Welcome, Guest. Please login or register.
Tuesday, May 21st, 2013, 8:52pm
Home Help Calendar Search Register Login

Forum Login
Username: Create a new Account
Password:     Forgot Password

 Board Index    Spam    The Latest Offenders  ›  Pharmacy express
Users Browsing Forum
MSN Bot and 0 Guests

 Pages: « 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All
Recommend Print
  Author    Pharmacy express  (currently 13,264 views)
had_enough
Posted on: Sunday, July 23rd, 2006, 3:35pm Report to Moderator
New Member


Posts: 4
Has anyone got a valid email address for Pharmacy Express?  If so, please post it here and we can all start forwarding their spam emails to them.
Logged Offline
Private Message Reply: 45 - 181
Tony Hoyle
Posted on: Sunday, July 23rd, 2006, 7:04pm Report to Moderator
Guest User
I've been plagued by these idiots - they've been sending from hundreds (thousands?) of ISPs with their vlzagra vzlagra, etc. spams.  Spamassasin scores them very low (highest has been 2.5, and that's only because razor matched it).

I received over 50 in my inbox today, plus another 30 odd on my mailing list, which has been open to everyone for 5 years and is now members only simply because of this burst of spam (considering closing it entirely.. I won't become a spammer by proxy by forwarding this crap).

Up until last week I thought I had the problem licked.. maybe got a couple of spams a week past the filters.. nothing I couldn't handle.. now it's like they've found the magic formula for avoiding them and TBH I'm half way to installing something obnoxious like TMDA on my main account to shut the bastards up. .
Logged
e-mail Reply: 46 - 181
spike
Posted on: Tuesday, July 25th, 2006, 2:09am Report to Moderator
New Member


Posts: 2
Hi just found yhis site, what a relief not to be fighting these people alone. A few thoughts of my own. Seeing Canadian Pharamacy uses a Canadian address, it is up to the Canadian Goverment to deal with it. I contacted them, there is an anti-spam law but they didnt seem to be bothered. I am in the UK and have asked my Member of Parliament to raise the matter. Luckily I know her personally so fingers crossed.
I complain about every spam e-mail i recieve, (400+ one day), if enough complaints are made the industry will need to deal with it, they have the resources availabe to them.
Never thought about contacting visa, if the pharmacy corp registered office does not excist then it is surely fraud. if visa is told of this and do not act, they are condoning it.
From my experience in local politics if you become a bigger nuisance than the problem, people in authority will deal with the problem
     
Logged Offline
Private Message Reply: 47 - 181
chascas
Posted on: Tuesday, July 25th, 2006, 6:08am Report to Moderator
Guest User
Look at this! At the bottom of Pharmacy Express webs say
"© 2006 PharmacyExpress.com All Rights Reserved."

It could be a fake but if you investigate this web you can find some connections
http://www.pharmacyexpress.com/Default.aspx

It's a pharmacy or chemistry company from New Zeland and they have got an email in a image, probably to avoid "their own" spam.

Maybe we have got a valid email!
sales@PharmacyExpress.com

Sorry my poor english.
Logged
e-mail Reply: 48 - 181
tman
Posted on: Tuesday, July 25th, 2006, 6:19pm Report to Moderator
Frequent Contributor


Gender: Male
Posts: 36

Quoted from chascas (Guest)
Look at this! At the bottom of Pharmacy Express webs say
"© 2006 PharmacyExpress.com All Rights Reserved."

It could be a fake but if you investigate this web you can find some connections
http://www.pharmacyexpress.com/Default.aspx

It's a pharmacy or chemistry company from New Zeland and they have got an email in a image, probably to avoid "their own" spam.

Maybe we have got a valid email!
sales@PharmacyExpress.com


I've seen that site before too, but I have a strong feeling it is not the same Pharmacy we are dealing with.  They don't seem to sell the same products, and have a full customer log-in area, not just typing your credit card in.
One of the things these "companies" like to do is to name themselves fairly generic names that would likely be someting others would have, which makes it hard to find them  (Pharmacy Express, Discount Pharmacy, International Pharmacy, etc).

