A global spam termination operation launched by CastleCops, the volunteer SIRT Squad is comprised of folks who report spam, investigate spam, and actively work on spam takedown and termination. SIRT is funded by CastleCops. Become a SIRT Squad terminator by reporting spam today!
AlphaCentauri: ixflintere.com is one of the sites for the spam operation, "Canadian Health&Care Mall." This site and its
spam are violating US law:
* It offers medications which may not be dispensed without a prescription, sometimes including Provigil and sometimes
Valium, which are federal contolled substances, without requiring any prescription.
* Its site advertises generic versions of drugs like Viagra which are still under patent protection. Therefore, any
generics are by definition counterfeit.
* Its site includes "certificates" claiming endorsement from Verisign, The "Canadian Pharmaceutical
Association," The American Food and Drug Administration, and the "American Consumers Organization." All
of these claims are outright falsehoods and violations of these agencies' trademarks in those cases in which such an
organization actually exists. See also the BBB alert at http://www.bbbmwo.ca/commonreport.html?bid=1134034 regarding
sister site My Canadian Pharmacy.
* Viewing satellite photos of the addresses it gives for the locations of its offices in Ontario and Louisiana show
residential areas with no evidence of the existence of large buildings like those pictured on the "contact us"
page of their website. The location of the warehouse in New Delhi, India is not precise enough for Google Maps to locate
it and may be a nonexistent address. See http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall .
* The site displays a forged pharmacy license claiming to be issued by the state of Minnesota, USA. See
http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall for a response from the Executive Director of
the Minnesota Board of Pharmacy confirming that this is a forgery.
* It presents photos of people it claims are the physicians and pharmacists running their operation. At least some of
these photos have been identified as stock photos from gettyimages.com. See
http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall#Fake_Doctors
* There is doubt whether they actually sell anything; the website may only be collecting credit card numbers.
* It violates US law by offering drugs for sale to US residents that they may not legally import from pharmacies outside
the US, and it offers them for sale without prescription. See http://www.fda.gov/oc/buyonline/faqs.html
* It offers for sale to US residents drugs that have not been approved by the FDA for sale in the US, like
rimonabant.
* Its site offers for sale antiepileptic medications like Neurontin, Depakote, Lamictal, Trileptal, Keppra, and Topamax.
Given the documented fact that even when spamvertised pharmacies deliver medications, they are subpotent or completely
inactive about half the time, well-controlled epileptics taking these pills could have seizures while driving, causing
an accident that could kill or seriously injure themselves or others, or at very least, lead to loss of their drivers'
licenses.
* Its site offers for sale anticancer agents like casodex and nolvadex. Again, even when spamvertised pharmacies deliver
medications, they are subpotent or completely inactive about half the time. The first indication people taking these
medications would have that they are taking inactive drug would be recurrence of their cancers.
* Its site offers for sale antibiotics like Levaquin, Amoxicillin, Augmentin, Cipro, Zithromax, and Suprax. As Canadian
Health&Care Mall does not even claim to offer overnight delivery, the only reason to order these drugs without
prescription from a pharmacy that takes weeks to deliver (if it ever delivers at all), is to keep it at home "just
in case." As most people are unaware that viral illnesses do not respond to antibiotics, are not aware of which
organisms are most likely to cause which infections nor which antibiotics will cover those organisms, and do not have
the ability to perform culture and sensitivity testing to confirm empiric treatment, this practice is highly likely to
select for drug resistant organisms like CA-MRSA (community acquired methicillin resistant staphylococcus aureus, a
particularly aggressive variety of staph that causes recurrent skin boils and has a 50% mortality when it causes
pneumonia). As Cipro and Levaquin also have anti-tubercular activity, their use can select for drug resistant
tuberculosis. Extended drug resistant mycobacterium tuberculosis (XDR-TB) is extracting nearly 100% mortality in South
Africa at present.
* Its site offers for sale Coumadin, a narrow therapeutic index drug that requires very frequent blood testing to
determing the correct dose, and continued monitoring to readjust dose due to interactions with food and other
medications. The consequence of too much OR too little can be stroke or death.
