Last visit was: Sat Jul 05, 2014 5:34 am
It is currently Sat Jul 05, 2014 5:34 am

Interpol conducts worldwide counterfeit drug raids


All times are UTC - 5 hours [ DST ]


 [ 14 posts ] 
Author Message
 PostPosted: Fri May 23, 2014 12:52 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Interesting

http://www.examiner.com/article/interpo ... drug-raids

Quote:
On March 22, a British regulatory organization, the Medicines and Healthcare Products Regulatory Agency (MHRA), announced that law enforcement agents conducted a 10-day (May 11 through May 21) worldwide crackdown on counterfeit drugs. During the Interpol-coordinated operation, 237 individuals were arrested. Counterfeit and unlicensed medicines worth $31.4 million were seized. In addition, the operation also involved 10,603 websites; the sites were either shuttered or suspended through having their domain name or payment facilities removed.


There was also a tv segment in Toronto about this that featured an interview with an Interpol officer.

The segment focused on purchasing from rogue pharmacy websites, and seemed to make an extra effort *not* to show which sites were used. They looked like EvaPharmacy sites from the selection of the drugs that was visible. (My guess, Canadian Health&Care Mall)

Good to see.

SiL


Top
 Profile  
 PostPosted: Fri May 23, 2014 2:04 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
Examiner.com:
Quote:
Among the fake drugs seized was a substantial number of diet erectile dysfunction medications, anabolic steroids, and diazepam (Valium).
diet erectile dysfunction medications ???

Wurst case of a missing comma that I've seen in a while.

[Edit: Add]
See "Pangea VII" on Interpol's website at
http://www.interpol.int/Crime-areas/Pha ... ion-Pangea


Top
 Profile  
 PostPosted: Sun May 25, 2014 4:11 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Quote:
Pangea VII

Dates: 13-20 May 2014

Participating countries: 111

Participating agencies: 196

Results:

9.4 million fake and illicit medicines seized, including slimming pills, cancer medication, erectile dysfunction pills, cough and cold medication, anti-malarial, cholesterol medication and nutritional products;
Seizures worth nearly USD 36 million;
239 arrests;
1,235 investigations launched;
19,000 adverts for illicit pharmaceuticals removed from social media platforms;
More than 10,600 websites shut down.

(My emphasis added to the date and the total)

Was it really the combined efforts of all those agencies that resulted in over 10,600 websites being shut down?

Let's see how many I shut down. My publication date was May 16 2014, and posted on this site:
REGISTRARSUSPENDEDREPORTEDPCTPENDING
PSI-USA, INC / InterNetX1616176991153
TRUNKOZ TECHNOLOGIES156415641000
NETLYNX INC.1615213776522
NAMESILO LLC110711249817
DOMAINCONTEXT161516151000
EvoPlus Ltd.6876871000
KEY-SYSTEMS356362986
CLOUD GROUP LIMITED97971000
ABOVE.COM PTY LTD1681681000
UNITED-DOMAINS AG82821000
NIC.AT / AT.DOM1601601000
REGRU-REG-RIPN35351000
**Domain Silver Inc.** / CERT.PL77771000
NIC.UA74741000
PDR LTD.34341000
1API GmbH028028
NAUNET-REG-RIPN25579932544
BIZCN.COM, INC6947749080
HTTP.NET INTERNET GMBH2602611001
DATTATEC.COM21211000
MONIKER ONLINE SERVICES1720853
DOMAIN.COM1213921
NORDNET1314931
ARCTIC NAMES, INC.10101000
1&1 INTERNET AG991000
SILICONHOUSE.NET1011011000
TODAYNIC.COM, INC.9293120
------------------------------------
TOTALS10,68812,064891,376


So according to the press release dated 13-20 May 2014 the combined forces of all those operatives in Operation Pangea have brought about the shut down of over 10,600 web sites.

And according to my posting dated 16 May 2014, my own Operation Enough is Enough I have personally brought about the shut down of 10,688 web sites.

I leave it up to you to decide whether the Operation Pangea result is just a coincidence, or whether they are taking the credit for my operation as if it were part of their own.


Top
 Profile WWW  
 PostPosted: Sun May 25, 2014 10:29 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Red Dwarf wrote:
I leave it up to you to decide whether the Operation Pangea result is just a coincidence, or whether they are taking the credit for my operation as if it were part of their own.


I was hoping it meant they shut down 10,600 websites that were still in operation on the date of the raids. Surely there would have been a lot more than 10,600 if they were counting all of yours, too.


Top
 Profile  
 PostPosted: Tue Jun 17, 2014 5:20 pm   
New member
User avatar

Joined: Tue Jun 17, 2014 5:17 pm
Posts: 4
Hmm, Remade an account sorry if this ends up being a duplicate.

I am just hoping you give me in depth guide to how you are reporting these sites.

Normally I just report to the IP registrar, the domain registrar. I do this via email. But I am not having much luck with them responding.


