Fraud Reports Wiki
Advertisement

R01 is a registrar in Russia. Регистратор R01

R01.logo.jpg

Description of the Registrar[]

Registrar R01 - domain name registrar belonging to the group of companies "Hosting Community". The company became the first accredited registrar in the RU national domain and today offers a wide range of professional services, being one of the leaders in terms of the number of registered domains for .RU .SU and .рф.

Регистратор R01 — регистратор доменных имен, входящий в группу компаний Hosting Community. Компания стала первым аккредитованным регистратором в национальном домене RU и сегодня предоставляет широкий спектр профессиональных услуг, являясь одним из лидеров по количеству регистрируемых доменов .RU, .SU и .РФ.

Anti-Spam Position[]

Not defined

Official Position[]

Not defined

Actual Behavior[]

R01 is widely abused by the Russian EvaPharmacy fraud operation.

R01 usually ignores all requests to suspend illegal domains. Domains are usually only suspended at the expiry date. However, in April, May June and July 2017, half of the fraud domains were suddenly suspended (put in "NOT DELEGATED" status).

R01 широко злоупотребляли Российской EvaPharmacy мошеннической операции.

R01 игнорирует все просьбы приостановить незаконные доменов. Домены только приостанавливается на срок годности.


Examples of domains used for fraud[]

Click on any heading for evidence of fraud. The list is held at [List of R01.RU sponsored fraud domains]

There are over 1,000 listed pharmacy fraud domains. These were all live when tested on Janueary 1, 2020

Registrar responsiveness[]

Showing all registrars including R01.RU LiveSite2014.jpg

Showing all registrars excluding R01.RU LiveMinors.jpg

Piechart showing the crime sponsoring contribution by each registrar.

RegPie.jpg

The comparison between this registrar and others can be seen on the graphs.

It shows how many domains have not been suspended by various registrars over the past year. The higher the column, the more domains are sponsored by the registrar.

Currently the most abused registrar is Russia's R01.ru. This registrar sponsors the vast majority (often over 60%) of the fraud domains used within the Eva Pharmacy group.

The second most abused registrar is Russia's REG.RU REG.RU at over 25%

The next most abused registrar is GKG GKG at 4%.

The next most abused registrar is The Netherlands' Hosting Concepts aka OpenProvider at 3%.

These are followed by Russia's ARDIS, India's PublicDomainRegistry PDR, China's CNOBIN, Canada's Tucows, and Pakistan's PakNIC.


Outside of Russia, most registrars have been quick to terminate the service contracts with these cyber-criminals upon seeing the obvious evidence of fraud.



Сравнение этого регистратора с другими можно увидеть на графике.

Он показывает, сколько доменов не было приостановлено для разных регистраторов за последний год.

Чем выше столбец, тем больше доменов спонсирует регистратор.

В настоящее время наиболее злоупотребляемый регистратор находится в России R01.ru

Этот регистратор поддерживает подавляющее большинство мошеннических доменов, используемых в Eva Pharmacy

Другие регистраторы быстро прекратили контракты на обслуживание с этими кибер-преступниками, когда они увидели очевидные доказательства мошенничества.


Common IP addresses[]

A quick way to verify these sites is to examine the hosting addresses. Note that * items have been removed. Many compromised hosts used for this operation during September 2020 - May 2021 were located at these IPs.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Live
----
2.184.67.164 5.101.140.77 5.188.211.29 37.46.135.24 51.222.136.197*
51.89.151.227 84.15.139.143 84.200.77.180 95.165.145.236 95.165.149.124
95.165.27.205 95.31.40.41 103.117.141.163 103.121.91.117 103.126.6.161
103.127.31.154* 103.135.128.72* 103.139.42.59 103.146.23.100 103.147.153.123*
103.147.153.126* 103.157.224.90 103.228.114.93 103.236.150.106* 103.236.201.228
103.92.25.124 103.242.117.197 103.28.149.174 103.30.246.103 103.83.192.109
103.9.158.67 103.92.25.124 185.182.105.220 185.182.105.221 185.227.136.203
185.24.232.98 185.227.136.205 198.211.33.45 200.55.243.166* 202.145.2.67


