Spam Alert
 
 Full Report: /My_Canadian_Pharmacy_spam186667.html
 
 Changed status to confirmed spam.

estraynil.com is one of the sites for the spam operation, "MyCanadianPharmacy." This site and its spam are violating US law:
* It offers medications which may not be dispensed without a prescription, including Provigil, and sometimes Valium, Meridia, Xanax and Ambien, which are federal contolled substances, without requiring any prescription. Xanax in particular has high street value. See /My_Canadian_Pharmacy_spam114.html for example of the expanded offerings in controlled substances on this site at the time of the first SIRT report for My Canadian Pharmacy.
* Its site advertises generic versions of drugs like Viagra which are still under patent protection. Therefore, any generics are by definition counterfeit.
* Its site includes "certificates" claiming endorsement from the Better Business Bureau, Verisign, Visa, The Canadian International Pharmacy Association, and PharmacyChecker. As noted by http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy , all of these claims are outright falsehoods and violations of these agencies' trademarks. See also the BBB alert at http://www.bbbmwo.ca/commonreport.html?bid=1134034
* It is not located in Canada anywhere anyone has been able to find it, and the address it lists for itself is a strip mall with no buildings resembling the one pictured on its website. It is not connected to the actual pharmacy mycanadianpharmacy.com . See also information collected on this operation at http://www.rickconner.net/spamweb/spam_drugs.html
* There is doubt whether they actually sell anything; the website may only be collecting credit card numbers.
* It violates US law by offering drugs for sale to US residents that they may not legally import from pharmacies outside the US, and it offers them for sale without prescription. See http://www.fda.gov/oc/buyonline/faqs.html
* It offers for sale to US residents drugs that have not been approved by the FDA for sale in the US, like rimonabant.
* Its site offers for sale antiepileptic medications like Neurontin, Depakote, Lamictal, Trileptal, Keppra, and Topamax. Given the documented fact that even when spamvertised pharmacies deliver medications, they are subpotent or completely inactive about half the time, well-controlled epileptics taking these pills could have seizures while driving, causing an accident that could kill or seriously injure themselves or others, or at very least, lead to loss of their drivers' licenses.
* Its site offers for sale anticancer agents like casodex and nolvadex. Again, even when spamvertised pharmacies deliver medications, they are subpotent or completely inactive about half the time. The first indication people taking these medications would have that they are taking inactive drug would be recurrence of their cancers.
* Its site offers for sale antibiotics like Levaquin, Amoxicillin, Augmentin, Cipro, Zithromax, and Suprax. As My Canadian Pharmacy does not even claim to offer overnight delivery, the only reason to order these drugs without prescription from a pharmacy that takes weeks to deliver (if it ever delivers at all), is to keep it at home "just in case." As most people are unaware that viral illnesses do not respond to antibiotics, are not aware of which organisms are most likely to cause which infections nor which antibiotics will cover those organisms, and do not have the ability to perform culture and sensitivity testing to confirm empiric treatment, this practice is highly likely to select for drug resistant organisms like CA-MRSA (community acquired methicillin resistant staphylococcus aureus, a particularly aggressive variety of staph that causes recurrent skin boils and has a 50% mortality when it causes pneumonia). As Cipro and Levaquin also have anti-tubercular activity, their use can select for drug resistant tuberculosis. Extended drug resistant mycobacterium tuberculosis (XDR-TB) is extracting nearly 100% mortality in South Africa at present.
* Its site offers for sale Coumadin, a narrow therapeutic index drug that requires very frequent blood testing to determing the correct dose, and continued monitoring to readjust dose due to interactions with food and other medications. The consequence of too much OR too little can be stroke or death.
* Its site offers for sale major antipsychotic medications like Seroquel, Abilify, and Risperdal. In addition to the fact that inactive drug could cause a patient to relapse, leading to consequences like loss of employment, even if these pills contain real medication and the correct quantity of real medication, they are only sold by prescription because patients taking them must be monitored for possible side effects like diabetes.
* Its site offers for sale the fertility medication clomid which carries the risk of multiple pregnancy, visual disturbances, and ovarian tumors, especially if used in excess.
* Their spam messages violate the CAN-SPAM act because they have forged "from" and "reply to" addresses, are sent from hijacked computers without the knowledge or permission of the owners, do not include valid information identifying who has sent the spam or how to opt out, and do not honor opt-out requests on their websites. Addresses are collected by bots spidering the internet for email addresses.
* Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") utilize hijacked Unix servers using the tirqd trojan. See:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
* In each case in which this reporter was able to contact the person named in the whois information in the domain registration of one of these sites, that person denied having any knowledge of his/her personal information being used to register any domains. Some victims had already been aware of fraudulent charges on their credit cards for domain registrations. See documentation at http://spamtrackers.eu/wiki/index.php?title=Fake_yambo_whois