I doubt that this Pharmacy Express is the one we're dealing with----their site  and products are TOO different.   Also, I would think that they at least would be slapping the Verified by VISA, Better Business Bureau, Pharm Checker logos all over the place, and they do not.

At this point, it is theoried that Pharmacy Express, Discount Pharmacy, My Canadian Pharmacy, are the SAME people.  They seem to be from Canada, but even that isn't for certain at this point.
Logged Offline
Private Message Reply: 49 - 181
MarkGiles
Posted on: Wednesday, July 26th, 2006, 4:34pm Report to Moderator
All-Star


Posts: 363
http://www.pharmacyexpress.com is not one of the highly spammed Pharmacy Express sites.

The spammed ones fall under the umbrella of the same group, people like Alex Polyakov and Leo Kurayev - who are listed in ROKSO's top 10.  Their sites follow a set pattern, and have names like
* Pharmacy Express
* Discount Pharmacy
* My Canadian Pharmacy
* American Pharmacy (US Drugs)
* International Legal RX
* Special RX
* ED Choice

My Canadian Pharmacy runs on hacked machines that are connected 24 hours and have easy to guess administrator level passwords leaving them unprotected from intrusion. My Canadian Pharmacy sites even split their workload, with the html and java portion running on one hacked machine, and all of the images residing on a different hacked machine. The Name Servers for the thousands of domain names associated with these "pharmacies" are spread. This whole pharmacy scam business runs on stolen property all over the world.

The actual content on the sites is full of lies. Fake BBB certification and site awards, with links to their own site? You won't find the BBB certification or awards claimed at the relevant  BBB site.

A perusal of the Terms and Conditions shows them in flagrant breach of US and Canadian Drug Administration regulations, and that their drugs are sourced from India. When you see the lack of quality control in their spamming campaigns, and their stolen resources for the web sites, can you imagine their attention to quality control in the drug manufacturing process?

The site claims to be secure, so you should feel confident entering your credit card details on the ordering screen. But note that the ordering screen is neither https nor SSL. You can see all these lies for yourself.

Millions of spams per week are sent promoting the pharmacy suite of websites. The spamming runs themselves, are also typically generated fro m spam-bots, again on illegally hacked and hijacked machines.

Anyone who is incredibly stupid enough to actually order product from such an obviously illegal operation, and thinks that they will get real pharmaceuticals, must be from a different planet.

Let the buyer beware.
Logged Offline
Private Message Reply: 50 - 181
mr_d
Posted on: Wednesday, July 26th, 2006, 11:30pm Report to Moderator
New Member


Posts: 3
Hi Guys.
I found out their contact info by filling out an order form with fake info.
Here it the contact info they supply to their customers:

support@pillsuitesupport.com
1-888-241-8489
1-888-242-0845

I also found out what appears to be the main site that handles their orders and user accounts right now located at:

http://www.hsuite.com.

Maybe we should be reporting that site instead of all the temp ones.

If you fill out the order form on a Pharmacy Express site with a properly formatted (but invalid) credit card number you can sometimes get to the order confirmation screen that takes you to hsuite.com  

Credit card numbers have to pass basic formatting tests calculated from a LUHN formula.  There is info about that on the net.   The invalid but properly formatted CC number gets passed on to VISA who will deny it but at least they see invalid orders from this spammer.   If enough people bug them VISA may decide it's not worth working with these spammers.  

Their may be considerable value in annoying them with fake orders.  
You can fill in real looking data so they waste time trying to figure it out.
You can also fill out fake info or detailed info about the spammer that may get to VISA when they process the Credit Card.