Top
 Profile  
 PostPosted: Sun Jun 22, 2014 12:35 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
The information that needs to be sent to the IP address owner, (the ISP), is as shown in
viewtopic.php?f=1&t=7337

The evidence of fraud for pharmacy domains is posted at http://www.spamtrackers.eu/wiki
Reports to registrars of the domain names are usually effective when they contain links to the evidence of illegal activity shown there.

Other evidence is seen in the press releases from the FBI, the Canadian International Pharmacy Association and the Department of Justice, for example
http://www.fda.gov/NewsEvents/Newsroom/ ... 358794.htm
http://www.cipa.com/fraudulent-sites/
http://scamfraudalert.org/2013/07/06/fd ... -pharmacy/

For the Russian "Eva Pharmacy" fraud operation, most ISPs and Registrars find that evidence sufficiently convincing that they take action.
The exceptions are in India and China who sometimes take action, and Russia, who rarely take any notice.

Registrar responsiveness is tracked at viewtopic.php?f=1&t=5905


Top
 Profile WWW  
 PostPosted: Sun Jun 22, 2014 5:29 pm   
New member
User avatar

Joined: Tue Jun 17, 2014 5:17 pm
Posts: 4
Red Dwarf wrote:
The information that needs to be sent to the IP address owner, (the ISP), is as shown in
viewtopic.php?f=1&t=7337

The evidence of fraud for pharmacy domains is posted at http://www.spamtrackers.eu/wiki
Reports to registrars of the domain names are usually effective when they contain links to the evidence of illegal activity shown there.

Other evidence is seen in the press releases from the FBI, the Canadian International Pharmacy Association and the Department of Justice, for example
http://www.fda.gov/NewsEvents/Newsroom/ ... 358794.htm
http://www.cipa.com/fraudulent-sites/
http://scamfraudalert.org/2013/07/06/fd ... -pharmacy/

For the Russian "Eva Pharmacy" fraud operation, most ISPs and Registrars find that evidence sufficiently convincing that they take action.
The exceptions are in India and China who sometimes take action, and Russia, who rarely take any notice.

Registrar responsiveness is tracked at viewtopic.php?f=1&t=5905



Ok thanks, took a look at that link and I basically did those exact steps and gave all of the same information in my emails. I also filled out the abuse forms. But I have one other question.

What do you do when the registrar of the domain and the company that owns the IP the site is hosted on do nothing?
I have had a little luck with reporting sites for incorrect whois on ICAAN but other then that, I am kind of out of ideas


Top
 Profile  
 PostPosted: Sun Jun 22, 2014 10:17 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
The methods vary according to the registrar(for domains) and the ISP (for the IP addreses).

Post some examples of domains and registrars, IPs and ISPs, and I will take a look and try to advise how best to report them.

Generally speaking, the most effective targets in priority order would be -
    Domain name server (kills multiple domains)
    Scam/fraud domains
    IP addresses

The state of the art is that IP addresses are set up on a constant rotation basis. An IP hosting 1000 domains may be switched to other IPs several times a day, so taking down one has a minimal impact on the operation. These scammers just take it out of the rotation pool and carry on.


Top
 Profile WWW  
 PostPosted: Tue Jun 24, 2014 4:39 pm   
New member
User avatar

Joined: Tue Jun 17, 2014 5:17 pm
Posts: 4
This is the main site I want taken down: ixjobs.net

I have reported the domain and IP to these people:
[email protected]
[email protected]
[email protected]
ICANN
[email protected]
[email protected]

No luck with any of them.



Another: medicnhjet.ru
Sent to:
[email protected]
[email protected]
ICANN
[email protected]
[email protected]

Lastly: garciniafatburn.com
Reported to:
ResellerID Form
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]


Any advice you can provide will be beneficial!!


Top
 Profile  
 PostPosted: Tue Jun 24, 2014 10:37 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Quote:


registrar: REGRU-REG-RIPN
admin-contact: http://www.reg.ru/whois/admin_contact
(Unresponsive)
Evidence page
http://www.spamtrackers.eu/wiki/index.p ... acy_Expres

medicnhjet.ru has address 94.242.199.109
Please contact abuse@as5577.net

UPDATE June 27
94.242.199.109 traceroute shows the IP gets no further than the .as5577.net upstream
478 ms xe-0-3-1.r1.lon.iptransit.com [204.26.60.209]
396 ms te4-1.r2.lux.iptransit.com [199.59.206.134]
498 ms ic-root.lux.as5577.net [199.59.206.98]
* Request timed out.
* Request timed out.

But now, medicnhjet.ru has address 189.197.62.147


Top
 Profile WWW  
 PostPosted: Wed Jun 25, 2014 1:00 pm   
New member
User avatar

Joined: Tue Jun 17, 2014 5:17 pm
Posts: 4
Thanks for the above^

Just curious why did you say "medicnhjet.ru has address 94.242.199.109"
Doing a who.is on the domain shows me it is: 80.86.88.69

Any idea on the other 2 I mentioned?


Top
 Profile  
 PostPosted: Wed Jun 25, 2014 5:42 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
To get a world-wide view of what IP address a name resolves to, visit
http://cachecheck.opendns.com/
and key in the domain name. You should see results from many different geographical locations.