Removed
----------
5.133.12.16* 5.181.158.179* 5.181.158.181* 5.187.52.1* 5.187.52.12*
5.187.52.13* 5.187.52.9* 5.2.89.72* 5.253.62.111* 5.45.82.242*
31.132.1.40* 37.61.211.187* 37.61.211.188* 37.61.211.189* 45.119.41.11*
45.119.41.12* 45.119.41.14* 45.125.65.93* 45.131.83.10* 45.137.21.144*
45.137.21.166* 45.67.116.219* 45.86.163.7* 51.158.23.140* 51.210.134.178*
51.38.80.31* 58.64.137.69* 62.141.56.196* 78.157.200.139* 80.233.134.248*
80.233.134.249* 81.4.110.230* 82.199.101.248* 82.199.101.44* 82.199.104.3*
85.17.219.96* 85.183.104.125* 85.254.72.7 * 87.120.253.209* 89.105.221.82*
89.222.128.42* 91.199.41.51* 91.199.41.53* 91.199.41.55* 93.119.105.5*
94.126.173.105* 94.152.214.31* 94.156.175.107* 101.53.147.97* 101.99.90.111*
103.108.117.18* 103.117.141.184* 103.130.218.113* 103.138.96.86* 103.142.25.210*
103.160.144.64* 103.160.62.153* 103.221.220.169* 103.42.58.61* 103.56.148.90*
103.6.207.162* 103.8.26.45* 103.86.51.178* 103.92.30.110* 109.232.240.24*
111.90.158.205* 112.78.10.214* 119.59.123.55* 119.59.123.55* 128.1.60.6*
130.185.72.89* 134.119.186.27* 134.119.186.29* 141.98.10.125* 141.98.10.136*
141.98.10.142* 141.98.10.225* 146.247.49.105* 146.88.26.167* 159.148.186.165*
159.148.187.4* 159.148.187.6* 167.114.188.36* 170.130.173.37* 171.244.143.163*
173.213.80.216* 176.123.9.67* 178.239.177.183* 178.255.40.234* 179.43.149.28*
180.131.147.100* 185.105.109.213* 185.108.128.181* 185.128.42.106* 185.128.42.107 *
185.128.43.18* 185.128.43.21* 185.128.43.54* 185.130.206.6* 185.140.249.133*
185.183.104.123* 185.216.8.156* 185.227.136.206* 185.24.232.118* 185.24.232.134*
185.24.232.76* 185.9.158.36* 185.99.3.68* 185.99.3.80* 194.5.179.140*
195.123.247.36* 198.27.110.97* 209.127.28.5* 209.97.184.221* 212.34.158.134*
212.34.158.134* 213.226.100.10*


Where to contact the compromised hosting ISP:

