 Pages: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All |
 Author |
 Pharmacy express (currently 39,542 views) |
| invic |
| Posted on: Monday, May 22nd, 2006, 11:05am |
 |
|
Posts: 2
|
| I recently received 32 emails in one day from Pharmacy Express. And have come to some of the same conclusions as you. I've contacted both Visa Canada and Visa USA to alert them of the probable misuse of their "Visa Verified" certificate on the Pharmacy Express website. I've been trying to get some information on Palm Grove House in Tortola. It seems there are several apparently normal businesses that have exactly the same PO Box. I had no idea what to make of that. Is there any way I can assist you on waging war on these people? |
|
|
|
|
|
| invic |
| Posted on: Tuesday, May 23rd, 2006, 1:39pm |
|
|
Posts: 2
|
This is Visa's position on supporting Consumer Fraud...at least so far
Thank you for your inquiry. Visa sets high standards for all its products and services; however, the fact that a merchant displays the Visa logo or uses it on a Visa sales draft, does not indicate that Visa endorses the merchant, nor does it guarantee the quality of goods or services purchased from the merchant.
To verify the legitimacy of a business, you may wish to contact local and regional organizations, such as the trade licensing bureaus, to inquire. In addition to the above, you may wish to contact your internet service provider regarding any emails you receive that you believe to be spam.
We hope this information is useful.
Thanks for writing.
Visa.ca Webmaster |
|
|
|
 |
Reply: 1 - 181 |
|
|
| tman |
| Posted on: Monday, May 29th, 2006, 2:50pm |
|
|
Gender:  Male Posts: 36 |
I've been lately recieving spam from "My Canadian Pharmacy" which looks much slicker than Pharmacy Express. They have a wierd "we do not spam and pursue those who spam in our name so please report them here." (surrrre they do!)
They boast on being "certified by the Better Business Bureau." Here's a link to the report on them:
http://www.bbbmwo.ca/commonreport.html?bid=1134034
One of the alias names they give for "My Canadian Pharmacy" is.....surprise! "Pharmacy Express."
The BBB also states that they are "unreachable by mail or phone," so any addresses appear to be a front.
A bunch of nice, respectful businessmen  |
|
|
|
|
Reply: 2 - 181 |
|
|
| tman |
| Posted on: Monday, May 29th, 2006, 2:54pm |
|
|
Gender: Male Posts: 36 |
This is Visa's position on supporting Consumer Fraud...at least so far
Thank you for your inquiry. Visa sets high standards for all its products and services; however, the fact that a merchant displays the Visa logo or uses it on a Visa sales draft, does not indicate that Visa endorses the merchant, nor does it guarantee the quality of goods or services purchased from the merchant.
To verify the legitimacy of a business, you may wish to contact local and regional organizations, such as the trade licensing bureaus, to inquire. In addition to the above, you may wish to contact your internet service provider regarding any emails you receive that you believe to be spam.
We hope this information is useful.
Thanks for writing.
Visa.ca Webmaster |
I hate those kind of generic responses. In otherwords, it looks like they don't care about doing anything--probably because there's just so much of it, and it's hard to track these crooks down. It's disappointing to get that kind of response--maybe if victims of this company would launch lawsuits against VISA for not trying to stop them when they knew about it, that would encourage the credit companies to do their part to put an end to these scams. |
|
|
|
|
Reply: 3 - 181 |
|
|
| admin |
| Posted on: Monday, May 29th, 2006, 8:22pm |
|
|
Administrator Group
Posts: 15
|
I recently received 32 emails in one day from Pharmacy Express. And have come to some of the same conclusions as you. I've contacted both Visa Canada and Visa USA to alert them of the probable misuse of their "Visa Verified" certificate on the Pharmacy Express website. I've been trying to get some information on Palm Grove House in Tortola. It seems there are several apparently normal businesses that have exactly the same PO Box. I had no idea what to make of that. Is there any way I can assist you on waging war on these people? |
Thanks for stopping by the site and offering to post info. There seems to be alot of debate on the legitimacy of this Tortola address. It looks like they are actually part of a company in Canada ("Pharmacy") that according to the Better Business Bureau, they cannot locate. These guys have to be total crooks. I've wondered what happens when someone actually orders from them--do they really deliver product?
