PakNIC is an ICANN accredited registrar in Pakistan.

PakNIC (Private) Limited, a Private Limited Company incorporated under section 32 of the Companies Ordinance, 1984 of Government of Pakistan. PakNIC is also the first ICANN accredited Domain Registrar in Pakistan with offices at Lahore and in New Jersey, USA.

Anti-Fraud Position[edit | edit source]

14. Breach and Revocation.

PAKNIC reserves the right to suspend, cancel, transfer or modify your domain name registration or suspend, cancel or modify other services we provide in the event (a) you materially breach this Agreement (including the Dispute Policy) and do not cure such breach within given period of notice by PAKNIC, (b) you use the domain name registered to you to send unsolicited commercial advertisements in contradiction to either applicable laws or customary acceptable usage policies of the Internet, (c) you use your domain name in connection with unlawful activity, or (d) grounds arise for such suspension, cancellation, transfer or other modification as provided for in this Agreement.

Official Position[edit | edit source]

Section 14 c. allows PakNIC to suspend domains used for illegal purposes.

Actual Behavior[edit | edit source]

Registrar responsiveness[edit source]

Showing all registrars including R01.RU LiveSite2014.jpg

Showing all registrars excluding R01.RU LiveMinors.jpg

Piechart showing the crime sponsoring contribution by each registrar.

RegPie.jpg

The comparison between this registrar and others can be seen on the graphs.

It shows how many domains have not been suspended by various registrars over the past year. The higher the column, the more domains are sponsored by the registrar.

Currently the most abused registrar is Russia's R01.ru. This registrar sponsors the vast majority (often over 60%) of the fraud domains used within the Eva Pharmacy group.

The second most abused registrar is Russia's REG.RU REG.RU at over 25%

The next most abused registrar is GKG GKG at 4%.

The next most abused registrar is The Netherlands' Hosting Concepts aka OpenProvider at 3%.

These are followed by Russia's ARDIS, India's PublicDomainRegistry PDR, China's CNOBIN, Canada's Tucows, and Pakistan's PakNIC.


Outside of Russia, most registrars have been quick to terminate the service contracts with these cyber-criminals upon seeing the obvious evidence of fraud.



Sample illegal domains[edit | edit source]

These are all part of the pharmacy fraud network centered in Russia, known as EvaPharmacy.

Canadian Health&Care Mall[edit | edit source]

canadianhealthcaremalll.com

These were last checked and found to be live on May 8, 2019 Click on any heading to see the evidence relating to each fraud.


CANADA-PHARMACY[edit | edit source]

your-health-mart.com

Canadian Pharmacy[edit | edit source]

no1onlinepharmacy.com

Canadian X Pharmacy[edit | edit source]

online-pills.com

CanadianDrugStore[edit | edit source]

family-drugstore.net

Healthy Life[edit | edit source]

pharmacyatwalgreens.com

Online Pharmacy[edit | edit source]

bestdrugs24.com
buydrugscheap.com
eu-health-centre.com
health-mall24.com
health-mall365.com
health-my365.com
healthy-family-market.com
hq-medmarket.com
hq-pillmarket.com
my-europe-health.com
my-health-centre.com
tabsfast.com
your-health-eu.com

Trusted Tabs[edit | edit source]

smile.us.org

Common IP addresses[edit source]

A quick way to verify these sites is to examine the hosting addresses. Note that * items have been removed. Many compromised hosts used for this operation during September 2020 - May 2021 were located at these IPs.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Live
----
5.133.12.15 5.133.12.16 89.222.128.42 94.126.173.105 95.165.145.236
95.165.149.124 103.117.141.184 103.121.91.117 103.138.96.86 103.146.23.100
111.90.158.205 185.128.42.107 185.130.206.6 185.183.104.124 185.183.104.125
185.9.158.37 198.27.110.97


