ViaGrow
From Spamwiki
Contents |
[edit] Introduction
     Appearing on the scene in November 2009, ViaGrow and ViagPure have been widely spammed. ViaGrow, ViaGrow Pro, ViagPure, ViagMax, MaxPro, EasyPharmacy and Premium Power go hand-in-hand. They often share the same name servers, and reside on the same IP address. It is safe to conclude that all sites are from the same perpetrator. Other brands sharing the same name servers (for example ns1.gogofastnow.com ns2.gogofastnow.com ns1.roadislongnow.com ns2.roadislongnow.com) are
[edit] Mode of operation[edit] Skype abuseThey send spam messages via Skype (i.e., no headers). They don't care about the age or gender of the recipient. The websites feature inappropriate subject matter for children, including nude photos of male genitalia. For an example, see the "before and after" page. [edit] Redirection abuseIn November 2010 they abused the Lycos service at angelfire.com. They created free accounts, and set up a one-page site that contained a java script redirection to a Viagrow site at doit-perform.com (BIZCN.COM) Sample redirections:
[edit] Illegal activitiesThey make unsupported medical claims for an unapproved pharmaceutical product. The name "Viagrow" violates the trademark of the Pfizer company for "Viagra," an unrelated product. The "success stories" page shows they are specifically marketing their product to US citizens. As the websites are illegal, it is not surprising they have concealed the identity of the domain owner with false registration information. Even I, knowing nothing about the street addresses in China, can look up the postal codes and see that the registration address for viagroose.com is absurd. There is no physical company address listed on the site. Viagrow sites share hosting and are spammed with another illegal pharmacy brand, EasyPharmacy Co. That site illegally sells counterfeit generic versions of prescription drugs without requiring a prescription, and falsely claims to offer secure ordering when the site is insecure. |
[edit] Sponsoring Registrars
[edit] Web sites
These sites were all registered with Chinese registrar CHINA SPRINGBOARD also known as NAMERICH.COM
ahiiuuxw.cn aingroww.com arrugapoli.cn baochenghai.cn behalfbigg.com behindmans.cn bongogood.cn brazednature.com cheapsmatt.cn dependsingle.cn drainpippe.com durdensome.cn erectilnow.cn expore-malee.com exposefeel.com extraorder.cn goodforyouq.cn growsobig.com haishceng.cn hduiweet.cn hurry-dontmiss.com huwhuxuq.cn iamherenow.cn irrtationes.cn jackmatt.cn juvelli8.cn larger-yourpenis.com listersample.cn longworkss.cn manisgood.cn millionstop.cn missonnow.cn moneysmakes.cn moreords.cn perectiosales.cn perfect-fitt.com perpicace.cn quest4healths.com respirouno.cn simplebests.cn simplebests.cn simplemaster.cn simplemaster.cn simplybbest.com specilisthere.com streenomoore.com vagrstore.com veryhighh.cn westernedd.com whyisua.cn womanjiuren.cn womanxinren.cn youcangiveme.cn
These sites are sponsored by Russian registrar Regtime-Reg-RIPN who also sponsor the name servers ns1.xeisw.ru ns2.xeisw.ru ns3.xeisw.ru ns4.xeisw.ru
copilotz.ru exportzone.ru maingate.ru palacios.ru slingmeup.ru ushelathcare.ru wellbutrin.ru wellnesss.ru
[edit] Name Servers
The sites are set up to use the following name servers for resolution. They are all sponsored by XIN NET TECHNOLOGY CORPORATION.
- ns1.ddd8pop.com ns2.ddd8pop.com
- ns1.222erectil.com ns2.222erectil.com
- ns1.www77cn.com ns2.www77cn.com
- ns1.wer54x.com ns2.wer54x.com
- ns1.nnns12.com ns2.nnns12.com
- ns1.part56s.com ns2.part56s.com
[edit] How to report this spam
The Complainterator is configured to request removal of these fraudulent sites. Add a link to this page as evidence.