Probably the most aggressive stance you can take against these spammers is to report them directly to their home state Attorney General (Links are on the links page of this site). The Attorney General and/or Federal Trade Commission are the only ones that can actually go after and prosecute these people, and the more complaints are filed against them by different people, the sooner thay may take notice. Alot of spammers will try to get around the idea that spam in most cases itself isn't technically "illegal," and is only now starting to be prosecuted as a crime in itself, but deception, misrepresentation, failure to deliver goods or services definately IS illegal.
|
|
|
|
|
Reply: 4 - 181 |
|
|
| mr_d |
| Posted on: Tuesday, May 30th, 2006, 2:02am |
|
|
Posts: 3
|
Pharmacy Express has been spamming since 2004 back when it used servers based at Kornet in Korean.
In 2005 they added servers in Hong Kong and China. Now they use servers (or zombie PC's) all over the globe. They changed names many times since 2004 but you can tell it's the same place based on repeated Email patterns that progress over time such as their HTML and formatting tricks. Sometimes their sites don't even display a real name. They just highlight a word and stick a temporary embedded web link on it such as:
Online Meds Store
PharmacyByMAlL SSH0P
MEDlCATIONS By MAIL SHOOP
PHARMACY-BY-MAIL SHOP
MedzMail Shop
PiIlsOnline Store
PharmOnline Shop
Visit our Site
Try Viagra
Hi
V A L / u M
V / a G R A
M e R / D / A
S O m &
A m B / E N
I have a record of their sites going back to 2004.
It appears they started calling themselves Pharmacy Express around Oct 2005.
Pharmacy Express is the same place as Premier Pharmacy.
They each have hundreds of sites and the sites are often identical except for the name. I don't visit most links they send but I do record data about each link and promptly report them to their registrar, host network, etc.
Canadian Pharmacy (an equally abusive spammer) shares DNS servers with Pharmacy Express on occasion but for the most part they use different web servers and DNS servers. Perhaps they use the same "spammer network" (it's called China) so their paths cross on occasion. Canadian Pharmacy also tends to use geocities.com redirects to hide their sites while Pharmacy Express typically does not.
For a while Pharmacy Express had ties with LongZ enlargement Pills and MegaPower Pills sites and they were really bad for a while. Fortunately those sites appear to have closed or moved.
Pharmacy Express maintains about 40 DNS servers at all times (that I know of) with a few getting shutdown daily and others coming online just as quickly. Some of the IP's they use host hundreds or even thousands of sites. I can only provide info on the ones that were sent to me personally, which averages 25 to 40 new, unique sites per month from this spammer.
Try the reverse IP lookup tool at http://www.domaintools.com (that's the new name for whois.sc). Some spammer IP's host 60,000 sites, if that's possible.
Pharmacy Express changes their IP address 2-3 times a week in groups of 10-15 sites, typically concentrating on keeping the newest sites moving until they get shutdown. Some sites run undisturbed for months while most appear to run a few weeks and they move on.
They typically use each registrant name one time. They may harvest these off the Internet since they tend to be unique. Sometimes the data matches the info of real people and businesses. 95% of the registrants use a fake Yahoo Email address with their fake phone number, etc.
They tend to use Yesnic.com as the registrar for their DNS servers. Yesnic doesn't reply or act timely enough to have any effect but they do eventually terminate the registration of some sites after months of abuse.
Contrairy to this, their web site registration is spread across a dozen foreign registrars such as
ENOM, INC.
Yesnic.com
BULKREGISTER, LLC.
LTD D/B/A PUBLICDOMAINREGISTRY.COM
ONLINE SAS BookmyName
HICHINA WEB SOLUTIONS (HONG KONG) LIMITED
XIN NET TECHNOLOGY CORPORATION
and many others. They choose registrars who do not have an abuse policy or who have support pages written in Chinese to make reporting difficult. Even the US based registrars such as GO DADDY SOFTWARE, INC. are irresponsible in this regard as they reply to repeated abuse from their customers with a letter saying they are "only" the registrar and they will continue to register sites to this spammer.
I hope someone can use this info and help the situation. If I posted all the info I have it would fill many pages so I will close for now. If anyone wants a detailed listing of their DNS servers, IP addresses, registrant names, SMTP Headers and server names with dates going back to 2004 or 2005 I can post more info.
Looking at DNS info you can tell that similar sites such as "My Canadian Pharmacy" (also called "International Legal RX") is a separate spammer with their own sites and servers.
As a primer, here is a sample of Pharmacy Express info.
Some of their sites changed IP's 8-10 times and are still running. Most of these are active. Older sites that are on registar-hold have been omitted to save space.
