Interpol conducts worldwide counterfeit drug raids

A compendium of news related to spammers, spam arrests, spam legislation, forum spamming, cybercrime and related issues.

Interpol conducts worldwide counterfeit drug raids

Postby spamislame » Fri May 23, 2014 12:52 pm

Interesting

http://www.examiner.com/article/interpo ... drug-raids

On March 22, a British regulatory organization, the Medicines and Healthcare Products Regulatory Agency (MHRA), announced that law enforcement agents conducted a 10-day (May 11 through May 21) worldwide crackdown on counterfeit drugs. During the Interpol-coordinated operation, 237 individuals were arrested. Counterfeit and unlicensed medicines worth $31.4 million were seized. In addition, the operation also involved 10,603 websites; the sites were either shuttered or suspended through having their domain name or payment facilities removed.


There was also a tv segment in Toronto about this that featured an interview with an Interpol officer.

The segment focused on purchasing from rogue pharmacy websites, and seemed to make an extra effort *not* to show which sites were used. They looked like EvaPharmacy sites from the selection of the drugs that was visible. (My guess, Canadian Health&Care Mall)

Good to see.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby NotBuyingIt » Fri May 23, 2014 2:04 pm

Examiner.com:
Among the fake drugs seized was a substantial number of diet erectile dysfunction medications, anabolic steroids, and diazepam (Valium).
diet erectile dysfunction medications ???

Wurst case of a missing comma that I've seen in a while.

[Edit: Add]
See "Pangea VII" on Interpol's website at
http://www.interpol.int/Crime-areas/Pha ... ion-Pangea
NotBuyingIt
Spammer Killing Machine
 
Posts: 612
Joined: Sun Jun 13, 2010 5:22 pm

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Sun May 25, 2014 4:11 pm

Pangea VII

Dates: 13-20 May 2014

Participating countries: 111

Participating agencies: 196

Results:

9.4 million fake and illicit medicines seized, including slimming pills, cancer medication, erectile dysfunction pills, cough and cold medication, anti-malarial, cholesterol medication and nutritional products;
Seizures worth nearly USD 36 million;
239 arrests;
1,235 investigations launched;
19,000 adverts for illicit pharmaceuticals removed from social media platforms;
More than 10,600 websites shut down.

(My emphasis added to the date and the total)

Was it really the combined efforts of all those agencies that resulted in over 10,600 websites being shut down?

Let's see how many I shut down. My publication date was May 16 2014, and posted on this site:
REGISTRARSUSPENDEDREPORTEDPCTPENDING
PSI-USA, INC / InterNetX1616176991153
TRUNKOZ TECHNOLOGIES156415641000
NETLYNX INC.1615213776522
NAMESILO LLC110711249817
DOMAINCONTEXT161516151000
EvoPlus Ltd.6876871000
KEY-SYSTEMS356362986
CLOUD GROUP LIMITED97971000
ABOVE.COM PTY LTD1681681000
UNITED-DOMAINS AG82821000
NIC.AT / AT.DOM1601601000
REGRU-REG-RIPN35351000
**Domain Silver Inc.** / CERT.PL77771000
NIC.UA74741000
PDR LTD.34341000
1API GmbH028028
NAUNET-REG-RIPN25579932544
BIZCN.COM, INC6947749080
HTTP.NET INTERNET GMBH2602611001
DATTATEC.COM21211000
MONIKER ONLINE SERVICES1720853
DOMAIN.COM1213921
NORDNET1314931
ARCTIC NAMES, INC.10101000
1&1 INTERNET AG991000
SILICONHOUSE.NET1011011000
TODAYNIC.COM, INC.9293120
------------------------------------
TOTALS10,68812,064891,376


So according to the press release dated 13-20 May 2014 the combined forces of all those operatives in Operation Pangea have brought about the shut down of over 10,600 web sites.

And according to my posting dated 16 May 2014, my own Operation Enough is Enough I have personally brought about the shut down of 10,688 web sites.

