Premier Pharmacy
From Spamwiki
Contents |
[edit] Background
Premier Pharmacy appears to be an identity theft operation. Nobody at the BBB or Pharmacy Checker has ever heard of anyone receiving any product once ordering from Premier Pharmacy. Representatives from the BBB flatly denied ever offering support or otherwise endorsing these well-known spammed websites. They unfortunately do not yet have any sort of warning to consumers aside from the general caveat not to purchase any product promoted via spam email.
Current sites use a Round robin method - showing that the site is running on multiple machines simultaneously. It is another example of a fast-flux botnet, with the major component residing in Hong Kong, as seen in the geo-print - geographical break-down of infections by country.
| Server | Response | Time |
|---|---|---|
| ns1.bg-chromium.com [66.232.120.110] | 66.67.138.159 68.173.212.34 69.111.191.24 69.47.177.129 74.67.191.214 | 43ms |
| ns2.bg-chromium.com [203.10.146.250] | Timeout |
30 minutes later
| Server | Response | Time |
|---|---|---|
| ns1.bg-chromium.com [66.232.120.110] | 24.131.47.38 67.68.3.57 70.51.148.66 75.12.119.232 75.132.24.36 | 44ms |
| ns2.bg-chromium.com [203.10.146.250] | Timeout |
April 22 Example
| Server | Response | Time |
|---|---|---|
| ns0.daserunhgenfunyanderunjans.com [203.191.148.182] | 62.143.218.157 65.17.186.154 66.38.237.6 85.29.199.230 85.29.235.10 87.240.34.173 88.66.63.218 89.112.12.209 89.178.197.217 89.209.81.41 | 511ms |
| ns0.frankintionhandefunpionkin.com [60.12.192.90] | 213.220.204.90 213.247.133.56 69.182.147.234 84.42.167.17 85.29.235.10 87.240.34.173 88.66.63.218 89.102.123.100 89.112.12.209 89.209.81.41 | 528ms |
[edit] Spam Examples
[edit] How to Report this Spam
The Complainterator is configured to report this spam to the registrars. It performs a "whois" lookup on the domain names used by the name servers that resolve access to the web site. It discovers the registrars that are sponsoring the access to the web site. It prepares a complaint to the sponsoring registrars.
Removal instructions - the registrar needs to set the status of each of the name server domains to
- clientHold
- clientUpdateProhibited
- clientDeleteProhibited
- clientTransferProhibited
To remove them as name servers, the Address records for ns1 and ns2 need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space.
[edit] Spammed URLs
March 2007
- abcpill.com
- gkyfg.com
- fdeaw.com
- gtfvb.com
- xsefd.com
- nhyfg.com
[edit] False Claims
At the top left we find
International lisense (sic) n. 05848921 issued 10 June 2002.
At the bottom left we find
Premier Pharmacy is licensed online pharmacy, (sic) International license number 05848921 issused (sic) 10 June 2002.
Attention to detail while making false claims is noticeably lacking.
In the FAQ we find
Is it safe to use my credit card at Online Pharmacy? YES - When you place an order online your personal information and credit card information are encrypted before being sent over the Internet, making it virtually impossible for your information to be stolen or intercepted while being transferred.
The claim shown here is false. The ordering page that requests identity and credit card details runs over http, not https, showing that no security is implemented despite this claim.
The Verisign link shows
To ensure that this is a legitimate Soltrus Secure Site, make sure that: 1. The original URL of the site you are visiting comes from Pharmacy (sic)
[edit] Fake Awards
Top rated by PharmacyChecker
Pharmacy Checker has no mention of Premier Pharmacy.
The image shows an example of self-awarded banners.
The bogus links to the Pharmacy Checker, Better Business Bureau, Verisign Secure Site and Verified by Visa are served on the same site, and are obvious fakes.
As with most of the sites outlined in this Wiki, none of these links are legitimate, and none of the claims of support are valid. Not one of these icons links to the actual organization claimed, and in fact investigating each of them leads to either a dead end (there is no such award or license) or outright falsehood.
[edit] Sponsoring Registrars
Web sites
- abcpill.com = Beijing Innovative Linkage Technology
- fdeaw.com, gtfvb.com, xsefd.com, nhyfg.com, gkyfg.com = Register.com Inc
- korukasomun.hk kumadira.hk kumalap.hk kurapa.hk pidlovilasupok.hk rumanikanuk.hk stipalomun.hk = HKDNR
- hadesunjaderuikd.com heradnionkertin.com herasunmedaxuke.com hersunkionransde.com herwunkasonmin.com hetandunhasde.com heteryunkerfunmde.com hugadefunrasom.com = Xin Net
Name Servers
- adesuikintandefunhandesun.com = removed by Beijing Innovative Linkage Technology
- frankintionhandefunpionkin.com = Beijing Innovative Linkage Technology
- daserunhgenfunyanderunjans.com = Beijing Innovative Linkage Technology
- color-no.com = suspended by IA Registry
- bg-chromium.com = eNom Inc
- ns0.ertunjdasfunkin.com ns0.vadesuikunmaseda.com ns0.xazeyunhdefunja.com ns0.zedesinshoutionfun.com = Xin Net
- ns0.puntunhdefunterun.com ns0.pumationdesun.com ns0.ptrinmasedinca.com ns0.priokoliondedsa.com = Xin Net
[edit] Related Spam
A link within the web page (src="http://n1x1.bettiongenfungandesuijnkin.com/1x1?630") goes to bettiongenfungandesuijnkin.com - a site which uses a spammer's name servers at ns0.kerunhandgunfandesikuntun.com and ns0.adesuikintandefunhandesun.com. These are widely acknowledged as Leo Kuvayev's name servers.
Another site that uses the same name servers is titled "Generic Viagra Softtabs"
More relationships may be found by comparing sites resolved by the same name servers. For example, ns0.puntunhdefunterun.com resolves
| rxpillsoffice.com | Premier Pharmacy |
| bizrxpills.com | Premier Pharmacy |
| rxpillsbuy.com | Premier Pharmacy |
| internetrxpills.com | Your Online Pharmacy |
| industryrxpills.com | Premier Pharmacy |
| rx444.com | Premier Pharmacy |
| rxpillsinteractive.com | Premier Pharmacy |
| aztxobzipyijon.com | Your Online Pharmacy |
| puntunhdefunterun.com | Your Online Pharmacy |
| portalrxshop.com | Premier Pharmacy |
| superportalrxshop.com | Premier Pharmacy |
| entryrxshop.com | Your Online Pharmacy |
| rxpillscyber.com | Premier Pharmacy |
Clearly this group is involved in a great deal of internationally illegal activity, and appears to have absolutely no scruples whatsoever. Needless to say, several law enforcement and other authorities are continuing to investigate them.