* Its site offers for sale major antipsychotic medications like Seroquel, Abilify, and Risperdal. In addition to the
fact that inactive drug could cause a patient to relapse, leading to consequences like loss of employment, even if these
pills contain real medication and the correct quantity of real medication, they are only sold by prescription because
patients taking them must be monitored for possible side effects like diabetes.
* Its site offers for sale the fertility medication clomid which carries the risk of multiple pregnancy, visual
disturbances, and ovarian tumors, especially if used in excess.
* Their spam messages violate the CAN-SPAM act because they have forged "from" and "reply to"
addresses, are sent from hijacked computers without the knowledge or permission of the owners, do not include valid
information identifying who has sent the spam or how to opt out, and do not honor opt-out requests on their websites.
Addresses are collected by bots spidering the internet for email addresses.
* Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall,
Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") utilize hijacked Unix servers using the tirqd trojan.
See:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
* In each case in which this reporter was able to contact the person named in the whois information in the domain
registration of one of these sites, that person denied having any knowledge of his/her personal information being used
to register any domains. Some victims had already been aware of fraudulent charges on their credit cards for domain
registrations. See documentation at http://spamtrackers.eu/wiki/index.php?title=Fake_yambo_whois . In this case I spoke
with the person whose name is used, and she confirmed she did not register the domain name.
* Spamwiki entry: http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall . SiteAdvisor reviews at
http://www.siteadvisor.com/sites/ixflintere.com
ixflintere.com is located at IP address 218.3.160.2
but loads images from port 8080 of 79.135.167.10
http://79.135.167.10:8080/e/ch/images/theme.jpg
The following other previously used hijacked servers continue to have the images for these sites as well:
http://58.241.87.130:8080/e/ch/images/theme.jpg
http://84.253.77.6:8080/e/ch/images/theme.jpg
http://194.67.66.10:8080/e/ch/images/theme.jpg
AlphaCentauri: Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+
Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") will often block traffic from IP addresses associated with
legal, financial and antispam organizations as well as anyone who has visited more than one of their sites. It may be
necessary to use a proxy to view the pages. In addition, nameservers will selectively refuse queries for certain domains
not currently being spammed, and it is necessary to use traversal to see that the domains themselves are not
suspended.
Nameservers:
Generated by www.DNSstuff.com at 05:00:28 GMT on 11 May 2008.
ns2.werfaintish.com [203.174.60.37]
ns1.noparborescent.com [200.204.142.53]
ns2.samnout.info [203.174.60.37]
ns1.betamarop.com [121.121.121.121]
Spamhaus information on these IP addresses:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56016 for 218.3.160.2
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62483 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63639 for 203.174.60.37
AlphaCentauri: Extended information for AS9534:
State/Province:
Country: my
Responsible Domain: maxis.net.my
Abuse Email: tony@maxis.net.my
Handler Note: 11 May, 2008 06:44:57
AlphaCentauri: ISPs: Please assist your customers in identifying and disinfecting
servers at the following addresses:
chinanet.cn.net
218.3.160.2
cnc-noc.net
58.241.87.130
maxis.net.my
121.121.121.121
ntt.ru
84.253.77.6
radio-msu.net
194.67.66.10
telekom.gov.tr
79.135.167.10
telesp.com.br
200.204.142.53
wharftt.com
203.174.60.37
Registrars: please suspend the following domains and nameservers. Please
investigate the payment history as it was almost certainly fraudulent as
well. Please forward evidence of fraudulent activity to law enforcement.
See domain suspension instructions at
http://www.spamtrackers.eu/wiki/index.php?title=Registrar_Advice
Hong Kong mirror:
香港 镜象地点
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_domain
(Removal of nameservers is here:
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_name_server_doma
in
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_name_server_d
omain )
As the domains for the Yambo family of spamvertised websites (My
Canadian Pharmacy, International Legal Rx Medications, Men+ Health, US
Drug, VIP Pharmacy ("Viagra + Cialis"), and Canadian Health&Care Mall
are uniformly registered with information obtained by identity theft and
paid with fraudulent credit/debit card information, please suspend any
other sites in this family that you become aware of.
