Fraud Reports Wiki


Men Health.jpg

Men's Health 2011 - pharma

Men's Health 2011 - herbal

This purports to be a Manitoba Pharmacy Association licensed pharmacy. Newer site templates (year: 2011) falsely claim certification with:

  • APhA - American Pharmacy Association
  • AUA - American Urology Association
  • Texas Board of Pharmacy

The actual name in the last case would be "Texas State Board of Pharmacy" as seen at

However, it is widely believed to be a credit card theft scam - fronted by a fake pharmacy retailer.

Men's Health or Men Health or Men+ Health: Judging by the name servers used, this is clearly another of ROKSO listed #2 most wanted Cyber criminal Alex Polyakov's site, used for identity theft and credit card theft. If any of his pharmacy product ever gets delivered, it has been found to contain placebos (sugar pills).

The whole site is full of lies.

False Claims[]

Men Health displays a fake license, LICENSE NO 03161490 from the Manitoba Pharmacy Association (MPhA).

  • Manitoba Pharmacy Association License is faked.
  • The ordering transaction is not secure.
  • The Verisign logo is misused.

When you click on the verisign logo, you expect to be taken to the Verisign site to display its validity. Here, the link goes back to the same site. The information displayed has been fraudulently modified to try to obscure that fact that it has been tampered with.

Fake version

To ensure that this is a legitimate Soltrus Secure Site, make sure that:

  1. The original URL of the site you are visiting comes from Men+ Health
  2. The status of the Server ID is Valid.

Genuine version

To ensure that this is a legitimate Soltrus Secure Site, make sure that:

  1. The original URL of the site you are visiting comes from <name here>
  2. The URL of our secure pages are https://<custom URL here> which will appear
     when you click on the first continue button during the ordering process.
  3. The status of the Digital ID is Valid.


For your best security while visiting sites, always make sure the address
of the visited site matches the address you are expecting to see. Make sure
that the URL of this page begins with ""

Men Health trailer.jpg

WARNING: Placing an order on this site is giving your full credit card details to the Internet's worst criminal. If you have made that mistake, cancel your credit card immediately.

The license link on the site, links back to the same site, and displays a certificate supposedly issued by the Manitoba Board of Pharmacy. The image shown here has the same site name as the fake pharmacy site in the address bar.

Proof of fake license[]

The signatory on the older fake license, Michael N. Dort is not listed on the MPhA site.

The company name listed in the certificate is "(applicant)" !

In the more recent fake license, the board is wrongly titled "Texas Board of Pharmacy" whereas the actual genuine board is known as the "Texas State Board of Pharmacy"

Older fake

Newer fake

Fake Registration[]

Like other Yambo family sites, CH&CM uses identity theft to register its sites. Victims whose personal information has been used to register one of these sites should follow the steps outlined here.


This information no longer applies, but is included for historical purposes.

Men Health runs hand-in-hand with My Canadian Pharmacy, International Legal RX, VIP Pharmacy and Canadian Health&Care Mall, sharing the same methodology:

  • Hijacked name servers
  • Hijacked web sites
  • Hijacked image servers
  • All use the same name servers
  • Name servers are typically 4 in number, and are registered with a subset of registrars
  • Several new sites may be registered and spamvertized every day
  • Hijacked sites use identical proxy servers to redirect DNS and http requests to back-end servers
  • Hijacked sites have a firewall setting to prevent access from specific addresses such as FBI and Visa

Proof that the site uses image servers

If you load a page, right mouse click on any product image, and select copy image location you can see where images are stored. FOrmerly they were hosted on another hijacked host such as or for example. The selection of the hijacked image servers is within some Java script code:

<script id=img_redir> 
var urls=new Array(); 
/**rdr urls*/
/**rdr urls*/

Later, the images were placed on a specific server at, another unlicensed pharmacy, whose domain name is registered with Sponsoring Registrar: INTERNET.BS CORP. by a registrant giving an address in the British Virgin Islands. The web site's contact page lists contact numbers also found for the Online Pharmacy fraud - US 1-800-819-0609 and UK 44-808-234-1713

Related Spam Operations[]

Proxy Image Servers[]

At the time of writing, all of these hijacked image servers were simultaneously in use for the following sites

Sample sites and registrars sponsoring them[]


NAUNET-REG-RIPN[] (suspended) (suspended) (suspended) (suspended) (suspended)

NETLYNX, INC.[] (suspended) (suspended)

How to Report this Spam[]

See the Complainterator which is specifically configured to report this spamming operation.

[] is the sponsor organization behind this type of site. They pay spammers to promote it, and they don't shut down illegal spammers.

Related spam operations[]