Pharmacy Express recent site list:
5/28/06 http://www.yunmounbertu.com 211.144.69.243
5/27/06 http://www.fitingack.com 211.144.69.243
5/26/06 http://www.dikintansderfun.com 211.144.69.243
5/25/06 http://www.sekisometi.com 211.144.69.243
5/25/06 http://www.numzaisundes.com 211.144.69.243
5/24/06 http://www.arcothene.com 211.144.69.243
5/23/06 http://www.bullkelaidesion.com 211.144.69.243
5/22/06 http://www.wozawukelans.com 222.77.187.146
5/21/06 http://www.bexiahekess.com 211.144.69.243 222.77.187.146
5/19/06 http://www.balerutezalod.com 211.144.69.243 222.77.187.146
5/19/06 http://www.eveyearo.com
5/19/06 http://www.zaxuleqinsertu.com
5/17/06 http://www.didothikes.com
5/17/06 http://www.balasintersver.com
5/16/06 http://www.jernifersactis.com
5/15/06 http://www.foroverear.com
5/15/06 http://www.sututerfuins.com
5/13/06 http://www.heltefenskalls.com
5/13/06 http://www.mubuiterfu.com
5/12/06 http://www.upomeres.com
5/11/06 http://www.devalusaare.com
5/10/06 kolafahrovan.com
5/9/06 dopalokusar.com
5/8/06 http://www.kilutasso.com
5/6/06 http://www.nesparizapen.com
5/5/06 http://www.temaferte.com
5/4/06 http://www.embasarokal.com
5/4/06 http://www.essanears.com
5/3/06 http://www.nomaicedin.com
5/3/06 http://www.ultavoferak.com
5/2/06 http://www.4cus2mer.com/ms
5/1/06 http://www.vanteweks.com
4/30/06 http://www.popuariso.com
4/29/06 http://www.theekretalaxner.com
4/28/06 http://www.terainital.com
4/26/06 http://www.istolentie.com
4/25/06 http://www.aremadeto.com
4/24/06 http://www.efnerebizal.com
4/23/06 http://www.diminobag.com
4/23/06 http://www.hikiamoun.com
4/21/06 http://www.anngelad.com
4/20/06 http://www.JewensaKeoa.freeservers.com
4/19/06 http://www.volaserhumex.com.
4/18/06 http://www.amteribasoncey.com
4/17/06 http://www.holiddesi.com
4/14/06 BULASIMERNOKUL.COM
4/12/06 http://www.incogusten.com
4/9/06 trapalivazolin.com
DNS servers:
NS0.MAOMAREGI.COM 218.62.89.29
NS0.MANOTHAVE.COM 222.208.183.164
NS0.ANOTHEGISA.COM 202.103.178.125
NS0.SIGUMEBERSI.COM 219.153.19.40
NS0.TORESINATO.COM 202.103.178.125
NS0.RAPIEXANSI.COM 222.60.14.242
NS0.LASROMTEA.COM 202.103.178.125
NS0.POLTRAINI.COM 202.103.178.125
NS0.RESTANRELTI.COM 222.52.1.11
NS0.SETORELLE.COM
NS0.WINGELA.COM
NS0.TIMOPOTED.COM
NS1.FREESERVERS.COM
NS2.FREESERVERS.COM
NS4.TRISLUCAT.COM
NS2.TONOBEARO.COM
NS0.ANLINHOLI.COM
NS0.HETRIEDIS.COM
DNS2.ASETANTIC.COM
DNS1.ASETANTIC.COM
DNS1.EIGHOURI.COM
NS0.FESTIVAINURO.COM
NS0.AIRALLON.COM
NS0.TREATENSON.COM
NS0.ATTEPONTAI.COM
NS0.THAPICURESE.COM
NS0.TIVICENE.COM
NS1.AREVERE.COM
NS2.AREVERE.COM
NS3.AREVERE.COM
NS6.AREVERE.COM
NS0.ALROMALVI.COM
NS0.TANISIGER.COM
NS0.TONCEREAN.COM
NS0.NEVEPOSTE.COM
ns0.chapithiso.com
NS0.COURTANPA.COM
NS1.PUREDNS.COM
NS2.PUREDNS.COM
NS0.AIRAMISU.COM
NS0.EBANTENE.COM
NS0.HOWODEAL.COM
NS0.ROSETTARKIN.COM
DNS7.VISIONNEW.COM
DNS5.VISIONNEW.COM
NS0.GISATOCAT.COM
[color=purple][/color] |
|
|
|
|
Reply: 5 - 181 |
|
|
| tman |
| Posted on: Wednesday, May 31st, 2006, 12:31pm |
|
|
Gender: Male Posts: 36 |
Yet another alias for "Pharmacy."
