klappa Posted January 15, 2016 Share Posted January 15, 2016 In about 1,5 years now i gotten spam from the now famous EvaPharmacy fraud group. They usually register their fake fraud Pharmacy domains at R01.ru which is famous for hosting the most fraud domains in the world. This REGISTER never shuts down anything and if they reply they usually come up with a lame excuse. I can safely say i have contacted everyone even Russian authorities and their CERT team. I even contacted the parent company of the Broadband service which hosts all those fraud domains, no answer. Nothing! Somehow they have gotten hold of my other mail address as well which has the same name but with a different provider and is also being bombarded with their spam. I don't even know how they got my mail from the beginning. I can take skammers and some phishing e-mails now and then but i usually get several of these spams every day and they never stop. They usually hack webservers through a php vulnerability to form e-mail addresses and using bots to distribute them that way they never will be tracked directly but all the sites connects to 95.31.22.193 which is owned by Russian Cortina Broadband and their parent company is Vimpelcom one of Russians biggest telecom companies. Here's a map which gives a good view over which domains connects to that ip number https://www.robtex.com/en/advisory/ip/95/31/22/193/ Here's a typical spamcop report https://www.spamcop.net/sc?id=z6205604617z1bd2598387ea9fcc19ace4ddc2e16443z. Here's a whois record on one of their domains domain: GLOBALHEALTHSUPPLY.RUnserver: ns1.globalhealthsupply.ru. 211.110.14.21nserver: ns2.globalhealthsupply.ru. 103.249.86.209state: REGISTERED, DELEGATED, VERIFIEDperson: Private Personregistrar: R01-RUadmin-contact: https://partner.r01.ru/contact_admin.khtmlcreated: 2015.11.09paid-till: 2016.11.09free-date: 2016.12.10source: TCI It is part of the Yambo Financials spamnetwork and bulker.biz organization: http://www.spamhaus.org/rokso/evidence/ROK3780/yambo-financials/media-oh-that-must-be-anton and http://fraud-reports.wikia.com/wiki/Bulker.biz. Is there anything more i can do? Or should i accept these spams? Link to comment Share on other sites More sharing options...
SpamSpam Posted March 15, 2016 Share Posted March 15, 2016 I'm curious what email provider(s) you use. I have one Yahoo account which is notorous for accepting all Canadian Pharmacy spam. I've been reporting the Canadian Pharmacy spams for a few months and the amount hasn't decreased. Experience-wise: I have a couple of Yahoo.com email accounts and accounts with other email providers, that never get Canadian Pharmacy spam, and next to never receive spam. Recommendation: Create another email account and/or use another email provider (I don't recommend Yahoo's free email account spam control, if you happen to get spam). Also, when creating a new account, I tend to use nomenclature that is very uncommon before the "[at]" of the email address. This is all a drastic, quick solution (compared to reporting spams for months which never diminish). Link to comment Share on other sites More sharing options...
klappa Posted March 22, 2016 Author Share Posted March 22, 2016 I'm curious what email provider(s) you use. I have one Yahoo account which is notorous for accepting all Canadian Pharmacy spam. I've been reporting the Canadian Pharmacy spams for a few months and the amount hasn't decreased. Experience-wise: I have a couple of Yahoo.com email accounts and accounts with other email providers, that never get Canadian Pharmacy spam, and next to never receive spam. Recommendation: Create another email account and/or use another email provider (I don't recommend Yahoo's free email account spam control, if you happen to get spam). Also, when creating a new account, I tend to use nomenclature that is very uncommon before the "[at]" of the email address. This is all a drastic, quick solution (compared to reporting spams for months which never diminish). Don't want to out them here but yes it seems they are using bad spam filters. Thanks for the tip! How would a nomenclature look like? Link to comment Share on other sites More sharing options...
SpamSpam Posted March 23, 2016 Share Posted March 23, 2016 klappa, by nomenclature I'm meaning make the part of the email address before the [at] sort of a password, one not as easy to guess. For example, random two or three words. From what I'd seen the current CA Pharmacy spam is routed from mostly different networks every time. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.