Online prices for warfarin 5mg x 90 tabs (generic coumadin, a blood thinner) on 4/13/08:
Rite Aid (drugstore.com): US $35
CVS US $46
My Canadian Pharmacy US $227

The only reason for someone to order warfarin via an illegal pharmacy is to avoid having to see a doctor and get blood tests done to obtain a prescription. Warfarin is derived from a natural compound and has a complex metabolism and many food/drug interactions. Not only is there a very narrow range between the dose that prevents clots and the dose that causes excessive bleeding, the dose is different from person to person and even varies at different times for the same person. There is an extremely high risk of someone having complications like bleeding or strokes if he/she is not getting regular blood tests to check whether the dosage needs to be changed.
Consumed following related reports:

[186739] http://estraynil.com
[190540] http://estraynil.com/?page=xaxax&t=testimonials&ref=&cart
[190541] http://estraynil.com/?page=xaxax&t=description&ref=&cart
[190542] http://estraynil.com/?page=xaxax&ref=&cart
[190543] http://estraynil.com/?page=visa&interface=no
[190544] http://estraynil.com/?page=verisign&interface=no
[190545] http://estraynil.com/?page=valium&t=testimonials&ref=&cart
[190546] http://estraynil.com/?page=valium&t=description&ref=&cart
[190547] http://estraynil.com/?page=valium&ref=&cart
[190548] http://estraynil.com/?page=shipping&ref=&cart
[190549] http://estraynil.com/?page=rrc&ref=&cart
[190550] http://estraynil.com/?page=provigil&t=testimonials&ref=&cart
[190551] http://estraynil.com/?page=provigil&t=description&ref=&cart
[190552] http://estraynil.com/?page=privacy&ref=&cart
[190553] http://estraynil.com/?page=phonesupport&ref=&cart
[190554] http://estraynil.com/?page=pchecker&interface=no
[190555] http://estraynil.com/?page=nolvadex&t=description&ref=&cart
[190556] http://estraynil.com/?page=meridia&t=testimonials&ref=&cart
[190557] http://estraynil.com/?page=meridia&t=description&ref=&cart
[190558] http://estraynil.com/?page=meridia&ref=&cart
[190559] http://estraynil.com/?page=licence&interface=no
[190560] http://estraynil.com/?page=index
[190561] http://estraynil.com/?page=howto&ref=&cart
[190562] http://estraynil.com/?page=genericviagra&t=testimonials&ref=&cart
[190563] http://estraynil.com/?page=genericviagra&t=description&ref=&cart
[190564] http://estraynil.com/?page=genericviagra&ref=&cart
[190565] http://estraynil.com/?page=cservice&ref=&cart
[190566] http://estraynil.com/?page=contactus&ref=&cart
[190567] http://estraynil.com/?page=contactform&ref=&cart
[190568] http://estraynil.com/?page=clomid&t=testimonials&ref=&cart
[190569] http://estraynil.com/?page=clomid&t=description&ref=&cart
[190570] http://estraynil.com/?page=cipa&interface=no
[190571] http://estraynil.com/?page=bbbo&interface=no
[190572] http://estraynil.com/?page=antispam&ref=&cart
[190573] http://estraynil.com/?page=ambien&t=testimonials&ref=&cart
[190574] http://estraynil.com/?page=ambien&t=description&ref=&cart
[190575] http://estraynil.com/?page=ambien&ref=&cart
[190576] http://estraynil.com/?page=allproducts&type=women_s_health&ref=&cart
[190577] http://estraynil.com/?page=allproducts&type=weight_loss&ref=&cart
[190578] http://estraynil.com/?page=allproducts&type=pain_relief&ref=&cart
[190579] http://estraynil.com/?page=allproducts&type=men_s_health&ref=&cart
[190580] http://estraynil.com/?page=allproducts&type=general_health&ref=&cart
[190581] http://estraynil.com/?page=allproducts&type=blood_pressure_cholesterol&ref=&cart
[190582] http://estraynil.com/?page=allproducts&type=anti_herpes&ref=&cart
[190583] http://estraynil.com/?page=allproducts&type=anti_diabetic&ref=&cart
[190584] http://estraynil.com/?page=allproducts&type=anti_depressants&ref=&cart
[190585] http://estraynil.com/?page=allproducts&type=anti_biotics&ref=&cart
[190586] http://estraynil.com/?page=allproducts&type=anti_allergic_asthma&ref=&cart
[190587] http://estraynil.com/?page=allproducts&type=anti_acidity&ref=&cart=
[190588] http://estraynil.com/?page=allproducts&ref=&cart
[190589] http://estraynil.com/?page=afficon&ref=&cart
[190590] http://estraynil.com/?page=acomplia&t=order&ref=&cart
[190591] http://estraynil.com/?page=acomplia&t=description&ref=&cart
[190592] http://estraynil.com/?page=aboutus&ref=&cart