Pharmacy Corp.
1916 North Church Street
Layton, UT 84040
This time they call themselves "International Legal RX medications" with all the same "Verified by the BBB" and contact form info as "MyCanadianPharmacy." Who knows if this address even means anything.
This one was spammed as http://lfjkpd.lamcentral.info/legalrx/
ADMIN NOTE: Address listed for Pharmacy Corp. appears to be a Sod Farm. Address most likely a fake. The Sod Farm is probably a victim as well. |
|
|
|
|
Reply: 6 - 181 |
|
|
| TomS |
| Posted on: Monday, June 5th, 2006, 2:48pm |
|
|
Guest User
|
SiteAdvisor is a web site rating service (see http://SiteAdvisor.com for details) that alerts users to problem sites when they visit one. The alert comes from a browser plug-in that reads the URL and does a remote database lookup in real time.
Most ratings are derived from automatic metrics produced by web crawlers and spam monitors. However -- they also allow any individual to post human reviews that get dialed into the overall score.
A number of SA reviewers have been tracking International Legal RX, Comfort RX, Pharmacy Express, US Drugs, etc. If you want to check a URL to see if it's already tagged, the SiteAdvisor page lets you look up a site. If you get a Spam, please add your comment to the SA reviews.
Here is an example of one recent post:
http://www.siteadvisor.com/sites/zoneskin.info |
|
 Logged |
|
|
 |
Reply: 7 - 181 |
|
|
| rob w |
| Posted on: Thursday, June 22nd, 2006, 6:26am |
|
|
Guest User
|
MyCanadianPharmacy, as far as I can tell-
IP 195.141.149.161
According to webhosting.info, there are 7 domains at this IP. All of them hosted by an Andy Lambe (Lambe Solutions). His websites are-
1 ANDYLAMBE.COM.
2 ATLANTICLIFEQUOTE.COM.
3 CCIPNG.COM.
4 LAMBEFINANCIAL.COM.
5 LAMBESOLUTIONS.COM.
6 PEICREDITBULLETIN.COM.
7 PEILIFEQUOTE.COM.
email is-
support@lambesolutions.com
Robert Wright
rob@comdetroit.com
http://www.comdetroit.com
http://www.comdetroit.net
ADMIN NOTE: After receiving communication from the above mentioned company, I am convinced that they were a victim of a hacked server. They stated they have switched hosting companies, and that their web site security is tightened. It is believed that they were in fact victimized by the spammer, and have nothing to do with Pharmacy Express, etc. Therefore, their contact info is being distorted on this site. |
|
| Logged |
|
|
|
Reply: 8 - 181 |
|
|
| tman |
| Posted on: Friday, June 23rd, 2006, 12:00am |
|
|
Gender: Male Posts: 36 |
That's very interesting.....At first I thought you were on the wrong track with that IP and Lambe, since the Lambe site seems innocent enough. Then I found this: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL42590
That IP is listed on their Register Of Known Spam Operations, and according to them, the IP is used to host image files that are referenced from the spamvertised URL's for various pharmaceutical spam.
One of the things that spammers do is try to hack into other web servers and make their own directory to host their spam, and of course victimizing the server owner with the mess they create. While that's certainly possible here, it doesn't explain why images are STILL present at this IP address, and how they are hosted on Port 8080 (as far as I know, unless your server is WIDE WIDE WIDE open), the average hacking attempt isn't going to be able to open up a different port on that server for hosting (they wouldn't need to anyway).
Looks like, at the very least the folks at Lambe have some explaining to do as to why they're listed as a spam operation.
That being the case, it would be quite stupid to have any site so easily link them to the spams with their full contact info on the same IP as the IP used for spamming.
Again, very interesting.
