PublicDomainRegistry aka PDR[edit | edit source]

PublicDomainRegistry' is a registrar in India.

PDR.jpg

Description of the Registrar[edit | edit source]

PublicDomainRegistry is a global leader in providing Domain Registration Services and is ranked amongst the fastest growing ICANN Accredited Registrars worldwide. Our services are made available through our global network of Partners.

PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM is a wholly-owned subsidiary of Endurance International Group Holdings, Inc.

Our Corporate Officers:

  • Hari Ravichandran, President
  • David Bryson, Secretary
  • Tivanka Ellawala, Treasurer
  • Timothy S. Mathews, Chief Accounting Officer

Hari Ravichandran

David Bryson

Tivanka Ellawala

Anti-Fraud Position[edit | edit source]

Processes for handling abuse complaints for inaccurate whois, spam, fraud are at http://publicdomainregistry.com/process-for-handling-abuse/

Official Position[edit | edit source]

Actual Behavior[edit | edit source]

Registrar responsiveness[edit source]

Showing all registrars including R01.RU LiveSite2014.jpg

Showing all registrars excluding R01.RU LiveMinors.jpg

Piechart showing the crime sponsoring contribution by each registrar.

RegPie.jpg

The comparison between this registrar and others can be seen on the graphs.

It shows how many domains have not been suspended by various registrars over the past year. The higher the column, the more domains are sponsored by the registrar.

Currently the most abused registrar is Russia's R01.ru. This registrar sponsors the vast majority (often over 60%) of the fraud domains used within the Eva Pharmacy group.

The second most abused registrar is Russia's REG.RU REG.RU at over 25%

The next most abused registrar is GKG GKG at 4%.

The next most abused registrar is The Netherlands' Hosting Concepts aka OpenProvider at 3%.

These are followed by Russia's ARDIS, India's PublicDomainRegistry PDR, China's CNOBIN, Canada's Tucows, and Pakistan's PakNIC.


Outside of Russia, most registrars have been quick to terminate the service contracts with these cyber-criminals upon seeing the obvious evidence of fraud.



Examples of domains used for fraud[edit | edit source]

These domains were tested on September 16, 2016 and were found to be live. Each heading links to evidence that the domain is being used for fraud.

See also PDR_list

Canadian Neighbor Pharmacy[edit | edit source]

goodmedstrade.click
mygenericsmart.link

CanadianPharmacy[edit | edit source]

secureaidshop.link

MyCanadianPharmacy[edit | edit source]

connitheresina.club
doloritasjuditha.club

RxExpressOnline[edit | edit source]

agatheedithe.club
ailahelyn.club
arliediahann.club
aureliebarbabra.club
carlinetabbi.club
chandadelinda.club
clemmyshelby.club
corneliajere.club
darbieblisse.club
delphiniacorissa.club
yettahelga.club

RxMeds[edit | edit source]

annisbarrie.club
bekkihelyn.club
dotevita.club

Toronto Drugstore[edit | edit source]

remedialrxmarket.work


Suspended Domains[edit | edit source]

Canadian Health&Care Mall[edit | edit source]

akiorncx.com (suspended)
healingbestmarket.com (suspended)

CanadianPharmacy[edit | edit source]

herbalhotsale.com (suspended)
thepillvalue.com (suspended)
yourherbsupply.com (suspended)

Men's Health[edit | edit source]

familygenericsshop.com (suspended)

My Canadian Pharmacy[edit | edit source]

genericmedsservice.com

US Drugs[edit | edit source]

theremedymarket.com (suspended)

Common IP addresses[edit source]

A quick way to verify these sites is to examine the hosting addresses. Note that * items have been removed. Many compromised hosts used for this operation during September 2020 - May 2021 were located at these IPs.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Live
----
5.101.140.77 5.188.211.29 37.46.135.24 45.67.116.219 45.131.83.10
51.89.151.227 80.233.134.248 95.31.40.41 95.165.27.205 95.165.145.236
95.165.149.124 103.9.158.67 103.28.149.174 103.56.148.90 103.83.192.109
103.92.25.124 103.117.141.163 103.117.141.184 103.121.91.117 103.126.6.161
103.146.23.100 103.147.153.123 103.228.114.93 103.236.150.106 103.236.201.228
159.148.187.6 171.244.143.163 176.123.9.67 178.239.177.183 185.24.232.118
185.130.206.6 194.5.179.140 202.145.2.67 209.127.28.5