estraynil.com is located at IP address 59.44.59.141
but loads images from port 8080 of 79.135.167.10
http://79.135.167.10:8080/p/images/weship.jpg

Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") will often block traffic from IP addresses associated with legal, financial and antispam organizations as well as anyone who has visited more than one of their sites. It may be necessary to use a proxy to view the pages. In addition, nameservers will selectively refuse queries for certain domains not currently being spammed, and it is necessary to use traversal to see that the domains themselves are not suspended.

Nameservers:
Generated by www.DNSstuff.com at 03:00:25 GMT on 20 Jun 2008.
ns1.ganjazuc.com [136.145.55.9]
ns2.syapredicatory.ru [60.249.77.35]

Website domain and nameservers move frequently as is typical of hijacked hosts. In the past few days they have been observed at the following IP addresses:
estraynil.com A 59.44.59.141
estraynil.com A 200.31.83.82
estraynil.com A 200.171.178.11
ns1.ganjazuc.com A 83.15.82.74
ns1.ganjazuc.com A 136.145.55.9
ns1.ganjazuc.com A 202.127.45.235
ns1.ganjazuc.com A 209.88.103.12
ns1.ganjazuc.com A 210.47.0.50
ns2.syapredicatory.ru A 60.249.77.35
ns2.syapredicatory.ru A 222.190.111.100

SiteAdvisor review at http://www.siteadvisor.com/sites/estraynil.com

Spamhaus reports on these IP addresses:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59039 for 59.44.59.141
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64778 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64834 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64881 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65112 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64775 for 136.145.55.9
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60552 for 60.249.77.35

IP Converted: 59.44.59.141

dword = 992754573
hex1 = 0x3b2c3b8d
hex2 = 0x3b.0x2c.0x3b.0x8d
oct = 073.054.073.0215
View CIDR AS17799 Report: http://www.cidr-report.org/cgi-bin/as-report?as=17799

"17799 | CN | apnic | 2002-11-18 | CHINATELECOM-LN-AS-AP asn for Liaoning Provincial Net of CT"<br />
Extended information for AS17799:
State/Province:
Country: cn
Responsible Domain: chinanet.cn.net
Abuse Email: cncert@cert.org.cn
IP Converted: 79.135.167.10

dword = 1334290186
hex1 = 0x4f87a70a
hex2 = 0x4f.0x87.0xa7.0xa
oct = 0117.0207.0247.012
View CIDR AS9121 Report: http://www.cidr-report.org/cgi-bin/as-report?as=9121