I leave it up to you to decide whether the Operation Pangea result is just a coincidence, or whether they are taking the credit for my operation as if it were part of their own.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby AlphaCentauri » Sun May 25, 2014 10:29 pm

Red Dwarf wrote:I leave it up to you to decide whether the Operation Pangea result is just a coincidence, or whether they are taking the credit for my operation as if it were part of their own.


I was hoping it meant they shut down 10,600 websites that were still in operation on the date of the raids. Surely there would have been a lot more than 10,600 if they were counting all of yours, too.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby vegetto576 » Tue Jun 17, 2014 5:20 pm

Hmm, Remade an account sorry if this ends up being a duplicate.

I am just hoping you give me in depth guide to how you are reporting these sites.

Normally I just report to the IP registrar, the domain registrar. I do this via email. But I am not having much luck with them responding.
vegetto576
New member
 
Posts: 4
Joined: Tue Jun 17, 2014 5:17 pm

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Sun Jun 22, 2014 12:35 am

The information that needs to be sent to the IP address owner, (the ISP), is as shown in
viewtopic.php?f=1&t=7337

The evidence of fraud for pharmacy domains is posted at http://www.spamtrackers.eu/wiki
Reports to registrars of the domain names are usually effective when they contain links to the evidence of illegal activity shown there.

Other evidence is seen in the press releases from the FBI, the Canadian International Pharmacy Association and the Department of Justice, for example
http://www.fda.gov/NewsEvents/Newsroom/ ... 358794.htm
http://www.cipa.com/fraudulent-sites/
http://scamfraudalert.org/2013/07/06/fd ... -pharmacy/

For the Russian "Eva Pharmacy" fraud operation, most ISPs and Registrars find that evidence sufficiently convincing that they take action.
The exceptions are in India and China who sometimes take action, and Russia, who rarely take any notice.

Registrar responsiveness is tracked at viewtopic.php?f=1&t=5905
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby vegetto576 » Sun Jun 22, 2014 5:29 pm

Red Dwarf wrote:The information that needs to be sent to the IP address owner, (the ISP), is as shown in
viewtopic.php?f=1&t=7337

The evidence of fraud for pharmacy domains is posted at http://www.spamtrackers.eu/wiki
Reports to registrars of the domain names are usually effective when they contain links to the evidence of illegal activity shown there.

Other evidence is seen in the press releases from the FBI, the Canadian International Pharmacy Association and the Department of Justice, for example
http://www.fda.gov/NewsEvents/Newsroom/ ... 358794.htm
http://www.cipa.com/fraudulent-sites/
http://scamfraudalert.org/2013/07/06/fd ... -pharmacy/

For the Russian "Eva Pharmacy" fraud operation, most ISPs and Registrars find that evidence sufficiently convincing that they take action.
The exceptions are in India and China who sometimes take action, and Russia, who rarely take any notice.

Registrar responsiveness is tracked at viewtopic.php?f=1&t=5905



Ok thanks, took a look at that link and I basically did those exact steps and gave all of the same information in my emails. I also filled out the abuse forms. But I have one other question.

What do you do when the registrar of the domain and the company that owns the IP the site is hosted on do nothing?
I have had a little luck with reporting sites for incorrect whois on ICAAN but other then that, I am kind of out of ideas
vegetto576
New member
 
Posts: 4
Joined: Tue Jun 17, 2014 5:17 pm

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Sun Jun 22, 2014 10:17 pm

The methods vary according to the registrar(for domains) and the ISP (for the IP addreses).

Post some examples of domains and registrars, IPs and ISPs, and I will take a look and try to advise how best to report them.

Generally speaking, the most effective targets in priority order would be -
    Domain name server (kills multiple domains)
    Scam/fraud domains
    IP addresses

The state of the art is that IP addresses are set up on a constant rotation basis. An IP hosting 1000 domains may be switched to other IPs several times a day, so taking down one has a minimal impact on the operation. These scammers just take it out of the rotation pool and carry on.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby vegetto576 » Tue Jun 24, 2014 4:39 pm

This is the main site I want taken down: ixjobs.net

I have reported the domain and IP to these people:
abuse@sprintdatacenter.pl
artur@e-ring.pl
info@e-ring.pl
ICANN
abuse@godaddy.com
phishing@godaddy.com

No luck with any of them.