Removed
----------
5.187.52.10* 5.187.52.9* 5.253.62.111* 31.200.247.37* 45.119.41.11*
45.119.41.12* 45.119.41.14* 45.125.65.102* 45.125.65.59* 45.86.163.7*
79.172.193.55* 79.172.193.56* 79.172.193.57* 79.172.193.58* 80.233.134.249*
82.199.101.248* 82.199.104.3* 84.15.139.143* 84.200.77.180* 85.254.72.7*
85.254.72.8* 85.254.72.9* 87.120.253.207* 87.120.253.209*
89.105.221.81* 89.105.221.82* 89.105.221.83* 94.152.214.31* 95.84.156.191*
95.165.27.205 103.86.48.69* 112.78.10.214* 119.59.123.55* 130.185.72.89*
141.98.10.137* 141.98.10.142* 146.247.49.105* 159.148.186.165* 159.148.186.238*
178.255.40.234* 179.43.149.28* 185.128.43.18* 185.128.43.20* 185.128.43.21*
185.128.43.22* 185.128.43.54* 185.140.249.133* 185.24.232.74* 185.24.232.76*
212.34.158.133* 212.34.158.134*

Where to contact the compromised hosting ISP:

Abuse contact for '5.2.88.0 - 5.2.89.255' is 'alvaro.montero@ipcore.com'
Abuse contact for '5.45.80.0 - 5.45.83.255' is 'abuse@ispiria.net'
Abuse contact for '5.101.140.64 - 5.101.140.95' is 'abuse@ukservers.com'
Abuse contact for '5.181.158.0 - 5.181.158.255' is 'abuse@mivocloud.com'
Abuse contact for '5.133.8.0 - 5.133.15.255' is 'abuse@artnet.pl'
Abuse contact for '5.187.48.0 - 5.187.55.255' is 'abuse@artnet.pl'
Abuse contact for '5.188.211.0 - 5.188.211.255' is 'abuse@pindc.ru'
Abuse contact for '5.253.60.0 - 5.253.63.255' is 'abuseto@adminvps.ru' (Removed)
Abuse contact for '27.124.80.0 - 27.124.95.255' is 'abuse@medialink.net.id'
Abuse contact for '31.200.247.0 - 31.200.247.255' is 'ripe@unelink.com'
Abuse contact for '37.46.132.0 - 37.46.135.255' is 'abuse@abusehost.ru'
Abuse contact for '45.67.116.0 - 45.67.116.255' is 'abuse@itns.md'
Abuse contact for '45.86.163.0 - 45.86.163.255' is 'support@crowncloud.net'
Abuse contact for '45.125.65.0 - 45.125.65.255' is 'abuse@tele-asia.net'
Abuse contact for '45.131.83.0 - 45.131.83.255' is 'abuse@sered.net'
Abuse contact for '51.89.148.0 - 51.89.151.255' is 'abuse@ovh.net'
Abuse contact for '79.172.193.0 - 79.172.193.255' is 'abuse@deninet.hu' (Removed)
Abuse contact for '80.233.134.0 - 80.233.134.255' is 'abuse@telia.lv'
Abuse contact for '82.199.104.0 - 82.199.107.254' is 'abuse@seven-sky.net'
Abuse contact for '84.15.136.0 - 84.15.143.255' is 'abuse@bi.lt'
Abuse contact for '84.200.77.0 - 84.200.77.255' is 'abuse@accelerated.de' (Removed)
Abuse contact for '85.254.72.0 - 85.254.72.255' is 'support@serveria.com'
Abuse contact for '87.120.253.0 - 87.120.253.255' is 'abuse@neterra.net'
Abuse contact for '89.105.192.0 - 89.105.223.255' is 'abusedesk@novoserve.com'
Abuse contact for '89.222.128.0 - 89.222.131.255' is 'abuse@netorn.net' 'abuse@netorn.ru'
Abuse contact for '80.233.134.0 - 80.233.134.255' is 'abuse@telia.lv'
Abuse contact for '93.119.104.0 - 93.119.105.255' is 'abuse@virtono.com'
Abuse contact for '94.152.0.0 - 94.152.255.255' is 'abuse@kei.pl'
Abuse contact for '94.156.175.0 - 94.156.175.255' is 'abuse@iws.co'
Abuse contact for '95.24.0.0 - 95.31.255.255' is 'abuse-b2b@beeline.ru'
Abuse contact for '95.84.128.0 - 95.84.159.255' is 'abuse@rt.ru'
Abuse contact for '95.165.128.0 - 95.165.255.255' is 'abuse@spd-mgts.ru'
Abuse contact for '103.6.204.0 - 103.6.207.255' is 'yogie@redwhite.co.id'
Abuse contact for '103.9.156.0 - 103.9.159.255' is 'cuong.trinh@vnso.vn'
Abuse contact for '103.28.148.0 - 103.28.149.255' is 'support@easyway.co.id'
Abuse contact for '103.56.148.0 - 103.56.149.255' is 'abuse@jagoanhosting.com'