Orders placed on Pharmacy Express sites redirect to this site:

http://www.hsuite.com
Site title:  User Center
Company logo:  RX-SERV.COM
IP address  211.144.68.69
Name Server: NS0.HTTPHARM.COM
Name Server: NS1.HTTPHARM.COM

That site has remained constant for 2 weeks so it's not the same as their other sites that dissappear after a couple days.

Here is the dialog from a completed order:

"We appreciate your choice and are glad to see you among our customers!
All the data regarding your order was sent to the e-mail address mentioned in the registration form, but we would recommend you to save the order ID of your transaction for further queries. Your order ID is RX00002-042354. Please print and save the information from this page.

All your questions about the delivery period, bank statement and similar queries connected with the billing services you may address our support team using the e-mail address support@pillsuitesupport.com or by call (toll free numbers: 1-888-241-8489 or 1-888-242-0845). We guarantee the response to your emails within 24 hours.

There is an opportunity to see your purchase status with all the needed information concerning your order at user center. By using user center you can speak with our support representative online. Your user center account available at http://www.pillsuitesupport.com/cgi-bin/userCenter/login.cgi ? userLogin = cULeNtar & userPassword = wOptingE.

You are granted a 20% discount for all other purchases you will make with us. To take part in the programm and use your discount, please, use this link: http://www.pillsuite.com/index.asp ? userLogin = cULeNtar & userPassword = wOptingE
Please note that the delivery may be carried out up to 40 days.




.......................................
PS.... and here is a recent site list. these are all the same site.
All on  211.144.68.87
Last week all were on 211.144.68.67

7/26/06     http://www.cadafuhertion.com
7/26/06     http://www.liakertadecaswa.com
7/26/06     http://www.tikerandevali.com
7/26/06     http://www.patertunherwa.com
7/26/06     http://www.leanveracesa.com
7/25/06     http://www.eankertandecase.com
7/25/06     http://www.ubeplease.com
7/25/06     http://www.toknothat.com
7/25/06     http://www.topbentest.com
7/25/06     selinisa.com
7/24/06     http://www.otreseacetion.com
7/24/06     http://www.plentosto.com
7/23/06     http://www.itilessine.com
7/23/06     http://www.terulikaseracaxe.com
7/23/06     http://www.cikeraviolasexa.com
7/23/06     http://www.xinfadesatin.com
7/22/06     http://www.vertadexase.com
7/22/06     http://www.arriesatte.com
7/21/06     http://www.kasedetance.com
7/21/06     styliseen.com
7/20/06     http://www.qatapoleraveda.com
7/20/06     nitergandecin.com
7/20/06     http://www.paseradefa.com
7/20/06     http://www.ketanyancase.com
7/19/06     http://www.fectoppor.com
7/19/06     http://www.tecounrsie.com
7/18/06     http://www.xolertandefaceda.com
7/17/06     http://www.teenicoro.com
7/17/06     http://www.tavionmersa.com
7/16/06     http://www.sidotisla.com
7/15/06     http://www.jerawounaeda.com
7/14/06     http://www.wezaceofunter.com
7/14/06     http://www.adisolash.com
7/14/06     http://www.xeawilention.com
7/13/06     http://www.ceaditove.com
7/13/06     http://www.ranasstais.com
7/13/06     http://www.tolinootec.com
7/13/06     http://www.ikertuncerase.com
7/12/06     http://www.telinemaik.com
7/12/06     http://www.hutefadaze.com
7/12/06     http://www.wotaferin.com
7/11/06     http://www.aninmano.com
7/11/06     http://www.guioertace.com
7/11/06     http://www.pasazedocer.com
7/10/06     http://www.clossupevi.com
7/9/06     http://www.miladimaruz.com
7/9/06     http://www.morgadomolon.com
7/9/06     http://www.estilandoc.com
7/9/06     http://www.isafethen.com
7/8/06     http://www.rubakodaf.com
7/7/06     resoritbe.com
7/5/06     landetungertanka.com
7/5/06     catemis.com
7/4/06     uadesaxecoin.com
7/4/06     anpulicar.com
7/3/06     nijanderuynhaewa.com
7/3/06     uadesaxecoin.com
7/2/06     rohadesfunvers.com
7/1/06     lanvertunjased.com
7/1/06     aturalabur.com
6/30/06     penofarsan.com
6/29/06     omiambell.com
6/28/06     vicesandani.com
6/28/06     zanekesdona.com
6/27/06     vasezoceoms.com
6/26/06     stedatlan.com
6/25/06     http://www.kimanuhetunade.com
6/24/06     http://www.assansit.com
6/23/06     doforeval.com
6/23/06     voyskojasa.com
6/22/06     poureole.com
6/21/06     baderunhertuna.com
6/21/06     dasetunhandecas.com
6/20/06     lumunherfans.com