Another: medicnhjet.ru
Sent to:
abuse@ip-pool.com
abuse@plusserver.de
ICANN
webcomplaints@ora.fda.gov
drugs@interpol.int

Lastly: garciniafatburn.com
Reported to:
ResellerID Form
yogie@ardhglobal.com
ndr@ardhglobal.com
security@powercomm.com
ip@powercomm.com
ip@lgpwc.com
hostmaster@nic.or.kr


Any advice you can provide will be beneficial!!
vegetto576
New member
 
Posts: 4
Joined: Tue Jun 17, 2014 5:17 pm

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Tue Jun 24, 2014 10:37 pm



registrar: REGRU-REG-RIPN
admin-contact: http://www.reg.ru/whois/admin_contact
(Unresponsive)
Evidence page
http://www.spamtrackers.eu/wiki/index.p ... acy_Expres

medicnhjet.ru has address 94.242.199.109
Please contact abuse@as5577.net

UPDATE June 27
94.242.199.109 traceroute shows the IP gets no further than the .as5577.net upstream
478 ms xe-0-3-1.r1.lon.iptransit.com [204.26.60.209]
396 ms te4-1.r2.lux.iptransit.com [199.59.206.134]
498 ms ic-root.lux.as5577.net [199.59.206.98]
* Request timed out.
* Request timed out.

But now, medicnhjet.ru has address 189.197.62.147
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby vegetto576 » Wed Jun 25, 2014 1:00 pm

Thanks for the above^

Just curious why did you say "medicnhjet.ru has address 94.242.199.109"
Doing a who.is on the domain shows me it is: 80.86.88.69

Any idea on the other 2 I mentioned?
vegetto576
New member
 
Posts: 4
Joined: Tue Jun 17, 2014 5:17 pm

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Wed Jun 25, 2014 5:42 pm

To get a world-wide view of what IP address a name resolves to, visit
http://cachecheck.opendns.com/
and key in the domain name. You should see results from many different geographical locations.

WHOIS does not give you any reliable result. It is designed to provide information about only the registrar and the registrant.

Another useful detailed analysis of the domain is at
http://www.dnsstuff.com/tools#dnsReport ... icnhjet.ru
It takes a few seconds to build the report, so be patient.

I will comment on the other two at a later time, because they are out of my area of attention at this time and I am a little busy.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Fri Jun 27, 2014 6:50 pm

vegetto576 wrote:This is the main site I want taken down: ixjobs.net

I have reported the domain and IP to these people:
abuse@sprintdatacenter.pl
artur@e-ring.pl
info@e-ring.pl
ICANN
abuse@godaddy.com
phishing@godaddy.com


ISP DETAILS
What is the IP:
>host -t ta ixjobs.net
ixjobs.net has address 46.22.166.160

ISP for that IP
netname: E-RING-NETWORK
descr: E-RING KRAKOW DATA CENTER
country: PL

person: Artur Grabowski
address: Slupsk
phone: +48 61 669 06 22
On Facebook: https://www.facebook.com/artur.grabowski.94801

What URLs have landed on that IP:
https://www.virustotal.com/en/ip-address/46.22.166.160/information/
2014-06-16 cdn.ixjobs.net
2014-06-05 nos.ixjobs.net
2014-06-13 t.ixjobs.net
2014-05-27 twitter.ixjobs.net
etc


REPUTATION SERVICES
Ratings on mywot for the domain name
https://www.mywot.com/en/scorecard/ixjobs.net
McAfee SiteAdvisor
http://www.siteadvisor.com/sites/IXJOBS.NET#reviewercommentssummary

REGISTRAR

Domain Name: IXJOBS.NET
Registrar: GODADDY.COM, LLC
Name Server: NS19.DOMAINCONTROL.COM
Name Server: NS20.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 21-apr-2014
Creation Date: 24-feb-2014
Expiration Date: 24-feb-2015

REGISTRANT
Registrant details from WHOIS:
Code: Select all
Registrant Name: Alexandru Iulian Florea
Registrant Organization:
Registrant Street: Str. Malva Nr. 3A Sector 3
Registrant City: Bucuresti
Registrant State/Province: RO
Registrant Postal Code: 74000
Registrant Country: Romania
Registrant Phone: +40.769278805
Registrant Email: thor.iulian@gmail.com