Removed
----------
5.187.52.10* 5.187.52.9* 5.253.62.111* 31.200.247.37* 45.125.65.102*
45.125.65.59* 45.86.163.7* 79.172.193.55* 79.172.193.56* 79.172.193.57*
79.172.193.58* 80.233.134.249* 82.199.101.248* 82.199.104.3* 84.15.139.143*
84.200.77.180* 85.254.72.7* 85.254.72.8* 85.254.72.9* 87.120.253.207*
87.120.253.209* 87.120.253.209* 89.105.221.81* 89.105.221.82* 89.105.221.83*
94.152.214.31* 95.84.156.191* 95.165.27.205* 103.86.48.69* 112.78.10.214*
119.59.123.55* 130.185.72.89* 141.98.10.137* 141.98.10.142* 146.247.49.105*
159.148.186.165* 159.148.186.238* 178.255.40.234* 179.43.149.28* 185.128.43.18*
185.128.43.20* 185.128.43.21* 185.128.43.22* 185.128.43.54* 185.140.249.133*
185.24.232.74* 185.24.232.76* 212.34.158.133* 212.34.158.134*

Where to contact the compromised hosting ISP:

Abuse contact for '5.2.88.0 - 5.2.89.255' is 'alvaro.montero@ipcore.com'
Abuse contact for '5.45.80.0 - 5.45.83.255' is 'abuse@ispiria.net'
Abuse contact for '5.181.158.0 - 5.181.158.255' is 'abuse@mivocloud.com'
Abuse contact for '5.133.12.16 - 5.133.12.16' is 'abuse@artnet.pl'
Abuse contact for '5.187.48.0 - 5.187.55.255' is 'abuse@artnet.pl'
Abuse contact for '5.253.60.0 - 5.253.63.255' is 'abuseto@adminvps.ru' (Removed)
Abuse contact for '27.124.80.0 - 27.124.95.255' is 'abuse@medialink.net.id'
Abuse contact for '31.200.247.0 - 31.200.247.255' is 'ripe@unelink.com'
Abuse contact for '45.86.163.0 - 45.86.163.255' is 'support@crowncloud.net'
Abuse contact for '45.125.65.0 - 45.125.65.255' is 'abuse@tele-asia.net'
Abuse contact for '51.89.148.0 - 51.89.151.255' is 'abuse@ovh.net'
Abuse contact for '79.172.193.0 - 79.172.193.255' is 'abuse@deninet.hu' (Removed)
Abuse contact for '80.233.134.0 - 80.233.134.255' is 'abuse@telia.lv'
Abuse contact for '82.199.104.0 - 82.199.107.254' is 'abuse@seven-sky.net'
Abuse contact for '84.15.136.0 - 84.15.143.255' is 'abuse@bi.lt'
Abuse contact for '84.200.77.0 - 84.200.77.255' is 'abuse@accelerated.de' (Removed)
Abuse contact for '85.254.72.0 - 85.254.72.255' is 'support@serveria.com'
Abuse contact for '87.120.253.0 - 87.120.253.255' is 'abuse@neterra.net'
Abuse contact for '89.105.192.0 - 89.105.223.255' is 'abusedesk@novoserve.com'
Abuse contact for '89.222.128.0 - 89.222.131.255' is 'abuse@netorn.net' 'abuse@netorn.ru'
Abuse contact for '93.119.104.0 - 93.119.105.255' is 'abuse@virtono.com'
Abuse contact for '94.152.0.0 - 94.152.255.255' is 'abuse@kei.pl'
Abuse contact for '94.156.175.0 - 94.156.175.255' is 'abuse@iws.co'
Abuse contact for '95.84.128.0 - 95.84.159.255' is 'abuse@rt.ru'
Abuse contact for '95.165.128.0 - 95.165.255.255' is 'abuse@spd-mgts.ru'
Abuse contact for '103.6.204.0 - 103.6.207.255' is 'yogie@redwhite.co.id'
Abuse contact for '103.9.156.0 - 103.9.159.255' is 'cuong.trinh@vnso.vn'
Abuse contact for '103.86.48.0 - 103.86.48.255' is 'abuse@bangmodhosting.com'
Abuse contact for '103.117.141.0 - 103.117.141.255' is 'abuse@casbay.com'
Abuse contact for '103.121.88.0 - 103.121.91.255' is 'tampd@bkns.vn'
Abuse contact for '103.126.6.0 - 103.126.7.255' is 'shazim@serverstack.in'
Abuse contact for '103.138.96.0 - 103.138.96.255' is 'hello@hostitsmart.in'
Abuse contact for '103.146.22.0 - 103.146.23.255' is 'duc@lanit.com.vn'
Abuse contact for '103.221.220.0 - 103.221.223.255' is 'hoanglong@azdigi.com'
Abuse contact for '103.236.201.0 - 103.236.201.255' is 'admin@idcloudhost.com'
Abuse contact for '111.90.128.0 - 111.90.159.255' is 'abuse@shinjiru.com.my'
Abuse contact for '112.78.0.0 - 112.78.15.255' is 'vanht@ods.vn'
Abuse contact for '130.185.72.0 - 130.185.72.255' is 'report@parspack.com'
Abuse contact for '119.59.96.0 - 119.59.127.255' is 'abuse@metrabyte.cloud'
Abuse contact for '141.98.10.0 - 141.98.10.255' is 'admin@serveroffer.lt'
Abuse contact for '146.247.49.0 - 146.247.49.255' is 'abuse@netcetera.co.uk'
Abuse contact for '159.148.186.0 - 159.148.186.255' is 'support@serveria.com'
Abuse contact for '171.224.0.0 - 171.255.255.255' is 'hm-changed@vnnic.vn'
Abuse contact for '176.123.0.0 - 176.123.11.255' is 'abuse@alexhost.com'
Abuse contact for '178.255.40.232 - 178.255.40.235' is 'abuse@artnet.pl'
Abuse contact for '179.43.149.0/26' is 'support@privatelayer.com'
Abuse contact for '180.131.144.0 - 180.131.147.255' is 'abuse@nawala.org'
Abuse contact for '185.24.232.0 - 185.24.232.255' is 'abuse@servebyte.com'
Abuse contact for '185.128.40.0 - 185.128.43.255' is 'abuse@rackend.net'
Abuse contact for '185.140.248.0 - 185.140.249.255' is 'contact@buzinessware.com'
Abuse contact for '185.183.104.0 - 185.183.104.255' is 'abuse@m247.ro'
Abuse contact for '202.145.0.0 - 202.145.3.255' is 'abuse@uninet.net.id'


