Description[]
Alias V.E.P. Virility Enlarge Pills, Power Gain+, MaxGain+, MaxGain, VPXL, Express Herbals, Elite Herbal, MaxHerbal, and Herbal King, MaxGentleman, Dr.MaXman among others, this is a highly spammed website. This is the product analyzed by the BBC's Simon Cox in a report on his radio show "The Investigation." bbc.co.uk: Super scam me, Dec. 13, 2007. The tablets Cox had analyzed as part of his investigation contained no active ingredients. (Since there is no product known to increase penis size in males who have reached sexual maturity, it hardly matters.)
Often the spam emails only contain domain names that redirect to a destination site, such as ebaygods.com, where victims are defrauded through sale and delivery (or sometimes nondelivery) of fake drugs, and appropriation of their personal details for use in future fraud.
MaxGain+ exploits many different methods of redirections to try to escape detection.
Geographical locations are India and Hong Kong.
Samples of the spam[]
ManXL[]
subject: Is yours Below 5 Innches Long?
Here's latest "ManXL" formula has been proven to add inches to the sizes while multiplying orgasms like never had before. Our products is light years ahead of our competitors which has millions of happy users. Check us out..You won't regret. http:(domain deleted by Spamwiki admin)
MegaDik[]
subject: To get the best possible results we recommend using the program for at least four months.
No, MegaDik Pills do not cause any known adverse side effects. http://ealyon.com [links to Elite Herbal]
Manster[]
subject: 60 Pills Of Manster = 1 Months Supply
When should you stop taking Manster Pills? http://dizimos.com [links to Elite Herbal]
Combination spam[]
This shows multiple different spam operations all linked together in the one spam
Add some inches fast, safe and effective as seen on NBC and prooven to work 100% ... http://csmo.net [links to Herbal King] Have you ever wished you ejaculate like a porn star? Now you can... http://chrk.net [links to Wondercum] Wish you could rock her world all night long? Now you can.. http://cdjw.net [links to Vigramax] Sounds like a dream? Turn that dream to reality with this personal device.. http://ctmay.com [links to Personal Pussy] If a relaxing moment turns into the right moment, will you be ready? http://minjkirrreat.com/ [links to ED Pill Store] Lose weight Fast! Certified 100% Pure South African Hoodia.. http://uacor.com (Hoodia Gordonii) Get $500 Free.. http://staunbrad.com/micro/7 [links to Mint Las Vegas]
Have you ever wished you ejaculate like a porn star? Now you can.. http://thonr.com [links to WonderCum] Add some inches fast, safe and effective as prooven on NBC Dateline to work 100% ... http://csmo.net [links to Herbal King] Did you ejaculate before or within a few minutes of penetration? Help is here... http://buoon.com [links to Extra Time] Wish you could rock her world all night long? Now you can.. http://cgide.com [links to Vigramax] If a relaxing moment turns into the right moment, will you be ready? http://ezurozven.com [links to ED Pill Store]
Subject: MegaDik.. do you have 10 inches? Maybe You want enlarge him
tracking code munged
This example contains both MegaDik and Manster references.
Dear victim@example.com
http://kazmway.com/w.php
Do you want Enlarge your Penis?
t Gain 3+ Inches In Length.
100% Money Back Guarantee.
t *3 FREE Bottles Of ManSter !!
