=None
    cache-control: no-cache
    content-language: en
    vary: Accept-Encoding
    X-Seen-By: m0j2EEknGIVUW/liY8BLLsZceaXrH9bpWAOkFMPzqaGWWveFEnegpnkLxzZh8fhS,++r5XCRb/6cYf+PEtyYPdAt3BetCdHe1cuClXjWDyCGqIXnHwzry/fRu1OrE4paF4OpK7JQv7mb0KvO6UfxcQQ==,r6yY0ta7bIKrqK70x072lbvoDo9+MvMZlVIA6AR4lnk=,
    ha2BjfnpoaWsa89DnyiXUB1Yad6dhvlcKxvg800NCK5YgeUJqUXtid+86vZww+nL,EJPgQkiJ1uIii9vVxis+2lwWw7qMORmcvF/6uWKFSNVEQfi00LSS7LJu7sdkoLsD/aSFI5dPN02lnqwHvrx+iw==,ha2BjfnpoaWsa89DnyiXUB1Yad6dhvlcKxvg800NCK5YgeUJqUXtid+86vZww+nL,
    ha2BjfnpoaWsa89DnyiXUPGKDLkUk1WGrgyrqbm56CCLL1EM3nTI0Ni4xGOkWCVG,xcng7sTk3ADdZYw5QlZiWsxkVtRblJkthXQhkHKBYdp5nLzJ4M0yWgpFItp08ujQkJ8oDNug9pZsfoqDCYwDNf7pQT41djsKuNyL0rYZOaA=,ha2BjfnpoaWsa89DnyiXUJKwyKREZ9Dgux9K66MvTF1YgeUJqUXtid+86vZww+nL,
    2fKwxo2iHl5wyQOVdzqd11a47r8T9KQ0CvrmWtlNK+tEQfi00LSS7LJu7sdkoLsDFEjaXeK7m+ZwpkZn6GNgQw==
    X-Wix-Request-Id: 1663182714.5094671973419118603
    Server: Pepyaka/1.19.10
    X-Content-Type-Options: nosniff

    185.230.63.199 unalocated.63.wixsite.com : sbl.spamhaus.org : BLOCKED (127.255.255.254)
    https://www.spamhaus.org/sbl/query/SBL542518

    Additionally:

    $ dig +norecurse @dns1.p03.nsone.net shoutout.wix.com | grep IN ;shoutout.wix.com. IN A
    shoutout.wix.com. 1800 IN CNAME verticals.wix.com. verticals.wix.com. 300 IN CNAME 168.verticals.sv5.wix.com. 168.verticals.sv5.wix.com. 1800 IN A 185.230.61.168

    You may now resume your whine.

    - --
    David Ritz <dritz@mindspring.com>
    "Eminence without merit earns deference without esteem."
    - Sebastien-Roch Nicolas de Chamfort (1741-94)

    -----BEGIN PGP SIGNATURE-----

    iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYyIsHAAKCRBSvCmZGhLe 605qAJ9YShCaxiWUSzjMEZ+4JI/OYkpBCwCg2oYrVelVq5KefUK7BgSkBko1nJU=
    =ARKV
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas Kohlbach@21:1/5 to David Ritz on Wed Sep 14 20:12:25 2022
    On Wed, 14 Sep 2022 14:31:40 -0500, David Ritz wrote:

    While you are dissatisfied with the response you received from
    wix.com, this URL is no longer functional.

    Was calling the long URL with the browser. Indeed. It says "Campaign has
    been removed".

    I also seem to remember that WIX DOES have a working abuse desk.
    --
    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to David Ritz on Wed Sep 14 22:31:09 2022
    On 2022-09-14 1:31 p.m., David Ritz wrote:> On Tuesday, 13 September
    2022 21:51 -0600,
    in article <tfrj3v$2qipk$1@dont-email.me>,
    <SNIP a lot of dribble>
    You may now resume your whine.

    They just disabled it this morning after I posted that long post here
    they disabled it the next morning So this was posted before they
    disabled it.

    It actually didn't get disabled until the next day after I made this
    post so your a day late Mr. Ritz.


    Whiiiiiiiiiiiinnnnnnnnneeeeee! LOL

    There you happy Mr. Ritz?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to Andreas Kohlbach on Wed Sep 14 22:33:00 2022
    On 2022-09-14 6:12 p.m., Andreas Kohlbach wrote:
    On Wed, 14 Sep 2022 14:31:40 -0500, David Ritz wrote:

    While you are dissatisfied with the response you received from
    wix.com, this URL is no longer functional.

    Was calling the long URL with the browser. Indeed. It says "Campaign has
    been removed".

    I also seem to remember that WIX DOES have a working abuse desk.

    I don't know about working :) maybe dysfunctional abuse desk
    you have to hound them to get them to actually do anything.

    Shouldn't take like 6 emails to get them to disable a site they
    seem quite resistant to do anything. But if you push them enough
    eventually maybe they will finally do something.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas Kohlbach@21:1/5 to Post To Usenet on Thu Sep 15 14:09:27 2022
    On Wed, 14 Sep 2022 22:33:00 -0600, Post To Usenet wrote:

    On 2022-09-14 6:12 p.m., Andreas Kohlbach wrote:
    On Wed, 14 Sep 2022 14:31:40 -0500, David Ritz wrote:

    While you are dissatisfied with the response you received from
    wix.com, this URL is no longer functional.
    Was calling the long URL with the browser. Indeed. It says "Campaign
    has
    been removed".
    I also seem to remember that WIX DOES have a working abuse desk.