Abuse contact for '5.2.88.0 - 5.2.89.255' is 'alvaro.montero@ipcore.com'
Abuse contact for '5.45.80.0 - 5.45.83.255' is 'abuse@ispiria.net'
Abuse contact for '5.101.140.64 - 5.101.140.95' is 'abuse@ukservers.com'
Abuse contact for '5.181.158.0 - 5.181.158.255' is 'abuse@mivocloud.com'
Abuse contact for '5.133.8.0 - 5.133.15.255' is 'abuse@artnet.pl'
Abuse contact for '5.187.48.0 - 5.187.55.255' is 'abuse@artnet.pl'
Abuse contact for '5.188.211.0 - 5.188.211.255' is 'abuse@pindc.ru'
Abuse contact for '5.253.60.0 - 5.253.63.255' is 'abuseto@adminvps.ru' (Removed)
Abuse contact for '27.124.80.0 - 27.124.95.255' is 'abuse@medialink.net.id'
Abuse contact for '31.200.247.0 - 31.200.247.255' is 'ripe@unelink.com'
Abuse contact for '37.46.132.0 - 37.46.135.255' is 'abuse@abusehost.ru'
Abuse contact for '45.67.116.0 - 45.67.116.255' is 'abuse@itns.md'
Abuse contact for '45.86.163.0 - 45.86.163.255' is 'support@crowncloud.net'
Abuse contact for '45.125.65.0 - 45.125.65.255' is 'abuse@tele-asia.net'
Abuse contact for '45.131.83.0 - 45.131.83.255' is 'abuse@sered.net'
Abuse contact for '51.89.148.0 - 51.89.151.255' is 'abuse@ovh.net'
Abuse contact for '79.172.193.0 - 79.172.193.255' is 'abuse@deninet.hu' (Removed)
Abuse contact for '80.233.134.0 - 80.233.134.255' is 'abuse@telia.lv'
Abuse contact for '82.199.104.0 - 82.199.107.254' is 'abuse@seven-sky.net'
Abuse contact for '84.15.136.0 - 84.15.143.255' is 'abuse@bi.lt'
Abuse contact for '84.200.77.0 - 84.200.77.255' is 'abuse@accelerated.de' (Removed)
Abuse contact for '85.254.72.0 - 85.254.72.255' is 'support@serveria.com'
Abuse contact for '87.120.253.0 - 87.120.253.255' is 'abuse@neterra.net'
Abuse contact for '89.105.192.0 - 89.105.223.255' is 'abusedesk@novoserve.com'
Abuse contact for '89.222.128.0 - 89.222.131.255' is 'abuse@netorn.net' 'abuse@netorn.ru'
Abuse contact for '80.233.134.0 - 80.233.134.255' is 'abuse@telia.lv'
Abuse contact for '93.119.104.0 - 93.119.105.255' is 'abuse@virtono.com'
Abuse contact for '94.152.0.0 - 94.152.255.255' is 'abuse@kei.pl'
Abuse contact for '94.156.175.0 - 94.156.175.255' is 'abuse@iws.co'
Abuse contact for '95.24.0.0 - 95.31.255.255' is 'abuse-b2b@beeline.ru'
Abuse contact for '95.84.128.0 - 95.84.159.255' is 'abuse@rt.ru'
Abuse contact for '95.165.128.0 - 95.165.255.255' is 'abuse@spd-mgts.ru'
Abuse contact for '103.6.204.0 - 103.6.207.255' is 'yogie@redwhite.co.id'
Abuse contact for '103.9.156.0 - 103.9.159.255' is 'cuong.trinh@vnso.vn'
Abuse contact for '103.28.148.0 - 103.28.149.255' is 'support@easyway.co.id'
Abuse contact for '103.56.148.0 - 103.56.149.255' is 'abuse@jagoanhosting.com'
Abuse contact for '103.86.48.0 - 103.86.48.255' is 'abuse@bangmodhosting.com'
Abuse contact for '103.92.24.0 - 103.92.27.255' is 'hm-changed@vnnic.vn' 'system@tlsoft.vn'
Abuse contact for '103.117.141.0 - 103.117.141.255' is 'abuse@casbay.com'
Abuse contact for '103.121.88.0 - 103.121.91.255' is 'tampd@bkns.vn'
Abuse contact for '103.126.6.0 - 103.126.7.255' is 'shazim@serverstack.in'
Abuse contact for '103.138.96.0 - 103.138.96.255' is 'hello@hostitsmart.in'
Abuse contact for '103.146.22.0 - 103.146.23.255' is 'duc@lanit.com.vn'
Abuse contact for '103.147.152.0 - 103.147.153.255' is 'abuse@shineservers.com'
Abuse contact for '103.221.220.0 - 103.221.223.255' is 'hoanglong@azdigi.com'
Abuse contact for '103.236.201.0 - 103.236.201.255' is 'admin@idcloudhost.com'
Abuse contact for '111.90.128.0 - 111.90.159.255' is 'abuse@shinjiru.com.my'
Abuse contact for '112.78.0.0 - 112.78.15.255' is 'vanht@ods.vn'
Abuse contact for '130.185.72.0 - 130.185.72.255' is 'report@parspack.com'
Abuse contact for '119.59.96.0 - 119.59.127.255' is 'abuse@metrabyte.cloud'
Abuse contact for '141.98.10.0 - 141.98.10.255' is 'admin@serveroffer.lt'
Abuse contact for '146.247.49.0 - 146.247.49.255' is 'abuse@netcetera.co.uk'
Abuse contact for '159.148.186.0 - 159.148.186.255' is 'support@serveria.com'
Abuse contact for '159.148.0.0 - 159.148.255.255' is 'abuse@latnet.eu'
Abuse contact for '171.224.0.0 - 171.255.255.255' is 'hm-changed@vnnic.vn' 'soc@viettel.com.vn'
Abuse contact for '176.123.0.0 - 176.123.11.255' is 'abuse@alexhost.com'
Abuse contact for '178.239.176.0 - 178.239.177.255' is 'abuse@irideos.it'
Abuse contact for '178.255.40.232 - 178.255.40.235' is 'abuse@artnet.pl'
Abuse contact for '179.43.149.0/26' is 'support@privatelayer.com'
Abuse contact for '180.131.144.0 - 180.131.147.255' is 'abuse@nawala.org'
Abuse contact for '185.24.232.0 - 185.24.232.255' is 'abuse@servebyte.com'
Abuse contact for '185.128.40.0 - 185.128.43.255' is 'abuse@rackend.net'
Abuse contact for '185.130.206.0 - 185.130.207.255' is 'abuse@as61317.net'
Abuse contact for '185.140.248.0 - 185.140.249.255' is 'contact@buzinessware.com'
Abuse contact for '185.183.104.0 - 185.183.104.255' is 'abuse@m247.ro'
Abuse contact for '194.5.176.0 - 194.5.179.255' is 'berbid238@gmail.com'
Abuse contact for '200.55.243.166'  is 'radhios@gmail.com' syt.com web page
Abuse contact for '202.145.0.0 - 202.145.3.255' is 'abuse@uninet.net.id'
Abuse contact for '209.127.0.0 - 209.127.138.255' is 'abuse@servermania.com'