"9121 | TR | ripencc | 1998-12-29 | TTNET TTnet Autonomous System"<br />
Extended information for AS9121:
State/Province:
Country: tr
Responsible Domain: telekom.gov.tr
Abuse Email: abuse@ttnet.net.tr
IP Converted: 136.145.55.9

dword = 2291218185
hex1 = 0x88913709
hex2 = 0x88.0x91.0x37.0x9
oct = 0210.0221.067.011
View CIDR AS5786 Report: http://www.cidr-report.org/cgi-bin/as-report?as=5786

"5786 | PR | arin | 1995-10-24 | UPRENET - University of Puerto Rico"<br />
Extended information for AS5786:
State/Province:
Country: us
Responsible Domain: upr1.upr.clu.edu
Abuse Email: postmaster@upr1.upr.clu.edu
IP Converted: 60.249.77.35

dword = 1022971171
hex1 = 0x3cf94d23
hex2 = 0x3c.0xf9.0x4d.0x23
oct = 074.0371.0115.043
View CIDR AS3462 Report: http://www.cidr-report.org/cgi-bin/as-report?as=3462

"3462 | TW | apnic | 2002-08-01 | HINET Data Communication Business Group"<br />
Extended information for AS3462:
State/Province:
Country: tw
Responsible Domain: hinet.net
Abuse Email: cracker@hinet.net


The domain estraynil.com is registered with false whois information.
The registrant's address is listed as Bayshore, Queensland, AU, but the postal code is Bayshore, New York, US. The phone number has an australian country code, but the rest of the number isn't valid for Australia -- but is the number listed for that address in NY on reverse lookup.


ISPs: Please assist your customers in identifying and disinfecting servers at the following addresses:

chinanet.cn.net
59.44.59.141

hinet.net
60.249.77.35

telekom.gov.tr
79.135.167.10

upr1.upr.clu.edu
136.145.55.9



Registrars: please suspend the following domains and nameservers. Please investigate the payment history as it was almost certainly fraudulent as well. Please forward evidence of fraudulent activity to law enforcement.

See domain suspension instructions at
http://www.spamtrackers.eu/wiki/index.php?title=Registrar_Advice
Hong Kong mirror:
香港 镜象地点
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_domain

(Removal of nameservers is here:
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_name_server_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_name_server_domain )

As the domains for the Yambo family of spamvertised websites (My Canadian Pharmacy, International Legal Rx Medications, Men+ Health, US Drug, VIP Pharmacy ("Viagra + Cialis"), and Canadian Health&Care Mall are uniformly registered with information obtained by identity theft and paid with fraudulent credit/debit card information, please suspend any other sites in this family that you become aware of.

domainpeople.com:
estraynil.com

naunet.ru
syapredicatory.ru
ns2.syapredicatory.ru [60.249.77.35]

dns.com.cn
edacitypur.com
ns1.edacitypur.com [210.51.171.72]
dicerreq.com
ns2.dicerreq.com [210.47.0.50]
guydefenseless.com
ns2.guydefenseless.com [41.207.125.18]
consuetuderir.com
ns1.consuetuderir.com [201.49.11.181]
tergiversationceq.com
ns2.tergiversationceq.com [83.15.82.74]
compaginationnej.com
ns1.compaginationnej.com [201.236.86.60]
serbicephalous.com
ns1.serbicephalous.com [210.47.0.50]
fowaffirmatively.com
ns2.fowaffirmatively.com [200.99.139.250]
ganjazuc.com
ns1.ganjazuc.com [136.145.55.9]


DomainPeople.com:

The following domains are registered with DomainPeople.com by the same spam organization and can be seen to even share the same image servers. In the case of pingboiler.com, the same pattern of disguising a US address as Australian in the domain registration was used.

deropujaba.com
bromentoled.com
ingsitilad.com
pingboiler.com

All times are GMT