Fraud Reports Wiki
Line 2: Line 2:
   
 
{|
 
{|
|WikiPharmacy is another [[Bulker.biz]] property. Control of this organization has been attributed to the spammer using the pseudonym [[Alex Polyakov]]. The same group of scam pharmacy brands is referred to as "Eva Meds" by [http://knujon.com Knujon] and [http://legitscript.com LegitScript], and as "Yambo Financials" by [http://www.spamhaus.org/rokso/listing.lasso?file=880 Spamhaus].
+
|WikiPharmacy is another [[EvaPharmacy]] property. Control of this organization has been attributed to the spammer using the pseudonym [[Alex Polyakov]]. The same group of scam pharmacy brands is referred to as "Eva Meds" by [http://knujon.com Knujon] and [http://legitscript.com LegitScript], and as "Yambo Financials" by [http://www.spamhaus.org/rokso/listing.lasso?file=880 Spamhaus].
   
 
This puts it into the same family as
 
This puts it into the same family as
Line 23: Line 23:
 
==False Pretenses==
 
==False Pretenses==
   
Like other Bulker.biz sites, just about every claim made on this brand's site is a lie.
+
Like other Eva Pharmacy sites, just about every claim made on this brand's site is a lie.
   
 
===Fake Locations===
 
===Fake Locations===
Line 34: Line 34:
   
 
The pharmacy has no real location and no real pharmacists. But like other
 
The pharmacy has no real location and no real pharmacists. But like other
Bulker.biz pharmacies, they have forged an imaginary license for their pharmacy.
+
Eva Pharmacy sites, they have forged an imaginary license for their pharmacy.
   
 
[[Image:WikiPharmacy_license.jpg|600px]]
 
[[Image:WikiPharmacy_license.jpg|600px]]
Line 102: Line 102:
 
==Sponsor Organization==
 
==Sponsor Organization==
 
===Spamming Affiliates===
 
===Spamming Affiliates===
[[Bulker.biz]] is the [[:Category:Spam Sponsoring Companies| criminal sponsor organization]] behind this type of site.
+
[[EvaPharmacy]] is the [[:Category:Spam Sponsoring Companies| criminal sponsor organization]] behind this type of site.
   
 
===Registrars===
 
===Registrars===
Line 144: Line 144:
 
==Further Reading==
 
==Further Reading==
 
[http://www.legitscript.com/download/Rogues-and-Registrars-Report.pdf LegitScript report, May 2010]
 
[http://www.legitscript.com/download/Rogues-and-Registrars-Report.pdf LegitScript report, May 2010]
 
 
[[Category:Well-known Spam]]
 
[[Category:Well-known Spam]]
 
[[Category:Bulkerbiz Spam]]
 
[[Category:Bulkerbiz Spam]]

Revision as of 05:56, 7 February 2019

Description

WikiPharmacy is another EvaPharmacy property. Control of this organization has been attributed to the spammer using the pseudonym Alex Polyakov. The same group of scam pharmacy brands is referred to as "Eva Meds" by Knujon and LegitScript, and as "Yambo Financials" by Spamhaus.

This puts it into the same family as

Click to enlarge

Click to enlarge

False Pretenses

Like other Eva Pharmacy sites, just about every claim made on this brand's site is a lie.

Fake Locations

Addresses listed for their headquarters and branches are real addresses, but no such company exists at those premises.

  • 101 California St, San Francisci, CA 94111
  • 4651 Salisbury Road, Jacksonville, FL 32356, USA
  • 1200 Smith Street, Houston, TX 77002, USA (See the tenancy listing

Fake Manufacturing License

The pharmacy has no real location and no real pharmacists. But like other Eva Pharmacy sites, they have forged an imaginary license for their pharmacy.

WikiPharmacy license.jpg


Fake FDA Seal

The Food and Drug Administration seal does not link to the FDA but is served on the same fake host.

Click to enlarge

The actual genuine logo for Registrar Corp (with four red stars instead of the three shown above) can be compared with the version used in the certificate

Registrar Corp states on their web site:

Registrar Corp assists businesses with U.S. FDA compliance. Certificates of Registration issued by Registrar Corp provide confirmation to industry that you are fulfilling U.S. FDA registration requirements. U.S. FDA does not issue or recognize Certificates of Registration. Registrar Corp is not affiliated with the U.S. Food and Drug Administration.