http://kazmway.com/w.php
Thanks
Mary Anniston
victim@example.com wrote:
> > MegaDik.. do you have 10 inches? Maybe You want enlarge him
tracking code munged-
out me now
http://kazmway.com/w.php
History[]
The following announcement was published on an online forum to recruit new spammers:
Post Posted: Sun Apr 22, 2007 8:54 am Post subject: New RX pharmacy WE NOW have online pharmacy take a look ......ablepharmacy.com Payments are every Thursday like clockwork, no delays or arrays Our "Low Price Pharmacy Store" design sports a professional array of pharmaceuticals. This is definatly (sic) our top converting website. Other product: herbal fleshlight enlargement pills very popular sextoy hoodia cum pills msg me with a valid email for an account
The sample site quoted, ablepharmacy.com was registered by
person: Eduardo Macias organization: TOLMEN STAR ENTERPRISES LTD email: admin@querendamx.com address: Querenda No. 353, Fracc. Bosque Camelinas city: Michoacan postal-code: 58290 country: MX phone: +52.443655187
The registrar who accepted this criminal spammer's contract for domain name registration was
Domain Name: ABLEPHARMACY.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
To this day, this criminal spammer still uses many registered domains which are widely spammed. The registrar who is still accepting his contracts for registrations under the same registrant details is COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Other fake company names that are a "fingerprint" for these registrations include
- Chang Limited
- Black Network Inc
- Etty Productions Limited
- Gutierrez Ventures
- Liquid Ventures Inc
- Miura Promotions LLC
- Mohamed Ventures Limited
- Optin Media Inc
- Pump It Productions
- Tolmen Star Enterprises Ltd
- Tufa Corporation
- Xinyu Inc
- Zhou Ventures Ltd
Any registration from these false companies constitutes sufficient evidence for any law abiding registrar to suspend the domain.
- The registered domains may have a redirect to a central site, such as herbal-kings.net or aplusherbals.com or elite-herbals.com or ezherbals.com
- Typically the spammed domains are registered with CSL Computer Service LANGENBACH GMBH (www.joker.com)
- The name servers (eg ns1.b12dns.com ns2.b12dns.com ns3.b12dns.com ns1.sacodns.com ns2.sacodns.com ns1.centdns1.com ns2.centdns1.com ns1.maindns4.com ns2.maindns4.com ns1.gzrealm.com ns2.gzrealm.com) are registered with CSL (www.joker.com)
- The redirected domains herbal-kings.net aplusherbals.com elite-herbals.com ezherbals.com ezherbals.net are registered with CSL (www.joker.com)
MaxGain+ Domain Name: HINTEIRA.COM Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Name Server: NS1.NS-EARTHLING.COM Name Server: NS2.NS-EARTHLING.COM Billing Contact: Li Ming NO.38,YongFeng street,Tianchange City,Anhui Province Tianchange Anhui 239355 CN tel: 2400568 fax: 2400568 yayun22@163.com
Domain Name: ELITE-HERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.CENTDNS1.COM Name Server: NS2.CENTDNS1.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Jason Poon organization: Black Network INC
Domain Name: HERBAL-KINGS.NET Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.MAIN-DNS3.COM Name Server: NS2.MAIN-DNS3.COM Name Server: NS3.MAIN-DNS3.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Eduardo Macias organization: TOLMEN STAR ENTERPRISES LTD
Domain Name: APLUSHERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.MAINDNS4.COM Name Server: NS2.MAINDNS4.COM Name Server: NS3.MAINDNS4.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Eduardo Macias organization: TOLMEN STAR ENTERPRISES LTD
Domain Name: EZHERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.GZREALM.COM Name Server: NS2.GZREALM.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Jason Poon organization: Black Network INC
Domain Name: ACTIONHERBALS.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.GZREALM.COM Name Server: NS2.GZREALM.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited owner: Jason Poon organization: Black Network INC
Domain Name: TEXENMET.COM Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM Whois Server: whois.joker.com Referral URL: http://www.joker.com Name Server: NS1.JDNS2008.COM Name Server: NS2.JDNS2008.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited
Before and After Photos[]
Most of these sites attempt to convince visitors their products are effective by showing "before" and "after" photos of male genitalia.
Anyone with photo manipulation software can create realistic appearing photos of unrealistically large anatomy. That type of photo manipulation is commonly done for porn images. Men should not accept photographs as evidence that anyone with genitalia that size exist, let alone that they got that way from using one of these products.
An example based on a real image from one of these spamvertised sites is at
http://spamtrackers.eu/wiki/index.php/Image:Beforeafter.jpg
(image alert: this is an image of nude male genitalia)
How to Report this Spam[]
Generally, the most effective way to demand that registrars cancel their illegal contracts with criminals is to use the tool provided for Windows users at Complainterator.
If the registrar is CSL, however, be aware that they refuse to act on email complaints, so you can ignore the mandatory ICANN registered email address at info@nrw.net.