It's strange that most of their DNS servers are on Registrar-Hold but they keep using them anyway, and their drug sites seem to still be working.....

Pharmacy Express DNS Server list from July 2006:

NS0.AVEABAST.COM     211.144.68.59
NS0.CANGEMOVE.COM     211.144.68.67
NS0.WITHOMM.COM     211.144.68.59
NS0.MORANAPPY.COM     221.231.139.31
NS0.ANGAMLACE.COM     211.144.68.59
NS0.VESARHOTTO.COM     218.104.136.232
NS2.BLOWIFOM.COM
NS2.MASKELIBASON.COM
NS0.LINESORETE.COM
NS0.HOTEAREKET.COM
NS9.INDIAHOST.BIZ
NS10.INDIAHOST.BIZ
NS0.STROTICCUTU.COM
NS0.ORINALUCH.COM
Logged Offline
Private Message Reply: 51 - 181
MarkGiles
Posted on: Thursday, July 27th, 2006, 3:52am Report to Moderator
All-Star


Posts: 363
Join the campaign. Copy and paste these entries in an email to the administrators of the IP addresses being used.

Current sites running Pharmacy express:
Addresses: 211.144.68.67 211.144.68.87
The owner of the IP range is in China, complaints go to -
http://www.dnsstuff.com/tools/whois.ch?ip=211.144.68.67&server=whois.apnic.net&email=on
person:       Guifei Pang
e-mail:       mavis_1010@163.com