Example of the highest used IP addresses from November 2020 IPabuses.jpg

Where to send abuse complaints[]

Additional Contact Information[]

Applications, which can seriously affect the functionality of your services, are performed only by an authorized request. You can send an authorized request through section https://partner.r01.ru "Contact Us".

Sincerely, Department of Customer R01
(RU-CENTER Group)
Phone: +7 495 783-3-783
8800 775-37-83 (for Russian regions)
Fax: +7 (495) 930-88-00

Postal address[]

Headquarters: Moscow, Leningrad Prospect, 74, Building 4

Registration Information[]

Telephone and FAX[]

  • General +7 (495) 783-3-783
  • Regions 8 (800) 775-3-783


Related information[]

Pharmacy fraud operations

Affiliate program coordinator employing spammers

Suspensions in May 2017[]

In April and May 2017, R01 has shown a willingness to suspend fraud pharmacy domains. This is a list of 147 domains suspended in May.


Canadian Family Pharmacy[]

privateherbeshop.su
perfectsafeshop.ru
ythzigxq.su

Canadian Health&Care Mall[]

canadianhotmart.su
medicinalhotshop.su
trustedsmartinc.su
lprquihp.ru
luckymedssupply.ru
mbvionhe.ru
medicalherbinc.ru
medicalpillmart.ru
moyeksaj.ru
mydrugsassist.ru
mypharminc.ru
myprivateassist.ru
myremedialreward.ru
myremedialshop.ru
mysafeinvestment.ru
mytabsgroup.ru
mytabsstore.ru
naturalaidmarket.ru
naturalsafetrade.ru
ndmhzgyg.ru
newbestquality.ru
newfastsale.ru
newfirstelement.ru
newmedicareinc.ru
obaxvflb.ru
onlinedrugoutlet.ru
organicdrugssale.ru
perfectmedseshop.ru
perfecttabletinc.ru
plsvzoyr.ru
ppiyhohe.ru
privatedrugsshop.ru
privatehotgroup.ru
privateremedyinc.ru
pspqsoqu.ru
purebesttrade.ru
pureherbpurchase.ru
remedialmedsmart.ru
safeglobalstore.ru
safeherbseshop.ru
safepillsmarket.ru
safepillsquality.ru
sgxzhzlu.ru
smartaidsupply.ru
smartdrugmart.ru
smartherbstore.su
tcwutfxr.ru
thehealthgroup.ru
thesafevalue.ru
thesecuremarket.ru
thvdhawt.ru
trustedherbshop.ru
ttzkpkxo.ru
tupyrrvl.ru
twuafieu.ru
tyhghfnt.ru
ufbpypau.ru
urujivsq.ru
useqmbqd.ru
uubfhetc.ru
vdicoyup.ru
yitmrfqy.ru
yourcurativemall.ru
yourdrugsmart.ru
yourfirstvalue.ru
yourherbbargain.ru
yourremedygroup.ru
yourtabsassist.ru
ytpvvben.ru
zucdlzkz.ru
wxikxdbh.su

Canadian Neighbor Pharmacy[]

kuwtjjxv.ru
opulknyh.ru
organicsafemart.ru
purepharmgroup.ru
rebzmbhk.ru
vbadhyle.ru
wgoaubla.ru
xsktvjpw.ru
yoursmartcompany.ru
zyjjyocm.ru
zyrqehpq.ru

Canadian Pharmacy[]

yourcuringvalue.ru

CanadianPharmacy[]

luckybestservice.ru
luckyonlinedeal.ru
luckyrxgroup.ru
newtabsservices.ru
pureherbeshop.ru
puretabletshop.ru
puretabsquality.ru
safebestreward.ru
safecanadiandeal.ru
safedrugsgroup.ru
safefastreward.ru
themedsmarket.ru
thesmartinc.ru
trustedsafegroup.ru
yoursmartshop.ru
newwelnessshop.su
thefirstpurchase.su
trustedfirstmall.su
trustedherbshop.su

