Jump to content

Medscit spam emails


eonstar
 Share

Recommended Posts

I'm getting one email every couple of days, always from a junk address which cant be replied to, and all with exactly the same text which advertises MEDSCIT.COM - Canadian Pharmacy, selling viagra.

Subject field is always just "re:"

When I go to the website for MEDSCIT.COM - Canadian Pharmacy, there's a 'contact us' form to send a query which is handy for sending lots of messages of complaint.

I've found Canadian Pharmacy mentioned as a source of spam elsewhere on the net.

If there's no authority to pull companies into line, than surely if enough people send use their 'contact us' form several times every hour, it will stuff them up enough to interfere with the making of money.

Link to comment
Share on other sites

The word "source" in these parts generally deals with the "source" of the e-mail. What you appear to be talking about is something called a "spamvertised site" ... something quite different. Your suggested 'threat' of stuffing a form in retaliation cold actually cause you some personal grief. You might want to talk to your own ISP/Host before trying something like this.

This domain is a bit out of the ordinary, allegedly being around since last August .. rather different than the typical week or two scam site ... though it could be that there were hundreds of Domains registered back in August and this one has 'just' been actually brought into use.

12/30/07 06:31:32 Slow traceroute MEDSCIT.COM

Trace MEDSCIT.COM (84.109.24.85) ...

62.219.189.25 RTT: 187ms TTL:170 (bzq-219-189-25.cablep.bezeqint.net ok)

* * * failed

192.117.237.58 RTT: 182ms TTL:170 (bzq-117-237-58.static.bezeqint.net ok)

* * * failed

* * * failed

* * * failed

* * * failed

84.109.24.85 RTT: 198ms TTL:107 (bzq-84-109-24-85.red.bezeqint.net ok)

whois -h whois.crsnic.net medscit.com ...

Redirecting to BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN

whois -h whois.dns.com.cn medscit.com ...

Domain Name.......... medscit.com

Creation Date........ 2007-08-14 14:29:31

Registration Date.... 2007-08-14 14:29:31

Expiry Date.......... 2008-08-14 14:29:31

Organisation Name.... Elvin Korkuti

Organisation Address. 1950 3rd St 606

Organisation Address.

Organisation Address. La Verne

Organisation Address. 91750

Organisation Address. WG

Organisation Address. US

Admin Name........... Elvin Korkuti

Admin Address........ 1950 3rd St 606

Admin Address........

Admin Address........ La Verne

Admin Address........ 91750

Admin Address........ WG

Admin Address........ US

Admin Email.......... ererer[at]hotmail.com

Admin Phone.......... +1.9095760281

Admin Fax............ +1.9095760281

........

Name Server.......... ns0.biknasufadupo.com

Name Server.......... ns0.markuzapilod.com

Name Server.......... ns0.rubakopesanm.com

Name Server.......... ns0.rumbaponukas.com

12/30/07 06:32:59 dig MEDSCIT.COM [at] 208.67.220.220

Dig MEDSCIT.COM[at]ns0.rumbaponukas.COM (91.89.228.53) ...

failed, couldn't connect to nameserver

Dig MEDSCIT.COM[at]ns0.rubakopesanm.COM (89.178.111.167) ...

failed, couldn't connect to nameserver

Dig MEDSCIT.COM[at]ns0.markuzapilod.COM (207.119.14.3) ...

failed, couldn't connect to nameserver

Dig MEDSCIT.COM[at]ns0.biknasufadupo.COM (79.120.97.137) ...

failed, couldn't connect to nameserver

Dig MEDSCIT.COM[at]208.67.220.220 ...

Non-authoritative answer

Recursive queries supported by this server

Query for MEDSCIT.COM type=255 class=1

MEDSCIT.COM NS (Nameserver) ns0.biknasufadupo.COM

MEDSCIT.COM NS (Nameserver) ns0.markuzapilod.COM

MEDSCIT.COM NS (Nameserver) ns0.rubakopesanm.COM

MEDSCIT.COM NS (Nameserver) ns0.rumbaponukas.COM

whois -h whois.ripe.net 84.109.24.85 ...

inetnum: 84.109.0.0 - 84.109.255.255

netname: CABLES-CONNECTION

descr: CABLES-CUSTOMERS-CONNECTION

country: IL

admin-c: YK76-RIPE

tech-c: BHT2-RIPE

status: ASSIGNED PA

remarks: please send ABUSE complains to abuse[at]bezeqint.net

mnt-by: AS8551-MNT

mnt-lower: AS8551-MNT

source: RIPE # Filtered

A better suggestion might actually be to quit 'reading' your spam. Technically, nobody in the data above really cares about complaints about spam.

Just so there's no confusion, reporting of this through SpamCop.net 'will' work at adding the 'source' to the SpamCopDNSBL, which will help those that use the BL against their incoming e-mail. The issue I'm talking about is that the ISPs/Hosts involved with this web-site don't care, possibly because the spammer is paying enough for this hosting to make them very happy ????? Reminds me of Ralsky's complaint years back that he couldn't find a U.S. ISP that would host his garbage, so he 'had' to use hosting provided by Chinese ISPs .....

Link to comment
Share on other sites

If there's no authority to pull companies into line, than surely if enough people send use their 'contact us' form several times every hour, it will stuff them up enough to interfere with the making of money.

The people behind this stuff are not "companies" that can be "pulled into line," they are international criminal conspiracies. They use illegal means to distribute their sales appeals and host their websites. Their products are generally illegally made and certainly illegally sold.

Trying to "stuff" their forms will do no good and may just get you into trouble as Wazoo suggests. It also has about the same effect as trying to stop a burglar by posting a "no burglars" sign on your front door.