Abuse contact for '103.86.48.0 - 103.86.48.255' is 'abuse@bangmodhosting.com'
Abuse contact for '103.92.24.0 - 103.92.27.255' is 'hm-changed@vnnic.vn' 'system@tlsoft.vn'
Abuse contact for '103.117.141.0 - 103.117.141.255' is 'abuse@casbay.com'
Abuse contact for '103.121.88.0 - 103.121.91.255' is 'tampd@bkns.vn'
Abuse contact for '103.126.6.0 - 103.126.7.255' is 'shazim@serverstack.in'
Abuse contact for '103.138.96.0 - 103.138.96.255' is 'hello@hostitsmart.in'
Abuse contact for '103.146.22.0 - 103.146.23.255' is 'duc@lanit.com.vn'
Abuse contact for '103.147.152.0 - 103.147.153.255' is 'abuse@shineservers.com'
Abuse contact for '103.221.220.0 - 103.221.223.255' is 'hoanglong@azdigi.com'
Abuse contact for '103.236.201.0 - 103.236.201.255' is 'admin@idcloudhost.com'
Abuse contact for '111.90.128.0 - 111.90.159.255' is 'abuse@shinjiru.com.my'
Abuse contact for '112.78.0.0 - 112.78.15.255' is 'vanht@ods.vn'
Abuse contact for '130.185.72.0 - 130.185.72.255' is 'report@parspack.com'
Abuse contact for '119.59.96.0 - 119.59.127.255' is 'abuse@metrabyte.cloud'
Abuse contact for '141.98.10.0 - 141.98.10.255' is 'admin@serveroffer.lt'
Abuse contact for '146.247.49.0 - 146.247.49.255' is 'abuse@netcetera.co.uk'
Abuse contact for '159.148.186.0 - 159.148.186.255' is 'support@serveria.com'
Abuse contact for '159.148.0.0 - 159.148.255.255' is 'abuse@latnet.eu'
Abuse contact for '171.224.0.0 - 171.255.255.255' is 'hm-changed@vnnic.vn'
Abuse contact for '176.123.0.0 - 176.123.11.255' is 'abuse@alexhost.com'
Abuse contact for '178.239.176.0 - 178.239.177.255' is 'abuse@irideos.it'
Abuse contact for '178.255.40.232 - 178.255.40.235' is 'abuse@artnet.pl'
Abuse contact for '179.43.149.0/26' is 'support@privatelayer.com'
Abuse contact for '180.131.144.0 - 180.131.147.255' is 'abuse@nawala.org'
Abuse contact for '185.24.232.0 - 185.24.232.255' is 'abuse@servebyte.com'
Abuse contact for '185.128.40.0 - 185.128.43.255' is 'abuse@rackend.net'
Abuse contact for '185.130.206.0 - 185.130.207.255' is 'abuse@as61317.net'
Abuse contact for '185.140.248.0 - 185.140.249.255' is 'contact@buzinessware.com'
Abuse contact for '185.183.104.0 - 185.183.104.255' is 'abuse@m247.ro'
Abuse contact for '194.5.176.0 - 194.5.179.255' is 'berbid238@gmail.com'
Abuse contact for '202.145.0.0 - 202.145.3.255' is 'abuse@uninet.net.id'
Abuse contact for '209.127.0.0 - 209.127.138.255' is 'abuse@servermania.com'


Example of the highest used IP addresses from November 2020 IPabuses.jpg

Where to send abuse complaints[edit | edit source]

PDR Ltd. d/b/a PublicDomainRegistry.com
Directiplex, Mogra Village
Nagardas Road, Andheri (East)
Mumbai Maharashtra 400069
India
+1 2013775952
tldadmin@directi.com
abuse.manager@publicdomainregistry.com 
abuse@publicdomainregistry.com

Web site http://publicdomainregistry.com/process-for-handling-abuse/

Additional Contact Information[edit | edit source]

Postal address[edit | edit source]

Directiplex, Mogra Village
Nagardas Road, Andheri (East)
Mumbai Maharashtra 400069
India

Telephone and FAX[edit | edit source]

Phone: +1 2013775952

Related information[edit | edit source]

Pharmacy fraud operations

Affiliate program coordinator employing spammers

Sources for this article[edit | edit source]

Independent[edit | edit source]

Interview[edit | edit source]

Corporate[edit | edit source]

http://www.publicdomainregistry.com/

http://www.internic.net/registrars/registrar-303.html

Community content is available under CC-BY-SA unless otherwise noted.