Men's Health[]

secureherbsdeal.ru
themedicinaldeal.ru

My Canadian Pharmacy[]

luckytabsshop.ru
magicsafegroup.ru
mygenericstrade.ru
myhotwebmart.ru
myprivateeshop.ru
onlinepilltrade.ru
onlinesafemarket.ru
organicaidshop.ru
organicpillsmall.ru
organictabseshop.ru
puredrugseshop.ru
puredrugsprogram.ru
purepillsupply.ru
puretabssupply.ru
safecarereward.ru
safecareservice.ru
safedrugsvalue.ru
safeonlineassist.ru
smartherbprogram.ru
smartnaturalsale.ru
smartonlinemall.ru
smartprivatemart.ru
yourhealinginc.ru
yourherbsupply.ru
yourpharmcompany.ru
yoursafepurchase.ru
smartpillmart.su
thehealtheshop.su
trustedpharmdeal.su
trustedtabletinc.su
yourherbsassist.su

RxExpressOnline[]

joleendorolisa.ru
kaileydaniella.ru
laviniebritteny.ru
lyssaeunice.ru
maudekarlie.ru
rebekaverena.ru
lornecrista.su
salleejoann.su

Toronto Drugstore[]

mypillsmart.ru

US Drugs[]

smartsafeservice.ru


Illegal domains suspended before May 2017[]

Canadian Family Pharmacy[]

hothealingsupply.ru
puremedsprogram.ru

Canadian Health&Care Mall[]

bestwelnesstrade.ru
boemhcul.ru
bulzwxka.ru
cgpffwdz.ru
curinghoteshop.ru
eghaqztr.ru
etjpuwtn.ru
familyaidelement.ru
familyfastmarket.ru
fastbestpurchase.ru
fastrxmall.ru
fastsmarteshop.ru
firstaidgroup.ru
genericsafestore.ru
ghalnxsj.ru
goodsmartquality.ru
gsuttgnp.ru
healingsafeshop.ru
herbalmedsoutlet.ru
homeaidpurchase.ru
hotmedicalinc.ru
htcqwmdm.ru
idmkvvpf.ru
jommefds.ru
keelywanids.ru
kncezzfg.ru
krystlecherye.ru
kzzsurpx.ru
lekqvlbo.ru
medicalfastinc.ru
myherbsale.ru
ncmsejcc.ru
newbestcompany.ru
nuaatnqc.ru
onlinepilleshop.ru
oueiwwhi.ru
pamelamorena.ru
ptnucrmw.ru
puredrugsstore.ru
purehotshop.ru
remedialdrugsinc.ru
saferemedyreward.ru
secureherbsale.ru
securehotoutlet.ru
securepillsupply.ru
securerxinc.ru
smartfirstsupply.ru
themedicaleshop.ru
vbdssqsx.ru
xkaaqxol.ru
xniqqotd.ru
yourbestservice.ru
zgmvnbam.ru
zonnyawilli.ru
zxsipnya.ru

Canadian Neighbor Pharmacy[]

onlinehotinc.ru

Canadian Pharmacy[]

fasttabletgroup.ru
thefamilyvalue.ru

CanadianPharmacy[]

homepilleshop.ru
hotsafewebmart.ru
mytabscompany.ru

My Canadian Pharmacy[]

canadianfastdeal.ru
curingsecurequality.ru
fastonlinesale.ru
firstcarebargain.ru
firstdruginc.ru
globalsecuremall.ru
herbaldrugmart.ru
homedrugpurchase.ru
homehealingshop.ru
homemedicalshop.ru
hotsmartelement.ru
mytabsassist.ru
newfastreward.ru
newonlinemall.ru
onlinemedssupply.ru
perfectherbsdeal.ru
perfectmedsshop.ru
purefamilyeshop.ru
pureherbreward.ru
purerxbargain.ru
remedialherbmart.ru
remedialhotstore.ru
theaidpurchase.ru
yelenachrysa.ru

RxExpressOnline[]

adriamichaelina.ru
aletavinni.ru
aletavinni.ru
amberlytessy.ru
bestmedswebmart.ru
deboralaurice.ru
edithayasmin.ru
ednajonicordy.ru
freddyheathlin.ru
gueneverekirbie.ru
nealasophey.ru
rivkahkellsie.ru
validademetria.ru
yvonnecarlina.ru
zorinahoney.ru
zorineaidan.ru

RxMedications[]

allixcristen.ru
meredithlelia.ru

Toronto Drugstore[]

magicrxassist.ru
purepillservices.ru

US Drugs[]

curingdrugstrade.ru


Sources for this article[]

Independent[]

Eva Pharmacy campaign

Rogues and Champions report

Interview[]

Corporate[]

http://r01.ru/

Advertisement