IP Blocking

Spammers should not profit, so post information here that hits their pockets. There are many ways to fight spammers, and we have automation tools to combat them efficiently. These forums are moderated, but do not reflect the views of the hosting company, domain registrar, etc. By entering any of these forums, you agree that you cannot hold anyone liable for anything related in any way to these forums.

IP Blocking

Postby Red Dwarf » Thu Aug 13, 2015 5:23 pm

Pharmacy fraud domains like Eva Pharmacy have been developing methods to counter suspensions.

Already we know that they have a firewall application that blocks certain IP addresses, such as law enforcement, DEA, FDA, FBI, pharmaceutical companies, credit card companies and even vigilantes.

More recently they have been blocking their sites from known public proxy addresses. It is getting to the point where few victims of their fraud can load their sites.

Some registrars are not prepared to suspend their domains if they can't verify the domain by loading and viewing the brand. And when their IPs are blocked, together with their proxies, the web sites survive.

I will put up a set of example domains, registered on Key-Systems in Germany. Can anyone successfully load any of these? If so, could you screen capture the top corner of the screen, and upload it to a file hosting site. Here is an example, stored at tinyupload.com
http://s000.tinyupload.com/?file_id=972 ... 8799624505

dropbox.com would be a good alternative.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10518
Joined: Tue Jun 27, 2006 2:01 am

Re: IP Blocking

Postby Red Dwarf » Thu Aug 13, 2015 5:28 pm

bztkrgfu.nl
dtadatim.nl
hotherbstore.be
naturaltabletdealdirect.eu (done)
safemedicaldeal.be
wlcvbabw.nl
yourdrugelement.eu
organicmedsmarket.eu
thedrugcompanystore.nl
trustedcuringdeal.be
medicinalsafedeal.nl
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10518
Joined: Tue Jun 27, 2006 2:01 am

Re: IP Blocking

Postby NotBuyingIt » Fri Aug 14, 2015 1:00 pm

NotBuyingIt
Spammer Killing Machine
 
Posts: 612
Joined: Sun Jun 13, 2010 5:22 pm

Re: IP Blocking

Postby Red Dwarf » Fri Aug 14, 2015 8:09 pm

Thanks. I managed to load all the currently live ones - 18 of them - eventually, after trying various proxies.

Code: Select all
bztkrgfu.nl
curativemedsquality.nl
dtadatim.nl
firstcareprogram.nl
hotherbstore.be
medicinalsafedeal.nl
naturaltabletdealdirect.eu
onlinedrugsdeal.nl
organicbestmarket.nl
organicmedsmarket.eu
safemedicaldeal.be
thedrugcompanystore.nl
thenaturalquality.eu
thewelnessvalue.nl
trustedcuringdeal.be
urucscpi.nl
wlcvbabw.nl
yourdrugelement.eu


You can download it from address: http://s000.tinyupload.com/?file_id=707 ... 5856169311
You can download it from address: http://s000.tinyupload.com/?file_id=094 ... 7502454056
You can download it from address: http://s000.tinyupload.com/?file_id=502 ... 8838953399
You can download it from address: http://s000.tinyupload.com/?file_id=663 ... 5693363023
You can download it from address: http://s000.tinyupload.com/?file_id=001 ... 4318224351
You can download it from address: http://s000.tinyupload.com/?file_id=756 ... 3450555947
You can download it from address: http://s000.tinyupload.com/?file_id=078 ... 5675598390
You can download it from address: http://s000.tinyupload.com/?file_id=317 ... 2545188415
You can download it from address: http://s000.tinyupload.com/?file_id=007 ... 4527011564
You can download it from address: http://s000.tinyupload.com/?file_id=172 ... 4025944021
You can download it from address: http://s000.tinyupload.com/?file_id=005 ... 5558891961
You can download it from address: http://s000.tinyupload.com/?file_id=957 ... 2687877775
You can download it from address: http://s000.tinyupload.com/?file_id=061 ... 2759244459
You can download it from address: http://s000.tinyupload.com/?file_id=073 ... 9465632225
You can download it from address: http://s000.tinyupload.com/?file_id=186 ... 6840662896
You can download it from address: http://s000.tinyupload.com/?file_id=739 ... 1474652112
You can download it from address: http://s000.tinyupload.com/?file_id=228 ... 4881938115
You can download it from address: http://s000.tinyupload.com/?file_id=219 ... 8885386567

Timestamp
You can download it from address: http://s000.tinyupload.com/?file_id=021 ... 4493278041
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10518
Joined: Tue Jun 27, 2006 2:01 am

Re: IP Blocking

Postby Jim_P » Sun Dec 13, 2015 7:41 pm

The last couple of days I have been getting a lot of spam that Spamcop rejects because of header problems. Are spammers getting too smart?

Makes no difference if I forward with headers or use CTL U A C W.
My good email does have full headers

-------- Forwarded Message --------
From: 24 2015 <>
X-Account-Key: account21
X-UIDL: GmailId1519d69df893ba87
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
From: chas@535.com
To: x
Subject: Discount Software
Date: Sun, 13 Dec 2015 17:15:39 -0500
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3563.918

We sell industry leading software at the lowest prices(90% discount),
with free fast shipping!

Windows 10 32/64-Bit DVD version - 11.99$
Microsoft Office Professional Plus 2015 - 12.99$
Apple Mac OS X 10.7 Lion - 14.99$
and more...

Mail to order: chas@535.com or just click Reply.
User avatar
Jim_P
Spammer Killing Machine
 
Posts: 684
Joined: Sun Jun 01, 2008 4:59 pm

Re: IP Blocking

Postby Nodus » Mon Dec 14, 2015 3:25 pm

The most crucial "Received" headers seem to be missing. Without those Spamcop can't detect the originating IP address. But spammers can't avoid those headers to be attached, as they are added by each mail server through which the mail travels to you.

I'm also getting a lot of those same joe jobs, but haven't seen any without "Received" headers (basically there even can't be an email without one), and Spamcop is accepting them just fine. You seem to be using Gmail, could it be a problem with them? I wouldn't be surprised if they had just begun to filter out some "useless" headers...
Arf, she said
User avatar
Nodus
Spammer Obliterator
 
Posts: 2286
Joined: Fri Jun 15, 2007 7:05 pm

Re: IP Blocking

Postby Jim_P » Thu Dec 17, 2015 9:06 am

I do not think my problem was gmail. I find it is happening on all hotmail (msn) email addresses only. The hotmail is POP into Windows Live Mail 2012 (Windows 7 64).

I believe this might be my problem. Windows Live Mail 2012 patch KB 3093594. I got an email on all my MSN accounts last week to install this update due to changes taken place in WLM. I backed up from Dec 1 2015 on my two PCs and problem went away. Since WLM is a dieing old horse I have now eliminated popping MSN mail into it. Maybe I picked up some malware at about the same time but on two PCs?

The reason I was using WLM is it would pop all MSN folders (and other email providers) and just not the inbox and and give me a summary folder of all email plus a folder for each email address.

See http://windowssecrets.com/forums/showth ... p-using-it
It does not address problem I was having but?

Hopefully I am all set.
User avatar
Jim_P
Spammer Killing Machine
 
Posts: 684
Joined: Sun Jun 01, 2008 4:59 pm


Return to Fight Spammers

Who is online

Users browsing this forum: Yandex [Bot] and 1 guest

cron