He has registered other domain names, either extinct or unused - eg FINEARTE.INFO which has a different (Russian) valid phone number ( Registrant Phone:+7.69278805 )
A list of his registrations can be seen at http://www.webboar.com/whois-email/dGhvci5pdWxpYW5AZ21haWwuY29t

EVIDENCE OF ILLEGAL ACTIVITY

The phone number rings. The address looks valid, because there is a 3 Strada Malva in Bucharest; although the exact postal code would be 030773 ( http://prefixe.ro/cauta_cod_postal-0.php/page=255 )

The registrant is mentioned at http://pastebin.com/PTMqby9K "Alexandru Iulian Florea - Romanian Spammer"
His Facebook page is unused at https://www.facebook.com/profile.php?id=100005028934348&sk=about

But where is there any convincing evidence that it is used for fraud, or breaks the registrar or ICANN terms of service?
http://cyberwarzone.com/aware-ixjobs-twitter-scam/
http://news.softpedia.com/news/Flappy-Bird-Fans-Targeted-by-Scammers-on-Twitter-426583.shtml
http://www.bloglovin.com/viewer?post=2906229801&group=0&frame_type=b&blog=3786644&frame=1&click=0&user=0

Formerly known as jobdeals.us and twitter.jobdeals.us - http://archive.today/5WKe8

GoDaddy have previously suspended one of his similar domains
Domain Name: SOCIALD-EALS.COM
Registrar: GoDaddy.com, LLC
Updated Date: 06-sep-2013
Creation Date: 14-aug-2013
Registrant Name: Alexandru Iulian Florea
Tech Email: thor.iulian@gmail.com
Name Server: NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
Name Server: NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM


That is the sort of information that might encourage GoDaddy to take action.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Fri Jun 27, 2014 7:54 pm

GARCINIAFATBURN.COM

Code: Select all
Domain Name: GARCINIAFATBURN.COM
Registrar: PT ARDH GLOBAL INDONESIA
Registrant Name: Auriville Laderoute
Registrant Organization: Auriville Laderoute
Registrant Street: 3902 Weston Rd
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M9N 1G4
Registrant Country: CA
Registrant Phone: +1.4162107432
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: rodimus@garciniafatburn.com


3902 Weston Road is in Toronto.
Postal Code: M9N 1G4 does not span that address.
Phone: +1.4162107432 does not exist.
Useful reference from a trusted source:
http://grahamcluley.com/2013/07/fake-bbc-diet-spam/

Go to https://forms.icann.org/en/resources/compliance/complaints/whois/inaccuracy-form
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: Interpol conducts worldwide counterfeit drug raids

Postby Red Dwarf » Thu Jun 16, 2016 5:43 pm

PANGEA IX was completed in the first week of June 2016

https://www.europol.europa.eu/content/online-sale-fake-medicines-and-products-targeted-operation-pangea-ix

Extract
Operation Pangea resulted in 393 arrests worldwide and the seizure of more than USD 53 million worth of potentially dangerous medicines. In addition, potentially life-threatening fake cancer medication, substandard HIV and diabetes testing kits, counterfeit dental equipment and illicit surgical equipment were seized.

Private partners from the internet and payment industries also supported the operation, which saw the suspension of 4932 websites selling illicit pharmaceuticals.

[...]

The operation also targeted the main areas exploited by organized crime in the illegal online medicine trade: rogue domain name registrars, electronic payment systems and delivery services. A further 700 investigations have now also been launched by national authorities worldwide with at least 40 cases directly linked to organized crime.


Good to see that domain names and rogue registrars are targeted. :-)

"which saw the suspension of 4932 websites"

I just did a tally of how many pharmacy sites were shut down at my instigation - 4800
You can see them at viewtopic.php?f=1&t=6222&start=420 onwards
and viewtopic.php?f=1&t=4894 through to viewtopic.php?f=1&t=4894&start=60
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am


Return to Spam In The News

Who is online

Users browsing this forum: No registered users and 3 guests