An effective spam filter might shunt many of these spams from your inbox; for any that you do receive, the best thing to do is to report them to the providers whose facilities (IP addresses) were used to send them.

-- rick

Link to comment
Share on other sites

<snip>

12/30/07 06:31:32 Slow traceroute MEDSCIT.COM

Trace MEDSCIT.COM (84.109.24.85) ...

62.219.189.25 RTT: 187ms TTL:170 (bzq-219-189-25.cablep.bezeqint.net ok)

* * * failed

192.117.237.58 RTT: 182ms TTL:170 (bzq-117-237-58.static.bezeqint.net ok)

* * * failed

* * * failed

* * * failed

* * * failed

84.109.24.85 RTT: 198ms TTL:107 (bzq-84-109-24-85.red.bezeqint.net ok)

<snip>

Domain Name.......... medscit.com

Creation Date........ 2007-08-14 14:29:31

Registration Date.... 2007-08-14 14:29:31

Expiry Date.......... 2008-08-14 14:29:31

Organisation Name.... Elvin Korkuti

Organisation Address. 1950 3rd St 606

Organisation Address.

Organisation Address. La Verne

Organisation Address. 91750

Organisation Address. WG

Organisation Address. US

<snip>

Dig MEDSCIT.COM[at]208.67.220.220 ...

Non-authoritative answer

Recursive queries supported by this server

Query for MEDSCIT.COM type=255 class=1

MEDSCIT.COM NS (Nameserver) ns0.biknasufadupo.COM

MEDSCIT.COM NS (Nameserver) ns0.markuzapilod.COM

MEDSCIT.COM NS (Nameserver) ns0.rubakopesanm.COM

MEDSCIT.COM NS (Nameserver) ns0.rumbaponukas.COM

Thanks for the digging, Wazoo. Looks like a garden-variety pharma spam operation.

The website seems to be hosted on a pool customer address at Bezeq, so possibly a zombie computer is involved here. The NS is provided by the usual gaggle of alphabet-soup hosts, would not surprise me to learn that the domain resolves to multiple bot addresses. Also, the domain registry info is obviously bogus (address is "no effing good"), so theoretically the registrar is supposed to take action. However, being that the registrar is Beijing Innovative, we will have uncorked many bottles of New Year's champagne before we see any action from them.

-- rick

Link to comment
Share on other sites

I'm getting one email every couple of days, always from a junk address which cant be replied to, and all with exactly the same text which advertises MEDSCIT.COM - Canadian Pharmacy, selling viagra.

medscit.com is part of a botnet currently on:

24.105.194.185

61.18.62.46

61.93.13.46

61.238.133.47

61.238.164.118

67.182.16.50

76.211.209.223

123.98.189.153

123.110.183.217

125.215.110.17

125.231.229.84

207.119.14.3

210.6.50.140

210.122.176.250

211.168.219.196

But the above will change every few minutes botnets are being used for email as well as hosting and dns.

Subject field is always just "re:"

That's because their vocabulary goes no further.

When I go to the website for MEDSCIT.COM - Canadian Pharmacy, there's a 'contact us' form to send a query which is handy for sending lots of messages of complaint.

Why would you want to complain directly to the spammers site? You think they actually read any email? You think they are smart enough to read?

I've found Canadian Pharmacy mentioned as a source of spam elsewhere on the net.

The Canadian Pharmacy spammers have been around for while. Of course they are elsewhere on the net.

If there's no authority to pull companies into line, than surely if enough people send use their 'contact us' form several times every hour, it will stuff them up enough to interfere with the making of money.

I hope you don't really believe that!

Link to comment
Share on other sites

medscit.com is part of a botnet currently on:

.....

But the above will change every few minutes botnets are being used for email as well as hosting and dns.

That's because their vocabulary goes no further.

Why would you want to complain directly to the spammers site? You think they actually read any email? You think they are smart enough to read?

The Canadian Pharmacy spammers have been around for while. Of course they are elsewhere on the net.

I hope you don't really believe that!

Thanks Merlyn, I'm new to the spam thing, your sarcasm has been appreciated.

Regards, Eon.

Link to comment
Share on other sites

Thanks Merlyn, I'm new to the spam thing, your sarcasm has been appreciated.

One post deleted that contained nothing but a 'quoted-in-its-entireity' but with no content. Next post edited to remove un-needed content (as suggested in places like the Forum FAQ (links at the top of the page))

There has been quite a it of traffic in response to your initial query, yet the only follow-up comment is this? If you are 'new to spam' then the real question now is if anything in 'all' of the above did anything for you, explained anything, helped you at all?

Link to comment
Share on other sites

Thanks Merlyn, I'm new to the spam thing, your sarcasm has been appreciated.
Forget the hurt feelings if you want to learn.
medscit.com is part of a botnet currently on ...

But the above will change every few minutes botnets are being used for email as well as hosting and dns.

As in

C:\Documents and Settings\Steve>nslookup

...

> medscit.com

...

Non-authoritative answer:

Name: medscit.com

Addresses:

58.226.111.81

61.105.185.90

61.238.162.248

69.151.213.60

75.73.80.244

76.99.104.72

76.248.102.190

84.234.130.136

125.231.229.84

203.243.221.34

207.119.11.105

210.106.5.185

211.168.219.196

220.131.109.200

221.127.130.241

(10 minutes later)

> medscit.com

...

Non-authoritative answer:

Name: medscit.com

Addresses:

123.203.16.5

125.231.229.84

203.243.221.34

207.119.11.105

210.106.5.185

211.168.219.196

220.85.50.164

220.131.109.200

58.226.111.81

59.17.208.96

61.105.185.90

61.238.138.165

75.51.76.167

75.73.80.244

84.234.130.136

>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...