RX-Partners

Spammers should not profit, so post information here that hits their pockets. There are many ways to fight spammers, and we have automation tools to combat them efficiently. These forums are moderated, but do not reflect the views of the hosting company, domain registrar, etc. By entering any of these forums, you agree that you cannot hold anyone liable for anything related in any way to these forums.

RX-Partners

Postby g7w » Sat Feb 16, 2013 2:18 pm

> 386-2437714
Indian Railway ticket number?
hXXp://irctc-pnr.com/status/3862437x/

Hopefully, I'm on topic.

I've been working on this off and on for awhile now
It's... overwhelming. Follow the money :)

I've been getting many 'secure-*.com' domains which root back up to: stimul-media.com

aka: RX-Partners
who IMO, are aka: RXprofits.com though I'm not entirely sure.

But I am sure that RX-Partners is aka:
"DFG DutyFree Power Group Ltd"
dfpowergroup.com - Duty free alcohol, tobacco, cosmetics, perfumes
affiliate sign-up site: directnetpartners.com
example phone numbers (for "duty free"):
1-347-7081664
1-888-2465608

Some sites, like this alcohol template: alcohol-sell.com
advertises in the Flash banner the domain: test-mall.com
see: shop.test-mall.com
payment processor: secure-paypage.com
which references a support email link pointing to: salezhelp.com
http://bgp.he.net/dns/salezhelp.com#_whois
references: stimul-media.com

ed-tablet-danmark.com
payment processor: secure-checkout-page.com
customer support: order-cs.com

I'm concentrating on the non-pharma domains ATM
Will post a new thread on WOT when I get more screen captures and possibly more domains to add to my list (current count: 119)
Opto, ergo sum
User avatar
g7w
Spam Reporter
 
Posts: 136
Joined: Thu May 20, 2010 12:29 am

Re: RX-Partners

Postby Red Dwarf » Sat Feb 16, 2013 5:00 pm

[Topic moved to separate thread]

Reference information on RX-Partners is at
http://www.xylibox.com/2011/11/rx-partnersbiz-huge-pharma-affiliate.html

Spamtrackers has some informations at
http://spamtrackers.eu/wiki/index.php/Trusted_Tabs

No doubt you will find hits from a Google search on phone numbers - "HAVE A QUESTION? CALL US: Toll Free: 1-888-2465608 Internationl: 1-347-7081664"

dutyfreecigarettes.net.tc [dead]
cigarettes2home.com
buyanelectroniccigarette.com

Secure checkouts and Help centers - all DNS = custns.com
checkout-page.com *
customer-ed.com
eu-customer.com
salez-help.com
secure-transaction-page.com *
securebilling-page.com *
securebillpage.com
securepaypage.biz
securepaypage.com *
yoursecurebilling.com *

* Some of those are DDOS protected under Prolexic

Keep posting more information as you find it.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners / DFG DutyFree Power Group Ltd

Postby g7w » Sun Feb 17, 2013 12:00 pm

@ Red Dwarf
Thank you for moving this into it's own thread; apologies for previous off-topic placement.


RX-Partners:
  • [RU] Vitaly Petrov aka: Peter Clement
  • [DE] Jason Mercer

salezhelp.com
http://bgp.he.net/dns/salezhelp.com#_whois
Code: Select all
owner-organization: STIMUL-MEDIA.COM
owner-fname: Vitaly
owner-lname: Petrov
owner-street: Petrozavodskaya st, 16, appt. 123
owner-city: Moscow
owner-zip: 125414
owner-country: RU
owner-phone: 79160248086
owner-email: vitalypetrov76@yahoo.com

Alias used is:
http://bgp.he.net/dns/custns.com#_whois
Code: Select all
Peter Clement
438-490 Mile End Road
London
E1 4PE
UK

this address is a student living complex according to:
http://www.foreignstudents.com/accommodation/listings/london-mile-end-scape-east

digifuel.net
http://bgp.he.net/dns/digifuel.net#_whois
Code: Select all
Jason Mercer
Stadionvej 2
Aarup, na 5548
Germany
tech@dfpowergroup.com
+49 64452321
Opto, ergo sum
User avatar
g7w
Spam Reporter
 
Posts: 136
Joined: Thu May 20, 2010 12:29 am

Re: RX-Partners / DFG DutyFree Power Group Ltd

Postby Red Dwarf » Sun Feb 17, 2013 3:42 pm

When adopting a false name, it is a common practice to choose a famous person. Then the chosen name will be lost in the clutter of search results. This method invalidates Google tracking.
http://en.wikipedia.org/wiki/Vitaly_Petrov
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners / DFG DutyFree Power Group Ltd