The signatory is Russell K. Statman -

Russell K. Statman, Esq., is a founder and Executive Director of FDA Registrar Corp., a firm providing registration, compliance assistance and U.S. Agent Services for the food and beverage, cosmetics and medical device industries. Mr. Statman is an attorney-at-law representing firms in FDA-regulated industries for the past eighteen years. Contact the author at: statman@fdaregistrar.com


Fake Better Business Bureau Seal

At the bottom of each page of the site, there is a seal claiming the site is accredited by the Better Business Bureau. Clicking on a real BBB seal should link to a company's ratings page on BBB's website. But WikiPharmacy links to a page on their own website with a forged BBB rating. They have even got the chutzpah to have created a fake complaint and resolved it satisfactorily.

Real BBB page for WikiPharmacy on BBB.org Fake BBB page hosted on their own domain
WikiPharmacy BBB fail.jpg WikiPharmacy BBB fake.jpg

Notice that BBB hasn't yet even heard of them (May 2011)

Hijacked servers

Pre 2012

When you loaded a WikiPharmacy site, you found that the web site and the images used were being loaded from a range of different IP addresses. For example, take tabletspillsrx.net, which was operational in May 2011.

  • The web page itself loaded from 5 IPs
    • tabletspillsrx.net has address 91.200.240.251
    • tabletspillsrx.net has address 91.200.240.252
    • tabletspillsrx.net has address 200.91.115.75
    • tabletspillsrx.net has address 200.122.165.18
    • tabletspillsrx.net has address 213.55.114.132
  • later in the day, these 5 IPs
    • tabletspillsrx.net has address 91.200.240.251
    • tabletspillsrx.net has address 91.200.240.252
    • tabletspillsrx.net has address 201.7.103.58
    • tabletspillsrx.net has address 202.164.39.218
    • tabletspillsrx.net has address 213.55.114.132

These IP addresses were refreshed on a fast-flux basis every 10 minutes

Each of these IP addresses represented a site that had been hijacked, and taken over to provide services to these criminals, without the knowledge of the owners. The method used to infiltrate and take over these sites has been documented, together with cleaning instructions. See Hijacked host.

How to Report this Spam

The Complainterator is configured to report this spam to the registrars. It performs a "whois" lookup on the domain names used by the name servers that resolve access to the web site. It discovers the registrars that are sponsoring the access to the web site. It prepares a complaint to the sponsoring registrars.

Removal instructions

web site domains
- the registrar needs to set the status of the domain to

  • clientHold
  • clientUpdateProhibited
  • clientDeleteProhibited
  • clientTransferProhibited

name server domains
- the registrar needs to set the status of each of the name server domains to

  • clientHold
  • clientUpdateProhibited
  • clientDeleteProhibited
  • clientTransferProhibited

In addition, to remove them as name servers, the subdomain address records (eg for ns1 and ns2) need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space.

Spamming Affiliates

EvaPharmacy is the criminal sponsor organization behind this type of site.

Registrars

WikiPharmacy domain name Registrar sponsoring the domain
theherbseshop.eu 1 API GmbH
Suspended by registrar:
thewikipharmacy.com TODAYNIC.COM, INC. suspended
fastmedicalprogram.com NETLYNX, INC. suspended
wiki-pharmacy.org TODAYNIC.COM,INC. suspended
wiki-pharmacy.net BIZCN.COM, INC. suspended
herbalpillsgroup.com NETEARTH ONE, INC. DBA NETEARTH suspended
tabletspillsrx.net ELB GROUP, INC. suspended
tabletprecisionpharmacyrx.net ELB GROUP, INC. suspended
sleepingpillspharmacy.com TRUNKOZ TECHNOLOGIES PVT LTD. suspended
pharmacyhealthpills.net NETEARTH ONE, INC. DBA NETEARTH suspended
drugtorerxnewslettertablets.net NETEARTH ONE, INC. DBA NETEARTH suspended
wikipharmacy.biz CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES suspended
wikipharmacy.net CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES suspended

Related spam operations

See: Category:Yambo family

Further Reading

LegitScript report, May 2010