person:       Yuening Yin
e-mail:       legendlemon@163.com

acomortale.com, aelioertuncae.com, akeabeeli.com, aliadesidu.com, allerpecta.com, almopere.com, alovertos.com, alrentone.com, amegiareg.com, anagepali.com, anaitson.com, anawagrave.com, anesaveem.com, anetorace.com, aninmano.com, anpulicar.com, ansedeman.com, antickerte.com, antirsteek.com, apitabiza.com, aporabero.com, aritectran.com, arlymmile.com, arteibitio.com, asimpresse.com, assansit.com, aterparkis.com, aturalabur.com, aundandecion.com, baderunhertuna.com, baterganfionsa.com, beispead.com, bertunganes.com, bescanxre.com, bikoucan.com, binutesriec.com, blesvaris.com, blostuggle.com, boardemore.com, bocadefunhaxes.com, bokacertandefa.com, bolindaweslio.com, buganderunfadex.com, buhanxercas.com, bulouseace.com, caderutandecon.com, camaitim.com, casexaseza.com, catemis.com, ceaditove.com, ceanromai.com, celebrilik.com, cerandefuntions.com, cervasedalion.com, citaments.com, coastinut.com, conidenate.com, connuingey.com, contisleas.com, cotlaglan.com, creivegeni.com, cutionferunba.com, cyclinoist.com, dasetunhandecas.com, dasoukancruse.com, distristen.com, dontowan.com, dujapilasen.com, dupalerikason.com, ecornofit.com, elebratees.com, elintesan.com, emaibacto.com, emptionto.com, emracethe.com, enamarut.com, endocember.com, entuscany.com, eperestay.com, epronneci.com, esitedetem.com, estilandoc.com, etaurasion.com, etionferaces.com, eunmacionre.com, famifrien.com, fastansimp.com, fecitipors.com, fistasemi.com, fonakilastoe.com, forearsago.com, funakolacomas.com, gallerinte.com, gesanais.com, geteryndapo.com, givoasafe.com, guioertace.com, gunertopin.com, gunfertanser.com, gunrandescunxa.com, hagraisone.com, hankounxe.com, hawodetukaxe.com, hedacilepadeca.com, helinailla.com, henostan.com, herfagunbas.com, hertungade.com, hezaruinve.com, hoteinlue.com, hotsotrom.com, hounjandex.com, hounkanjndase.com, hunertanceaxe.com, hunterungeas.com, hutenadecaseza.com, icaestauran.com, ifferentace.com, ikertuncerase.com, ilesewasin.com, imolearn.com, imontripas.com, indotemare.com, inuterom.com, isafethen.com, isiunurin.com, islansonly.com, islothos.com, jametunhawer.com, jenadescexasez.com, jenfandewunte.com, jerawounaeda.com, jergasedax.com, jitunfewaqero.com, juheyadopilans.com, jukacexasezo.com, kahescaxesaru.com, kangeoutex.com, kebadasecaxeza.com, kelanhuyertde.com, kerfanwunades.com, kerfousawer.com, kermancasexaz.com, kertungandeca.com, kertunherfan.com, kerundacase.com, keunwoert.com, kijunosae.com, kiladesujerunde.com, kilaherancuinx.com, kimanuhetunade.com, kinhyandefance.com, kiuyertbdes.com, kounhenfus.com, lafonmertuganwe.com, lainietam.com, laioknderttn.com, lamakevirol.com, lanafuhacexaseza.com, landetungertanka.com, langetunfade.com, lanvertunjased.com, lasedacasiona.com, lasexcazker.com, lawenterufan.com, lazexionvertin.com, legancean.com, leoperteas.com, leramuiontes.com, lerfadescasw.com, lertunhawes.com, lesdancaxesz.com, lesonipro.com, lessanapo.com, leteptungefa.com, lewamersde.com, licingothe.com, liesiendia.com, ligtofery.com, likuheyafe.com, limokunherubes.com, lineecoast.com, liokande.com, liokandefun.com, lionberpertun.com, loasukertyn.com, lopadijafon.com, lopmentalon.com, lumunherfans.com, lundewans.com, lurunhamoindes.com, mafunertundaces.com, mailadefans.com, makidone.com, malinoviray.com, malisaborin.com, malisakol.com, matungertunc.com, megahukadoop.com, mentadmon.com, merakiladefanver.com, mericarn.com, mieationa.com, mieslogan.com, miseedo.com, mivazujake.com, modkluhasek.com, modorabi.com, moikujerfaeca.com, moiunyerfane.com, morgadomolon.com, moshiortoc.com, mounkenwas.com, moutanfoun.com, murandionce.com, muzakopadet.com, naherunfadesa.com, naplerokna.com, natualarbo.com, nearater.com, neateton.com, nijanderuynhaewa.com, nikandertunfades.com, nisiafaste.com, nitaderungancas.com, norttisans.com, nounfanters.com, nuradokuhan.com, nurkocalow.com, ohelongan.com, oklenruntandes.com, olpartmen.com, omeredatte.com, onothuge.com, ontempora.com, opeintouris.com, openagece.com, operioswit.com, optenmaces.com, opterfuns.com, opyunterdesn.com, osortospe.com, otesetina.com, otheraum.com, otinfasewa.com, outerfeans.com, outyenfadeswoin.com, padkiodimoloh.com, paliokertunga.com, palitewasedax.com, pamnerungadetun.com, pandaterwantuns.com, pasazedocer.com, pasdelindas.com, pedacasexaze.com, pegadokilances.com, pellicarson.com, penedearly.com, penofarsan.com, peratuhasaxec.com, pewoxazecuer.com, plenopace.com, plentobar.com, poaundesa.com, polafuwexasa.com, punganrundes.com, putenfaderc.com, qefscxzatun.com, qetungers.com, qionraceiom.com, qirungandefa.com, qliondeasa.com, qualintens.com, radionkertade.com, rakelamdefa.com, randefunhers.com, rapolertandeface.com, ravelakovas.com, reathtakin.com, rebilacoben.com, relasaddic.com, resoritbe.com, resorttir.com, riondesax.com, robakilacor.com, robelosakog.com, rohadesfunvers.com, rokmodolec.com, rompalixados.com, romualifie.com, rosteacifi.com, rounfewans.com, rubakodaf.com, rudanlinke.com, rumailakodan.com, rumatoetorseb.com, rungandeoinca.com, salociomceskax.com, sanalerna.com, saounfadewon.com, sasonerita.com, satenkansre.com, searcinor.com, setunjanfances.com, shesanoud.com, sidelegani.com, sidotisla.com, siothear.com, situedonte.com, situeteten.com, slastikadupol.com, slavikasimal.com, sliverolan.com, slobaxigujar.com, slokupoasuhas.com, smapoladur.com, smopolitaca.com, sneviadlef.com, snobalopadun.com, snukfsalen.com, snupakolderiy.com, soicabeus.com, soluomendesca.com, someillio.com, sometease.com, soncemoepik.com, sopisticio.com, spornoffer.com, stabletisso.com, stedatlan.com, stikalogaser.com, stilomothe.com, tadefuhajaxeca.com, tarandefounlandes.com, teargesse.com, tekkintaki.com, teotesbut.com, teradefansuion.com, tercoinenta.com, tesandatta.com, tewealan.com, thesaidas.com, tiercetaves.com, titanicombi.com, tobizatam.com, tocasonal.com, togeeronis.com, toommate.com, toplorieta.com, torinabout.com, traditireside.com, tranenterro.com, travigolobur.com, tubolasamik.com, tudenfanwase.com, tugaderunvesa.com, tungertandeca.com, tunhertiandes.com, tvalibasodok.com, uadesaxecoin.com, unmertiondeas.com, untabilafakos.com, uonwepaou.com, uptendeans.com, usincreati.com, uvalicajoken.com, vadesujun.com, valnuhasep.com, vanesanetop.com, vanlasdrgukad.com, vasezoceoms.com, vendunteron.com, veravehei.com, vesaterco.com, vicesandani.com, villaisleni.com, visorsever.com, vohafujasen.com, vokasibaduk.com, vokeradetionces.com, volinraner.com, votundasterc.com, voungerdanse.com, vounjacasex.com, vountandwsx.com, vountrendes.com, voyskojasa.com, vudacerunfacer.com, waleokanfeun.com, wanounkintion.com, wardesfunbas.com, warunkisolie.com, watogaron.com, wepancerzase.com, weradetunhertion.com, weragokanda.com, wezaceofunter.com, wezeaotuns.com, wideicatio.com, wihotide.com, wortundanse.com, wotaferin.com, wotunfergans.com, woubanxaes.com, xanasdiloruf.com, xeawilention.com, xertunkertuion.com, xoimnetandewocas.com, xolertandefaceda.com, xosapervans.com, xundasefunterx.com, yetnfadecaxes.com, yontomahon.com, zakilpasun.com, zanekesdona.com, zaserfunkos.com, zedasecoliketuda.com, zerunfadecion.com, zodasukelinren.com, zounfertun.com
Logged Offline
Private Message Reply: 52 - 181
MarkGiles
Posted on: Thursday, July 27th, 2006, 4:02am Report to Moderator
All-Star