Highest used IP addresses from November 2020 IPabuses.jpg

Description of the Registrar[edit | edit source]

We provide domain name registration and domain management services through out its lifecycle. We also offer private domain name registration and portfolio management services. In addition, we can also register your trademark in order to protect your business and identity. Email: sales@paknic.com

Where to send abuse complaints[edit | edit source]

If you would like to report any abuse complaint (WHOIS inaccuracy, spam, malware, phishing, etc.), it must be filed with our registrar abuse team by either creating a ticket at http://support.paknic.com under abuse department or by sending an email to DomainAbuse@paknic.com. Alternatively, you may also send us a fax at this number +1 (732) 297-8906.

By email[edit | edit source]

  • DomainAbuse@paknic.com (fails)


By the online web page[edit | edit source]

Additional Contact Information[edit | edit source]

Social Media


Postal address[edit | edit source]

116 Salem Road,
North Brunswick,
NJ 08902, U.S.A.

Registration Information[edit | edit source]

Telephone and FAX[edit | edit source]

+1.7322978908
+493021009090 (fax)

Related information[edit | edit source]

Pharmacy fraud operations

Affiliate program coordinator employing spammers

Sources for this article[edit | edit source]

Independent[edit | edit source]

Eva Pharmacy campaign

Rogues and Champions report

Interview[edit | edit source]

Corporate[edit | edit source]

Related information[edit | edit source]

Pharmacy fraud operations

Affiliate program coordinator employing spammers

Community content is available under CC-BY-SA unless otherwise noted.