At www.joker.com click on Register. Become a registered client. Once registered, you can log in and fill out a complaint form.
- Register at www.joker.com
- Login as a registered user
- Select "Support/Contact"
- Select "Report spammers/phishing"
- Fill in the relevant CSL registered spammed domain or its name server
- Fill in the complaint with links to evidence
Note that you can generate the text of the complaint using Complainterator and copy/paste it into the web page.
Related Spams[]
See also PowerEnlarge, LNHSolutions, King Replicas relationships
- Herbal King
- Express Herbals
- Vigramax (vigramax.net)
- Hoodia Gordonii (leanwithhoodia.com)
- MaxHerbal
- VPXL see Canadian Healthcare
- MaxGain+
These
- use the same name servers
- are registered at the same time
- use the same registrar
- use the same redirection
Evidence
Registrations of all three types under same name servers, extracted from http://rss.uribl.com/ns/b12dns_com.html
# Domain Date/Time Added #1 aaopc.net Sun, 01 Apr 2007 05:10:16 +0000 #2 abaud.com Sat, 31 Mar 2007 21:09:50 +0000 #3 cifab.net Fri, 30 Mar 2007 08:44:00 +0000
#1 aaopc.net Wed, 21 Mar 2007 13:28:57 +0000 #2 ajsic.net Mon, 19 Mar 2007 10:44:03 +0000 #3 afhti.net Mon, 19 Mar 2007 10:42:28 +0000 #4 afloe.net Mon, 19 Mar 2007 09:54:31 +0000
#1 cgfile.net Mon, 19 Feb 2007 00:30:54 +0000 #2 brightboss.com Sun, 18 Feb 2007 22:41:54 +0000 #3 acmtc.net Sun, 18 Feb 2007 21:08:42 +0000 #4 ansign.net Sun, 18 Feb 2007 14:25:02 +0000 #5 calldoun.com Sun, 18 Feb 2007 14:24:06 +0000 #6 myane.net Sun, 18 Feb 2007 12:32:41 +0000 #7 aoam.net Sun, 18 Feb 2007 11:16:50 +0000 #8 alusan.net Sun, 18 Feb 2007 07:53:12 +0000 #9 aboyn.net Sun, 18 Feb 2007 05:39:16 +0000 #10 ndcuk.com Sun, 18 Feb 2007 01:39:47 +0000 #11 aaums.net Sat, 17 Feb 2007 22:49:27 +0000 #12 callatree.com Sat, 17 Feb 2007 14:25:17 +0000 #13 brianyzip.com Sat, 17 Feb 2007 11:08:00 +0000 #14 yurho.com Sat, 17 Feb 2007 08:15:35 +0000 #15 aaopc.net Fri, 16 Feb 2007 06:36:49 +0000
Also, registered on CSL Computer Service Langenbach GmbH aka joker.com, by TOLMEN STAR ENTERPRISES LTD, using name servers on bdns1.net or maindns4.com
|
|
[**] mysecurepay.net is used at check-out time to request the identity and credit card details. When you are on one of these pages and go to checkout, you find yourself on a mysecurepay.net page using https. But when you look down at the bottom of the page, guess what you see?
Copyright © 2001-2007, Herbal King Inc. Another example of linkages between different families of spammed sites: name servers ns1.gzrealm.com and ns2.gzrealm.com registered with CSL Computer Service Langenbach GmbH control access to
That ties them all together. Spamhaus has similar details with the same findings |
Other name servers used by the same family include
- ns1.masterkeydns1.com ns2.masterkeydns1.com [ClientHold]
- ns1.master22.com ns2.master22.com [on hold]
- ns1.master67.com ns2.master67.com
- ns1.ceechongsu.com ns2.ceechongsu.com
- ns1.chechiewaz.com ns2.chechiewaz.com
- ns1.chechiewaz2.com ns2.chechiewaz2.com
- ns1.chechiewaz67.com ns2.chechiewaz67.com Beijing Innovative Linkage Technology
Redirection web sites belonging to this family and resolved by those name servers include
- a1-herbals.com [ClientHold - removed]
- herbalonez.com Beijing Innovative Linkage Technology
- allrxonline.net [ClientHold - removed]
- fastedstore.com CSL Computer Service / joker.com
- vigramax-pills.com CSL Computer Service / joker.com
- xtrasize-plus.com Beijing Innovative Linkage Technology
- ewondercum.net CSL Computer Service / joker.com
- elitereplicas.biz CSL Computer Service / joker.com
The same name servers resolve domains that land on
- Herbal King aka Elite Herbals aka Express Herbals
- Pharma Shop
- Reliable Pharmacy
- SwissWatchesDirect
- NaturaSlim Hoodia
- Online Replica Collection,handbags,Watches,shoes,pens..
