Jump to content

Getting really tired of these Canadian Pharmacy spams


klappa

Recommended Posts

In about 1,5 years now i gotten spam from the now famous EvaPharmacy fraud group. They usually register their fake fraud Pharmacy domains at R01.ru which is famous for hosting the most fraud domains in the world. This REGISTER never shuts down anything and if they reply they usually come up with a lame excuse.

I can safely say i have contacted everyone even Russian authorities and their CERT team. I even contacted the parent company of the Broadband service which hosts all those fraud domains, no answer. Nothing!

Somehow they have gotten hold of my other mail address as well which has the same name but with a different provider and is also being bombarded with their spam.

I don't even know how they got my mail from the beginning. I can take skammers and some phishing e-mails now and then but i usually get several of these spams every day and they never stop. They usually hack webservers through a php vulnerability to form e-mail addresses and using bots to distribute them that way they never will be tracked directly but all the sites connects to 95.31.22.193 which is owned by Russian Cortina Broadband and their parent company is Vimpelcom one of Russians biggest telecom companies.

Here's a map which gives a good view over which domains connects to that ip number

https://www.robtex.com/en/advisory/ip/95/31/22/193/

Here's a typical spamcop report

https://www.spamcop.net/sc?id=z6205604617z1bd2598387ea9fcc19ace4ddc2e16443z. Here's a whois record on one of their domains

domain: GLOBALHEALTHSUPPLY.RU
nserver: ns1.globalhealthsupply.ru. 211.110.14.21
nserver: ns2.globalhealthsupply.ru. 103.249.86.209
state: REGISTERED, DELEGATED, VERIFIED
person: Private Person
registrar: R01-RU
admin-contact: https://partner.r01.ru/contact_admin.khtml
created: 2015.11.09
paid-till: 2016.11.09
free-date: 2016.12.10
source: TCI

It is part of the Yambo Financials spamnetwork and bulker.biz organization: http://www.spamhaus.org/rokso/evidence/ROK3780/yambo-financials/media-oh-that-must-be-anton and http://fraud-reports.wikia.com/wiki/Bulker.biz.

Is there anything more i can do? Or should i accept these spams?

Link to comment
Share on other sites

  • 2 months later...

I'm curious what email provider(s) you use. I have one Yahoo account which is notorous for accepting all Canadian Pharmacy spam. I've been reporting the Canadian Pharmacy spams for a few months and the amount hasn't decreased. Experience-wise: I have a couple of Yahoo.com email accounts and accounts with other email providers, that never get Canadian Pharmacy spam, and next to never receive spam.

Recommendation:

Create another email account and/or use another email provider (I don't recommend Yahoo's free email account spam control, if you happen to get spam). Also, when creating a new account, I tend to use nomenclature that is very uncommon before the "[at]" of the email address. This is all a drastic, quick solution (compared to reporting spams for months which never diminish).

Link to comment
Share on other sites

I'm curious what email provider(s) you use. I have one Yahoo account which is notorous for accepting all Canadian Pharmacy spam. I've been reporting the Canadian Pharmacy spams for a few months and the amount hasn't decreased. Experience-wise: I have a couple of Yahoo.com email accounts and accounts with other email providers, that never get Canadian Pharmacy spam, and next to never receive spam.

Recommendation:

Create another email account and/or use another email provider (I don't recommend Yahoo's free email account spam control, if you happen to get spam). Also, when creating a new account, I tend to use nomenclature that is very uncommon before the "[at]" of the email address. This is all a drastic, quick solution (compared to reporting spams for months which never diminish).

Don't want to out them here but yes it seems they are using bad spam filters.

Thanks for the tip! How would a nomenclature look like?

Link to comment
Share on other sites

klappa, by nomenclature I'm meaning make the part of the email address before the [at] sort of a password, one not as easy to guess. For example, random two or three words.

From what I'd seen the current CA Pharmacy spam is routed from mostly different networks every time.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...