Postby g7w » Sun Feb 17, 2013 7:49 pm

adopting a false name

I understand that, another example:
http://bgp.he.net/dns/securebilling-page.com#_whois
domain registered in 2010

Peter Clement was
Deputy Director CIA - Intelligence for Analytic Programs
http://www.c-spanvideo.org/peterclement
Opto, ergo sum
User avatar
g7w
Spam Reporter
 
Posts: 136
Joined: Thu May 20, 2010 12:29 am

Re: RX-Partners / DFG DutyFree Power Group Ltd

Postby g7w » Mon Feb 18, 2013 6:43 pm

Opto, ergo sum
User avatar
g7w
Spam Reporter
 
Posts: 136
Joined: Thu May 20, 2010 12:29 am

Re: RX-Partners

Postby Red Dwarf » Tue Dec 09, 2014 11:59 pm

I have taken a renewed interest in RX-Partners, because it has been allowed to flourish undeterred for too long.
Lots of screen captures from the members-only forum can be seen at
http://www.xylibox.com/2011/11/rx-partn ... liate.html

Some sketchy information is in a new spamtrackers wiki article

Web site skins have a little variation.

IP 67.210.105.74
Looking at the favorite IP address which seems to be a host for many sites, I was able to uncover plenty of live domains.

BIZCN.COM, INC
[Edit: Some have been suspended, some have been transferred out]
Code: Select all
 adipex-online.com
 adipexbrand.com (suspended)
 alprazolamtab.com
 amoxicillinforstrepthroat.com
 ativangeneric.com
 brandadipex.com
 brandambien.com
 brandfioricet.com (suspended)
 brandphentermine.com
 brandvalium.com
 buyadderall.biz (suspended)
 buybrandambien.com
 buybrandfioricet.com (suspended)
 buybrandphentermine.com (suspended)
 buybrandvalium.com
 buybrandxanax.com
 buymodafiniltoday.com (suspended)
 buynuvigil.com
 buyphentermineonlineshop.com (suspended)
 buyphentermineonlinewithoutrx.com
 buyphenterminequick.com (suspended)
 buytramadoll.com (suspended)
 diazepam-generic.com
 generic-adderall.com (suspended)
 genericnorco.com
 hydrocodonegeneric.com
 lorcetonline.com (suspended)
 lortabgeneric.com
 online-duromine.com
 onlinealprazolam.com
 onlinelortab.com (suspended)
 onlinenorco.com
 onlinepropecia.net
 onlinevicodin.com
 onlinezolpidem.com
 order-provigil.com
 oxycodone-online.com
 oxycodonegeneric.com
 oxycontin-online.com
 purchasepropecia.com
 soma-pharmacy.com
 sonataonline.com
 valiumonlinenoprescription.com (suspended)
 vicodingeneric.com
 zaleplononline.com


IP MIRROR
[Edit April 10, 2015: Upon being reported, these were either suspended, or quickly transferred out to the Rusian safe haven at REGIONAL NETWORK INFORMATION CENTER, JSC DBA RU-CENTER]
Code: Select all
 adderallonlinepharmacy.com (suspended)
 adderallonlinewithoutprescription.com
 adderallshop.com (suspended)
 adderallwithoutprescription.com (suspended)
 buyadderallpharmacy.com (suspended)
 buyalprazolamonline.net (tranferred out)
 buycodeineonline.net (tranferred out)
 buydidrex.com (suspended)
 buyfioricetonlinenorx.com (suspended)
 buyklonopin.com (transferred out)
 buypercocetpharmacy.com (transferred out)
 buyprovigilnorx.com (suspended)
 buyprovigilonline.com (suspended)
 buyprovigilquick.com (suspended)
 buyprovigiltoday.comt (tranferred out)
 buyretinapharmacy.com (suspended)
 buyritalinonlinenorx.comt (tranferred out)
 buyritalinpharmacy.comt (tranferred out)
 buysomaonline.com (suspended)
 buyvicodinonline.com (suspended)
 buyzaleplononline.comt (tranferred out)
 buyzolpidemonline.nett (tranferred out)
 netribbon.com (suspended)
 onlinehydrocodone.com (suspended)
 onlineorderphentermine.comt (tranferred out)
 onlineprovigil.comt (tranferred out)
 phentermineontheweb.comt (tranferred out)
 propeciaonline.com (suspended)
 purchaseambienonline.comt (tranferred out)
 purchasephentermineonline.com
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners

Postby Red Dwarf » Fri Apr 10, 2015 8:49 pm

Perhaps the fastest way to get in their faces is to shut down their check-out sites. It's faster than hitting the hundreds of web sites, since they all use one check-out.
So looking at the wiki we see at http://fraud-reports.wikia.com/wiki/RX-Partners
Infrastructure
spamtrackers.eu wrote:securepaypage.biz
checkout-page.com (suspended September 2014)
checkoutpage-secure.com
my-paypage.com
secure-paypage.com
securebilling-page.com
securebillpage.com
securepaypage.com
customer-ed.com


Registrant details for these:
Code: Select all
securepaypage.biz       Peter Clement   +44.7077076198  phone
checkoutpage-secure.com Peter Clement   +44.2036427074  phone
my-paypage.com  Peter Clement   +44.2036427074  phone
secure-paypage.com      Adrian Ratz     +40315202540    phone
securebilling-page.com  Peter Clement   +44.2036427074  phone
securebillpage.com      Peter Clement   +44.2036427074  phone
securepaypage.com       Peter Clement   +44.2036427074  phone
customer-ed.com Peter Clement   +44.7077076198  phone
pharm24-7.com Taro Tanaka  +81.335865678  phone
24x7ph.com Toru Ymashita +81.335865678 phone

The registrant phone numbers are fakes.

By sending off a complaint to ICANN, we should see the details corrected, or the domains suspended.
Code: Select all
<phone_errorcode>Incorrect phone</phone_errorcode>
            <comment>Phone: +44.2036427074 does not exist or not the registrant's, random number generated.
                    Domain is used for illegal activity,  breaks ICANN RAA.</comment>
       


Registrars are Key-Systems, CSL/Joker, AFRIREGISTER S.A

Current hosting IP addresses are
securepaypage.biz has address 83.167.224.201
checkoutpage-secure.com has address 104.68.27.199
my-paypage.com has address 104.68.11.168
secure-paypage.com has address 104.68.27.206
securebilling-page.com has address 146.185.239.87
securebillpage.com has address 104.68.11.162
securepaypage.com has address 23.216.57.119
customer-ed.com has address 109.237.212.65
pharm24-7.com has address 180.210.34.24

Watch this space. :-)

Edit: Dead May 20 2015:
pharm24-7.com
securepaypage.com
securebilling-page.com
securebillpage.com
24x7ph.com
my-paypage.com
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners

Postby Red Dwarf » Fri Apr 10, 2015 9:22 pm

Incidentally, looking at the live RX-Partners sites not yet suspended, and trying to purchase any items, I sometimes get sent to:

http://www.hydropharma.com/detail.php?cgid=36
or
http://24x7ph.com/detail.php?cgid=22

The response shows an error -
Code: Select all
Forbidden

You don't have permission to access /detail.php on this server.

Apache/2.2.15 (CentOS) Server at www.hydropharma.com Port 80


Does any one else get the same problem?
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners

Postby Red Dwarf » Wed Apr 15, 2015 3:42 pm

TPP WHOLESALE PTY LTD. suspended:

besttabssolution.com
edrugs-solution.com
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners

Postby spamislame » Fri Apr 17, 2015 3:37 pm

Red Dwarf wrote:Does any one else get the same problem?

I sure do, but I imagine they've been blocking my home and work IPs for at least six years now. :)

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: RX-Partners

Postby Red Dwarf » Thu May 21, 2015 7:25 pm

Red Dwarf wrote:Incidentally, looking at the live RX-Partners sites not yet suspended, and trying to purchase any items, I sometimes get sent to:

http://www.hydropharma.com/detail.php?cgid=36
or
http://24x7ph.com/detail.php?cgid=22


DEAD
24x7ph.com
Name Server: No nameserver
Registrar: Key-Systems GmbH
Domain Status: inactive http://www.icann.org/epp#inactive
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners

Postby Red Dwarf » Tue Mar 07, 2017 12:54 am

Composite list at March 2017

* bestmedsoffer.comRX-PartnersCRAZY DOMAINS FZ-LLC
farmaciablu.comRX-PartnersCRAZY DOMAINS FZ-LLC
marketoftrustworthy.comRX-PartnersCRAZY DOMAINS FZ-LLC
* your-health-solutions.comRX-PartnersCRAZY DOMAINS FZ-LLC
besttabssolution.comRX-PartnersDOMAINSOVERBOARD.COM LLC
bestpillssolution.comRX-PartnersDROPCATCH.COM 415 LLC
alexapharma.comRX-PartnersHOSTING CONCEPTS B.V.
generiques24.comRX-PartnersHOSTING CONCEPTS B.V.
unapharma.comRX-PartnersHOSTING CONCEPTS B.V. D/B/A OPENPROVIDER
fasttoslim.comRX-PartnersKEY-SYSTEMS GMBH
natural-excel.comRX-PartnersKEY-SYSTEMS GMBH
* top-pharmstore-online.comRX-PartnersNAMESBEYOND.COM AND GOODLUCKDOMAIN.COM
* world-online-pharmacy.comRX-PartnersNAMESBEYOND.COM AND GOODLUCKDOMAIN.COM
* best-online-ed-shop.comRX-PartnersNETWORK INFORMATION CENTER MEXICO, S. C.
* best-online-health-shop.comRX-PartnersNETWORK INFORMATION CENTER MEXICO, S. C.
* best-pills-solution.comRX-PartnersNETWORK INFORMATION CENTER MEXICO, S. C.
* best-remedy-online.comRX-PartnersNETWORK INFORMATION CENTER MEXICO, S. C.
goodchemist.netRX-PartnersNETWORK INFORMATION CENTER MEXICO, S. C.
* reliablegenericsnorx.comRX-PartnersNETWORK INFORMATION CENTER MEXICO, S. C.
* reliablemedsdelivery.comRX-PartnersNETWORK INFORMATION CENTER MEXICO, S. C.
fastdelivery-ph.comRX-PartnersNEUBOX INTERNET SA DE CV
2-day-meds.comRX-PartnersONLINENIC, INC.
low-cost-rx.comRX-PartnersONLINENIC, INC.
the-drug-store.comRX-PartnersONLINENIC, INC.
world-drug.comRX-PartnersONLINENIC, INC.
world-drug.netRX-PartnersONLINENIC, INC.
world-rx.netRX-PartnersONLINENIC, INC.
* bestguideonline.comRX-PartnersPAPAKI LTD
* feellingbetterprods.comRX-PartnersPAPAKI LTD
adderallonlinewithoutprescription.comRX-PartnersRU-CENTER
buyadipexonline.comRX-PartnersRU-CENTER
buycodeineonline.netRX-PartnersRU-CENTER
buyklonopin.comRX-PartnersRU-CENTER
buypercocetpharmacy.comRX-PartnersRU-CENTER
buyphentermineonlinewithoutrx.comRX-PartnersRU-CENTER
buyritalinonlinenorx.comRX-PartnersRU-CENTER
buyritalinpharmacy.comRX-PartnersRU-CENTER
buyvicodin.comRX-PartnersRU-CENTER
buyzaleplononline.comRX-PartnersRU-CENTER
buyzolpidemonline.netRX-PartnersRU-CENTER
onlineorderphentermine.comRX-PartnersRU-CENTER
onlinepropecia.netRX-PartnersRU-CENTER
phentermineontheweb.comRX-PartnersRU-CENTER
purchaseambienonline.comRX-PartnersRU-CENTER
purchasephentermineonline.comRX-PartnersRU-CENTER
soma-pharmacy.comRX-PartnersRU-CENTER
shopwithneededmeds.comRX-PartnersZNET TECHNOLOGIES PVT LTD.


These are available for rating on MyWOT and reporting to the registrars.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners

Postby Red Dwarf » Wed Mar 15, 2017 5:33 pm

Four sites taken down by ICE and Homeland Security Investigations

feellingbetterprods.com
your-health-solutions.com
bestmedsoffer.com
world-health-shop.com

All had Registrant Email: insuldrek@gmail.com, and either of 2 invalid phone numbers
Registrant Phone: +359.24916227
Registrant Phone: +0.24916227

Now they are on the same IP address http://74.81.170.110 - where the bad guys go
"Seized by ICE - Homeland Security Investigations"
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: RX-Partners

Postby Red Dwarf » Thu Mar 30, 2017 3:55 pm

RX-Partners and Trusted Tabs sites seized this month by ICE - Homeland Security Investigations (Updated Date: 15-mar-2017)

best-online-ed-shop.com
best-pills-solution.com
bestgenericsforyou.com
bestguideonline.com
bestguideonline.com
onlinepopularpills.com
onlinerxsolution.com
reliablegenericsnorx.com
trustedhealthmarket.com
trustedhealthmarket.com

They are all now on IP address 74.81.170.110
Their new name server is: NS1.SEIZEDSERVERS.COM
where the seizedservers.com domain is owned by

Registrar WHOIS Server: whois.corporatedomains.com
Registrar URL: http://www.cscprotectsbrands.com
Registrar: CSC CORPORATE DOMAINS, INC.
Registrar Abuse Contact Email: domainabuse@cscglobal.com
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Next

Return to Fight Spammers

Who is online

Users browsing this forum: Ahrefs and 1 guest

cron