Posts: 363
The name servers for the above Pharmacy Express servers are all on 5 IP addresses

ns0.angamlace.com [211.144.68.59]
ns0.hoteareket.com [211.144.68.59]
ns0.withomm.com [211.144.68.59]
ns0.orinaluch.com  [211.144.68.59]
ns0.stroticcutu.com [211.144.69.243]
Again, the IP address owner for the above two is found here
http://www.dnsstuff.com/tools/whois.ch?ip=211.144.68.67&server=whois.apnic.net&email=on


ns0.linesorete.com [218.93.201.57]
ns0.vesarhotto.com [218.104.136.232]
ns0.moranappy.com [221.231.139.31]

See
http://www.dnsstuff.com/tools/whois.ch?ip=218.93.201.57&server=whois.apnic.net&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=218.104.136.232&server=whois.apnic.net&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=221.231.139.31&server=whois.apnic.net&email=on

Complaints to these IP address administrators are likely to be the most effective approach. The Internet Society of China has a mission to stamp out spam and illegal Internet merchandising.


spam@jsinfo.net abuse@jsinfo.net anti-spam@ns.chinanet.cn.net

tech-group@china-netcom.com
Logged Offline
Private Message Reply: 53 - 181
MarkGiles
Posted on: Thursday, July 27th, 2006, 5:38am Report to Moderator
All-Star


Posts: 363
In the previous listing from mr_d the sites are still all valid except

doforeval.com  404
miladimaruz.com Finest RX
nitergandecin.com Mortgage Suite
omiambell.com 404
plentosto.com = plentosto.com
poureole.com 404
qatapoleraveda.com 404
ranasstais.com 404
selinisa.com Mortgage
styliseen.com Mortgage
tolinootec.com 404
vertadexase.com 404
Logged Offline
Private Message Reply: 54 - 181
Bitterend
Posted on: Thursday, July 27th, 2006, 6:04pm Report to Moderator
New Member


Posts: 1
I have just started getting Spam from this crowd. Mailing Visa, Verisign, Pharmacy Checker, Et-all has had noe effect, these bodies just appear to ignore the problem.
I was trying to see if the address in the BVI's was real when I found you. Horray!!!
Perhaps if stuff was ordered from this bunch of morons And then a signature was refused on delivery and the stuff sent back, or taken and not signed for or otherwise obtained by deception, and Visa was made to refund the cost under their guarantee scheme then, given sufficent complaints about the company they would revoke their merchant status. If they cant take the cash - they aint got a business.
Short of going out there, finding them and beating the C**P ot of them with a baseball bat (which would make me feel better) there seems to be no recourse.
I do understand that there are some people who organise automatic mass mailings to these firms which shuts their servers down fo a period of time, but I nkow little of the mechanisim for doing this.
Logged Offline
Private Message Reply: 55 - 181
MarkGiles
Posted on: Thursday, July 27th, 2006, 6:37pm Report to Moderator
All-Star


Posts: 363
See the Spam Fighting tips and techniques topic.
Logged Offline
Private Message Reply: 56 - 181
MarkGiles
Posted on: Sunday, July 30th, 2006, 3:17pm Report to Moderator
All-Star


Posts: 363
Take the time to copy and send the mail below.

My Canadian Pharmacy Sites:
Pinging abatebig.info [221.134.127.25]
Pinging yadak.info [218.64.95.171]

Images:
http://87.106.8.105:8080/p/images/

Those are the 3 addresses to follow up on.

Sample message to Rustom_Irani@sifycorp.com and smantha@sifycorp.net

This message is to alert you to a security breach on one of your systems.

Illicit drug site "My Canadian Pharmacy" has been installed on a hacked
machine located at IP address
221-134-127-25.sify.net [221.134.127.25]

On the machine at that address you will find a directory  off the server,
called simply /p
Please remove it, and ensure that machine is made more secure from intrusion.
=================================================
Also, for the other hosting address, to hostmaster@public1.nc.jx.cn and anti-spam@ns.chinanet.cn.net

This message is to alert you to a security breach on one of your systems.