WHOIS does not give you any reliable result. It is designed to provide information about only the registrar and the registrant.

Another useful detailed analysis of the domain is at
http://www.dnsstuff.com/tools#dnsReport ... icnhjet.ru
It takes a few seconds to build the report, so be patient.

I will comment on the other two at a later time, because they are out of my area of attention at this time and I am a little busy.


Top
 Profile WWW  
 PostPosted: Fri Jun 27, 2014 6:50 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
vegetto576 wrote:
This is the main site I want taken down: ixjobs.net

I have reported the domain and IP to these people:
abuse@sprintdatacenter.pl
artur@e-ring.pl
info@e-ring.pl
ICANN
abuse@godaddy.com
phishing@godaddy.com


ISP DETAILS
What is the IP:
>host -t ta ixjobs.net
ixjobs.net has address 46.22.166.160

ISP for that IP
netname: E-RING-NETWORK
descr: E-RING KRAKOW DATA CENTER
country: PL

person: Artur Grabowski
address: Slupsk
phone: +48 61 669 06 22
On Facebook: https://www.facebook.com/artur.grabowski.94801

What URLs have landed on that IP:
https://www.virustotal.com/en/ip-address/46.22.166.160/information/
Quote:
2014-06-16 cdn.ixjobs.net
2014-06-05 nos.ixjobs.net
2014-06-13 t.ixjobs.net
2014-05-27 twitter.ixjobs.net
etc


REPUTATION SERVICES
Ratings on mywot for the domain name
https://www.mywot.com/en/scorecard/ixjobs.net
McAfee SiteAdvisor
http://www.siteadvisor.com/sites/IXJOBS.NET#reviewercommentssummary

REGISTRAR

Domain Name: IXJOBS.NET
Registrar: GODADDY.COM, LLC
Name Server: NS19.DOMAINCONTROL.COM
Name Server: NS20.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 21-apr-2014
Creation Date: 24-feb-2014
Expiration Date: 24-feb-2015

REGISTRANT
Registrant details from WHOIS:
Code:
Registrant Name: Alexandru Iulian Florea
Registrant Organization:
Registrant Street: Str. Malva Nr. 3A Sector 3
Registrant City: Bucuresti
Registrant State/Province: RO
Registrant Postal Code: 74000
Registrant Country: Romania
Registrant Phone: +40.769278805
Registrant Email: [email protected]


He has registered other domain names, either extinct or unused - eg FINEARTE.INFO which has a different (Russian) valid phone number ( Registrant Phone:+7.69278805 )
A list of his registrations can be seen at http://www.webboar.com/whois-email/dGhvci5pdWxpYW5AZ21haWwuY29t

EVIDENCE OF ILLEGAL ACTIVITY

The phone number rings. The address looks valid, because there is a 3 Strada Malva in Bucharest; although the exact postal code would be 030773 ( http://prefixe.ro/cauta_cod_postal-0.php/page=255 )

The registrant is mentioned at http://pastebin.com/PTMqby9K "Alexandru Iulian Florea - Romanian Spammer"
His Facebook page is unused at https://www.facebook.com/profile.php?id=100005028934348&sk=about

But where is there any convincing evidence that it is used for fraud, or breaks the registrar or ICANN terms of service?
http://cyberwarzone.com/aware-ixjobs-twitter-scam/
http://news.softpedia.com/news/Flappy-Bird-Fans-Targeted-by-Scammers-on-Twitter-426583.shtml
http://www.bloglovin.com/viewer?post=2906229801&group=0&frame_type=b&blog=3786644&frame=1&click=0&user=0

Formerly known as jobdeals.us and twitter.jobdeals.us - http://archive.today/5WKe8

GoDaddy have previously suspended one of his similar domains
Domain Name: SOCIALD-EALS.COM
Registrar: GoDaddy.com, LLC
Updated Date: 06-sep-2013
Creation Date: 14-aug-2013
Registrant Name: Alexandru Iulian Florea
Tech Email: [email protected]
Name Server: NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
Name Server: NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM


That is the sort of information that might encourage GoDaddy to take action.


Top
 Profile WWW  
 PostPosted: Fri Jun 27, 2014 7:54 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
GARCINIAFATBURN.COM

Code:
Domain Name: GARCINIAFATBURN.COM
Registrar: PT ARDH GLOBAL INDONESIA
Registrant Name: Auriville Laderoute
Registrant Organization: Auriville Laderoute
Registrant Street: 3902 Weston Rd
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M9N 1G4
Registrant Country: CA
Registrant Phone: +1.4162107432
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]


3902 Weston Road is in Toronto.
Postal Code: M9N 1G4 does not span that address.
Phone: +1.4162107432 does not exist.
Useful reference from a trusted source:
http://grahamcluley.com/2013/07/fake-bbc-diet-spam/

Go to https://forms.icann.org/en/resources/compliance/complaints/whois/inaccuracy-form


Top
 Profile WWW  
 [ 14 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine, Yahoo [Bot] and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008