Global Pharmacy

From Spamwiki

Jump to: navigation, search

Contents

[edit] Description

SCAM ALERT!

At the bottom of the web page is a fake link to BBB. (It actually links back to the site). Better Business Bureau does not list them.

Also note a link to RapidSSL, which is not fake. Follow that link and read 

"Customers know when they have an SSL session with a  website when their browser
displays the  little gold padlock and the address bar begins with a https rather
than http. SSL certificates  can be used on webservers for Internet security and
mailservers such as imap, pop3 and smtp for mail collection / sending security."

Notice what happens if you go to the Checkout page on this web site. It is http and has no gold padlock.

Lies, lies, lies. Do you expect them to actually ship you the products described? Do you expect them to keep your credit card details confidential?

image:Global_Pharmacy_trailer.jpg

[edit] Sponsoring Registrars

Typically these sites use the People's Republic of China (Beijing Innovative Linkage Technology Inc, or Xin Net)

Looking up the spam site registrar detects XIN NET TECHNOLOGY CORPORATION using their own nameservers 

 Primary DNS:  ns.xinnetdns.com
 Secondary DNS:  ns.xinnet.cn

Looking up a name server registrar detects BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD

[edit] History

Actual sites are few in number, but the spammer registers many site names. These are spamvertized, and those sites then redirect to the few that actually contain the web pages.

[edit] How to report this spam

It is more efficient to report the few redirected sites than the many spamvertized sites.

TIP: Use the Complainterator tool to automate this reporting process. Include a link to this page for evidence.

Sites to report, active in December, 2007

paprince.com pbthreatened.com pctosue.com pdandother.com phfor.com raandimage.org rbbutby.org rctargeting.org rdfansites.org sjthenational.com skchampion.com slshiphope.com


Normally you would email the official registrar contact for XIN Net 

http://www.xinnet.com

   Contact: Zhao Le
   Tel: 010-58022118-505
   Email: registrar@xinnet.com

However, in breach of ICANN's regulations, this contact's mailbox has been full for over 3 months. Use alternative contacts 

Administrative Contact: 
yu pinhai
       XinNet Technology Corp.
       tel: 86 10 58022118 
       fax: 86 10 58022077 
       lihm@xinnet.com 

Technical Contact: 
pan tao
       XinNet Technology Corp.
       tel: 86 10 58022118 
       fax: 86 10 58022077 
       pantao@xinnet.com

[edit] Related Spams

Where

  • kjaz.kkroomin.com redirects to Pharma Shop web site r2.rx-shop.biz

so

  • bfjv.kkroomin.com redirects to Global Pharmacy web site jumewa.com

and

The same name servers resolve domains that land on

  • Herbal King (removed Oct/Nov 2007)
  • Pharma Shop
  • Reliable Pharmacy (removed Nov 2007)
  • Global Pharmacy
  • SwissWatchesDirect
  • Fashion Clothes
  • NaturaSlim Hoodia
  • Online Replica Collection,handbags,Watches,shoes,pens..
  • WonderCum
  • SizeUp
  • ManXL

[edit] Redirections

As at February 2008

This brand is a target site of many spammed site redirections. The current formula is a redirection based on the first character to the subdomain name:


  • a*.domain.tld: pdandotherb.com (shut down)
  • b*.domain.tld: ageshell.com (Canadian Pharmacy)
  • c*.domain.tld: wehelpyounow.com/clothes/ (shut down)
  • d*.domain.tld: wehelpyounow.com/freepenispill/ (shut down)
  • g*.domain.tld: fqa34s2.com (US Pharmacy)
  • h*.domain.tld: diet350.info (100% Pure Hoodia Gordonii Pills)
  • i*.domain.tld: iakospro.com (VPXL) affiliate ID 2515592000
  • k*.domain.tld: ideaexciting.com (US Pharmacy)
  • p*.domain.tld: iakospro.com (VPXL) affiliate ID 2515592000
  • r*.domain.tld: keogbw.net (Swiss Watches Direct)
  • s*.domain.tld: parpower.com (VPXL) affiliate ID 2515592000
  • t*.domain.tld: flutteoi.com (Replica Store) affiliate ID 3508239664
  • v*.domain.tld: wehelpyounow.com/vm/ (shut down)


Before February 2008

Spammed sites:

  • bbdw.oewarming.com
  • bzvun.oewarming.com
  • bhcisf.oewarming.com
  • dqpl.oewarming.com
  • djtwd.oewarming.com
  • kpwi.oewarming.com
  • kmfvnu.oewarming.com
  • kkqg.opreflected.com
  • rhlybg.oewarming.com
  • rxtm.oewarming.com
  • rutdkl.oewarming.com
  • ss2vr1cc1e8j.opreflected.com

This one domain redirects to 7 different scams.

  1. Prefix letter A redirects to saverxp.org which is not operational as at Sept 2007.
  2. Prefix letter B = Global Pharmacy redirects to jumewa.com [Xin Net]
  3. Prefix letter C redirected to hoodiastoresale.com - Naturaslim Hoodia - 100% Pure Hoodia Gordonii Diet Pills.
    As from December 2007: wehelpyounow.com/clothes [Beijing dns.com.cn]
  4. Prefix letter D = ManXL redirects to wehelpyounow.com/freepenispill/ [Beijing dns.com.cn]
  5. Prefix letter K = Pharma Shop redirects to r2.rx-shop.biz or r2.pharm-shop.biz [GMO INTERNET]
  6. Prefix letter P = ManXL version 2 redirects to wehelpyounow.com/manxl02/ [Beijing dns.com.cn]
  7. Prefix letter R = SwissWatchesDirect redirects to azfuek.net einison.net pornogh.net or dohbrih.net [INTERNET.BS CORP]
  8. Prefix letter S = WonderCum redirects to parpower.com [CSL joker.com]
  9. Prefix letter T = SizeUp redirects to wehelpyounow.com/su/ [Beijing dns.com.cn]

http://www.wehelpyounow.com/clothes/checkout.php The redirector code that performs the switch is possibly micro_httpd - really small HTTP server

Retrieved from "http://www.spamtrackers.eu/wiki/index.php/Global_Pharmacy"
Personal tools