    I don't know about working :) maybe dysfunctional abuse desk
    you have to hound them to get them to actually do anything.

    Shouldn't take like 6 emails to get them to disable a site they
    seem quite resistant to do anything. But if you push them enough
    eventually maybe they will finally do something.

    You're probably right. Today it's either bug them again and again (first
    get past their bot), that something is done. Or nothing happens at all,
    as with Google.

    Godaddy is (or was, due to privacy stuff with the whois listings being "anonymized") also kicking customers. But only if their whois contains
    false entries. Then they get a couple of days or get removed. I could
    verify in the past that they actually kick them. So when checking a
    spammer's whois (and they are at Godaddy) and it contains bogus data,
    there is a link below to fill out a report.
    --
    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andreas Kohlbach@21:1/5 to Post To Usenet on Thu Sep 15 21:07:41 2022
    On Thu, 15 Sep 2022 18:47:55 -0600, Post To Usenet wrote:

    And another round of abuse coming from wix.com today.


    I have multiple tickets created on wix.com about this
    matter they told me it was shut down guess the spammer
    got the account reactivated some how and it is being
    used as a redirect again.

    Same site starting with
    "https://shoutout.wix.com"


    The tickets I have currently on wix.com

    ticket number: 1912641432
    ticket number: 528989546
    ticket number: 519219630
    ticket number: 582765959


    This one was claiming to be from Ace Hardware
    saying that I was chosen to participate in their
    loyalty program for free to win a Milwaukee power
    drill yet another scam.


    https://shoutout.wix.com/so/d9OCxZHEC/c?w=ehOGfXy8Gf5ngvuteeJtFF-fzIxuDsxxl0s3n04yGdE.
    eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiOTUzMGU1MjktMjg2MC00NDIzLTBmODItZmE2MmZmM2VjMTE5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0#/22/DKIM/1063503-2088-0
    IP: 185.230.60.180 (wix.com)

    Which redirects to

    http://654546544643243245.storage.googleapis.com/r#/22/DKIM/1063503-2088-0 IP: 142.251.215.240 (google.com)

    Then to the real google.com. I wonder why.

    https://shoutout.wix.com/so/d9OCxZHEC/c?w=pavIywXBurhwkvav3mP_n1hlw7SpLaKiFUoi0mWuQWs.
    eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3UiLCJyIjoiYTU0NzFmMzUtMjUwMy00N2M2LTM5NTYtYThjZmYzYTM0MWI5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0
    IP: 185.230.60.180 (wix.com)

    Which redirects to

    https://indorwork.com/0/0/0/u94318927818a9d30d2768dd52747f194
    IP: 69.51.5.225 (highspeedweb.net)

    Goes to an unsubscribe page.

    I've seen these redirects (to Google and unsubscribe pages) a lot. I
    wonder what the real page would be. May be spammy is noticing that I use
    Linux and doesn't bother to run an exploit?
    --
    Andreas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Post To Usenet@21:1/5 to All on Thu Sep 15 18:47:55 2022
    And another round of abuse coming from wix.com today.


    I have multiple tickets created on wix.com about this
    matter they told me it was shut down guess the spammer
    got the account reactivated some how and it is being
    used as a redirect again.

    Same site starting with
    "https://shoutout.wix.com"


    The tickets I have currently on wix.com

    ticket number: 1912641432
    ticket number: 528989546
    ticket number: 519219630
    ticket number: 582765959


    This one was claiming to be from Ace Hardware
    saying that I was chosen to participate in their
    loyalty program for free to win a Milwaukee power
    drill yet another scam.


    https://shoutout.wix.com/so/d9OCxZHEC/c?w=ehOGfXy8Gf5ngvuteeJtFF-fzIxuDsxxl0s3n04yGdE.
    eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3IiLCJyIjoiOTUzMGU1MjktMjg2MC00NDIzLTBmODItZmE2MmZmM2VjMTE5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0#/22/DKIM/1063503-2088-0
    IP: 185.230.60.180 (wix.com)

    Which redirects to

    http://654546544643243245.storage.googleapis.com/r#/22/DKIM/1063503-2088-0
    IP: 142.251.215.240 (google.com)


    https://shoutout.wix.com/so/d9OCxZHEC/c?w=pavIywXBurhwkvav3mP_n1hlw7SpLaKiFUoi0mWuQWs.
    eyJ1IjoiaHR0cDovLzY1NDU0NjU0NDY0MzI0MzI0NS5zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3UiLCJyIjoiYTU0NzFmMzUtMjUwMy00N2M2LTM5NTYtYThjZmYzYTM0MWI5IiwibSI6Im1haWwiLCJjIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0
    IP: 185.230.60.180 (wix.com)

    Which redirects to

    https://indorwork.com/0/0/0/u94318927818a9d30d2768dd52747f194
    IP: 69.51.5.225 (highspeedweb.net)

    Spam was relayed though microsoft.com on IP 40.107.11.91
    And the spammer was using the IP address of 92.204.249.46
    to send out this garbage.

    (velia.net / hosteurope.de) (AS29066)

    https://www.cidr-report.org/cgi-bin/as-report?as=AS29066


    Another day and yet more abuse where wix.com continues
    to be used as a redirect for the spammer's websites.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)