ADMIN NOTE: After receiving communication from the above mentioned company, I am convinced that they were a victim of a hacked server. They stated they have switched hosting companies, and that their web site security is tightened. It is believed that they were in fact victimized by the spammer, and have nothing to do with Pharmacy Express, etc. Therefore, their contact info is being distorted on this site. |
|
|
|
|
Reply: 9 - 181 |
|
|
| rob w |
| Posted on: Friday, June 23rd, 2006, 6:50am |
|
|
Guest User
|
If you viewed the source on the MyCanadianPharmacy page, the Lambe Solutions IP address is in every image source. I emailed Lambe Solutions twice about this. The first time was to let Lambe Solutions know that they need to put a stop to it. The second time was a courtesy copy from the email I sent to-
webcomplaints@ora.fda.gov
I received no reply however, today I tried to access these websites that were sent to me and none of them work! I went to my email trash and tried some of the others and none of them work. Somebody must have done something.
Rob Wright
rob@comdetroit.com
http://www.comdetroit.com
http://www.comdetroit.net
ADMIN NOTE: After receiving communication from Lambe Solutions, I am convinced that they were a victim of a hacked server. They stated they have switched hosting companies, and that their web site security is tightened. It is believed that they were in fact victimized by the spammer, and have nothing to do with Pharmacy Express, etc. Therefore, their contact info is being distorted on this site. |
|
| Logged |
|
|
|
Reply: 10 - 181 |
|
|
| comdetroit |
| Posted on: Friday, June 23rd, 2006, 8:40am |
|
|
Gender: Male Posts: 52 |
| Well, I got spammed again. It seems they are back (mycanadianpharmacy) and the images are still hosted at Lambe Solutions. I will email them every time I get garbage from these people. |
Everything Internet
http://www.comdetroit.com
Detroit Area
http://www.comdetroit.net |
|
|
|
 |
Reply: 11 - 181 |
|
|
| comdetroit |
| Posted on: Friday, June 23rd, 2006, 9:05am |
|
|
Gender: Male Posts: 52 |
I have phone numbers for Andy Lambe and Assoc.
1-877-433-8***
I called them. They stated that the webhosting portion is owned and operated by Andy Lambe's son. I informed the person I talked to that a major spammer has their images hosted at their IP address. They stated they did not know this was going on. This person seemed genuinely concerned.
ADMIN NOTE: After receiving communication from the above mentioned company, I am convinced that they were a victim of a hacked server. They stated they have switched hosting companies, and that their web site security is tightened. It is believed that they were in fact victimized by the spammer, and have nothing to do with Pharmacy Express, etc. Therefore, their contact info is being distorted on this site. |
Everything Internet
http://www.comdetroit.com
Detroit Area
http://www.comdetroit.net |
|
|
|
| |
Reply: 12 - 181 |
|
|
| Hamish |
| Posted on: Friday, June 23rd, 2006, 1:04pm |
|
|
Posts: 2
|
 Thank Heaven I have discovered this site to share the same feelings with you folks about Canadian Pharmacy or whatever they're called this week. I, too, have received loads of spam from this outfit - usually in a bluey-gray box with http://BoomBather or http://CLoseDLow or http://BlastCanvas inside this box plus the Cialis, Viagra bullshit and offers. They come in other forms too - anyone get a http with "hitcher" or "createline" in the name???
Now, TBH, I'm probably the last bloke on this planet who's computer illiterate - think "monkey at the controls of a Boeing 747"  but I have used spamcop and the tools menu and have reduced my daily emails from about 100 down to circa 8 to 13 a day.
After using spamcop, I get replies from everywhere - Lithuania to Australia to France to Belgium and so on plus replies from Comcast/Earthlink etc - all, what I believe are called, Site Administrators.
I notice, too, that they have FDA (Federal Drug Authority?) at the bottom of their home page - yeah, I tried the "report scam" forms - silly me. Like VISA, does the FDA know about this and, if so, are they doing anything about it? I have reported these spammers to them. Surely, a body like the FDA would be miffed when they are cited as "approving" this scam. There are others at the base of the homepage too but hard to make them out.
Any of the above make sense or ring a bell?
Hamish aka Noel Gannon, East Galway, IRL - "the last of the internet virgins" LOL |
|
|
|
|
Reply: 13 - 181 |
|
|
| TJ |
| Posted on: Saturday, June 24th, 2006, 5:58pm |
|
|
Posts: 1
|
My Canadian Pharmacy is currently using:
195.141.149.161 - 161-sn-4-be.pchighway.com
in Switzerland to source images for their target web site
http://www.dottcare.info
I have asked site support to remove the files and close any security hole that may have been created. |
|
|
|
|
Reply: 14 - 181 |
|
Pages: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All |
Locked Board