Illicit drug site "My Canadian Pharmacy" has been installed on a hacked
machine located on CHINANET, Jiangxi province at IP address

218.64.95.171

In a trace to this machine, the last three sites in the path are
..  220.177.236.238
..  220.177.236.78
..  218.64.95.171

On the machine at that last address you will find a directory  off the web
server, called simply /p
In it is the My Canadian Pharmacy web site.

Please remove it, and ensure that machine is made more secure from intrusion.
Logged Offline
Private Message Reply: 57 - 181
MarkGiles
Posted on: Tuesday, August 1st, 2006, 9:15am Report to Moderator
All-Star


Posts: 363
To close down the three major pharmacy web sites that are constantly being spammed, you need to look up the 9 whois links below, and copy this message to the technical contact email addresses you find there. The sites will be relocated, but it is worthwhile closing the existing sites out.

==============================================================

Subject:  URGENT - One of your machines has been compromised
Body Text:

Please read the following information carefully about three illegal pharmacy operations.

1. My Canadian Pharmacy (MCP)
2. International RX (IRX)
3. American Pharmacy (AP)


The perpetrator runs these operations on machines that he has hacked into, and you are responsible for one of those machines.

The IP addresses of the two hacked machines running MCP and the hacked image server are:

MCP Sites: 221.134.127.25 222.243.203.143
MCP images: 87.106.8.105


The IP addresses of the two hacked machines running IRX and the hacked image server are:

IRX Sites: 194.25.153.130 220.130.39.67
IRX images: 82.242.12.102


The IP addresses of the two hacked machines running AP and the hacked image server are:

AP Sites: 200.117.131.92 69.46.230.40
AP images: 80.86.83.166




What to look for on your hacked machine

MCP website is in directory /p/
MCP images are in this directory
http://87.106.8.105:8080/p/images/

IRX websites are in directory /legalrx/
IRX images are in this directory
http://82.242.12.102:8080/legalrx/images/

AP websites are in directory /usd/
AP images are in this directory
http://80.86.83.166:8080/usd/images/

What you need to do is to locate the machine that this crminal has hacked into, locate the directory containing his pharmacy web server infection, and remove it. You also need to make that machine more secure to avoid further hacking.


Why have you been sent this message?

These are the links to the people who own the hacked machines, including yourself.

MCP sites
http://www.dnsstuff.com/tools/whois.ch?ip=221.134.127.25&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=222.243.203.143&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=87.106.8.105&email=on

IRX sites
http://www.dnsstuff.com/tools/whois.ch?ip=194.25.153.130&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=220.130.39.67&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=82.242.12.102&email=on

AP sites
http://www.dnsstuff.com/tools/whois.ch?ip=200.117.131.92&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=69.46.230.40&email=on
http://www.dnsstuff.com/tools/whois.ch?ip=80.86.83.166&email=on

Thank you for your urgent attention to this matter.
Logged Offline
Private Message Reply: 58 - 181
JoeOhlandt
Posted on: Tuesday, August 1st, 2006, 4:07pm Report to Moderator
New Member


Posts: 2
Hello,

These jerks were using my business email address to send spam so I decided to have a little fun to get even with them.

I filled out the contact form on the web site telling them they would get the same message every day 1,000 times if they did not stop using my email address for their spam. Then I paid a local kid to sit there and send it to them 1,000 times by just clicking on the submit and back buttons.

I guess it worked as the bounced emails stopped the next day. It was worth the price and made the kid a few bucks.

Joe Ohlandt
Logged Offline
Private Message Reply: 59 - 181
 Pages: « 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All
Recommend Print

Locked Board Board Index    The Latest Offenders  [ previous | next ] Switch to:

Thread Rating

There have been 1 votes for this thread.
 
Forum Rules
You may not post new threads
You may not post new threads
You may not post polls
You may not post attachments
 HTML is off
Blah Code is on
Smilies are on

Powered by E-Blah Platinum 9 © 2001-2005