Redirections[]
As at February 2008
Target site of many spammed site redirections. The current formula is a redirection based on the first character to the subdomain name:
- a*.domain.tld: pdandotherb.com (shut down)
- b*.domain.tld: ageshell.com (Canadian Pharmacy)
- c*.domain.tld: wehelpyounow.com/clothes/ (shut down)
- d*.domain.tld: wehelpyounow.com/freepenispill/ (shut down)
- g*.domain.tld: fqa34s2.com (US Pharmacy)
- h*.domain.tld: diet350.info (100% Pure Hoodia Gordonii Pills)
- i*.domain.tld: iakospro.com (VPXL) affiliate ID 2515592000
- k*.domain.tld: ideaexciting.com (US Pharmacy)
- p*.domain.tld: iakospro.com (VPXL) affiliate ID 2515592000
- r*.domain.tld: keogbw.net (SwissWatchesDirect)
- s*.domain.tld: parpower.com (VPXL) affiliate ID 2515592000
- t*.domain.tld: flutteoi.com (Replica Store) affiliate ID 3508239664
- v*.domain.tld: wehelpyounow.com/vm/ (shut down)
Before February 2008
Spammed sites:
- bbdw.knshallwe.com
- bzvun.knshallwe.com
- bhcisf.knshallwe.com
- dqpl.knshallwe.com
- djtwd.knshallwe.com
- kpwi.knshallwe.com
- kmfvnu.knshallwe.com
- kkjsp.knshallwe.com
- rhlybg.knshallwe.com
- rxtm.knshallwe.com
- rutdkl.knshallwe.com
This one domain redirects to multiple different scams.
- Prefix letter A = Elite Herbals on saverxp.org which was not operational from Sept 2007. In December it redirected to samolsen.com
- Prefix letter B = Reliable Pharmacy redirected to onlinequalitypills.com [Beijing dns.com.cn], subsequently to jumewa.com - Global Pharmacy
- Prefix letter C = redirected to hoodiastoresale.com - Naturaslim Hoodia - 100% Pure Hoodia Gordonii Diet Pills , subsequently to Dolce & Gabbana .. Designer Fashion Clothing
- Prefix letter D = Herbal King redirected to samsege.com [CSL / Joker], subsequently to wehelpyounow.com/freepenispill/ - ManXL
- Prefix letter K = Pharma Shop redirected to r2.rx-shop.biz subsequently to r2.pharm-shop.biz [GMO INTERNET]
- Prefix letter R = SwissWatchesDirect redirected to einison.net or pornogh.net or azfuek.net [INTERNET.BS CORP]
- Prefix letter S = Wondercum redirected to fozip.com subsequently to parpower.com
- Prefix letter T = redirected to getthasteppin.com which was not operational as at Sept 2007, subsequently in December to wehelpyounow.com/su/ SizeUp.
- Prefix letter V = redirected to wehelpyounow.com/vm/ Vigramax
The switching is achieved on a redirector that announces itself upon connection thus
HTTP/1.1 302 Found Date: Tue, 03 Dec 2007 20:17:21 GMT Server: Apache/2.0.59 (FreeBSD) PHP/4.4.7 with Suhosin-Patch X-Powered-By: PHP/4.4.7
and a redirection in the form
Location: http://wehelpyounow.com/su/
Sponsor Organization[]
SanCash (in early 2008 known as "Etranzmu", the underground sponsor affiliate program related to GenBucks) is the sponsor organization behind this type of site. They pay spammers to promote it, and they don't shut down illegal spammers.