Description
WikiPharmacy is another Bulker.biz property. Control of this organization has been attributed to the spammer using the pseudonym Alex Polyakov. The same group of scam pharmacy brands is referred to as "Eva Meds" by Knujon and LegitScript, and as "Yambo Financials" by Spamhaus.
This puts it into the same family as |
False Pretenses
Like other Bulker.biz sites, just about every claim made on this brand's site is a lie.
Fake Locations
Addresses listed for their headquarters and branches are real addresses, but no such company exists at those premises.
- 101 California St, San Francisci, CA 94111
- 4651 Salisbury Road, Jacksonville, FL 32356, USA
- 1200 Smith Street, Houston, TX 77002, USA (See the tenancy listing
Fake Manufacturing License
The pharmacy has no real location and no real pharmacists. But like other Bulker.biz pharmacies, they have forged an imaginary license for their pharmacy.
Fake FDA Seal
The Food and Drug Administration seal does not link to the FDA but is served on the same fake host.
The actual genuine logo for Registrar Corp (with four red stars instead of the three shown above) can be compared with the version used in the certificate
Registrar Corp states on their web site:
Registrar Corp assists businesses with U.S. FDA compliance. Certificates of Registration issued by Registrar Corp provide confirmation to industry that you are fulfilling U.S. FDA registration requirements. U.S. FDA does not issue or recognize Certificates of Registration. Registrar Corp is not affiliated with the U.S. Food and Drug Administration.
The signatory is Russell K. Statman -
Russell K. Statman, Esq., is a founder and Executive Director of FDA Registrar Corp., a firm providing registration, compliance assistance and U.S. Agent Services for the food and beverage, cosmetics and medical device industries. Mr. Statman is an attorney-at-law representing firms in FDA-regulated industries for the past eighteen years. Contact the author at: statman@fdaregistrar.com
Fake Better Business Bureau Seal
At the bottom of each page of the site, there is a seal claiming the site is accredited by the Better Business Bureau. Clicking on a real BBB seal should link to a company's ratings page on BBB's website. But WikiPharmacy links to a page on their own website with a forged BBB rating. They have even got the chutzpah to have created a fake complaint and resolved it satisfactorily.
Real BBB page for WikiPharmacy on BBB.org | Fake BBB page hosted on their own domain |
Notice that BBB hasn't yet even heard of them (May 2011)
Hijacked servers
Pre 2012
When you loaded a WikiPharmacy site, you found that the web site and the images used were being loaded from a range of different IP addresses. For example, take tabletspillsrx.net, which was operational in May 2011.
- The web page itself loaded from 5 IPs
- tabletspillsrx.net has address 91.200.240.251
- tabletspillsrx.net has address 91.200.240.252
- tabletspillsrx.net has address 200.91.115.75
- tabletspillsrx.net has address 200.122.165.18
- tabletspillsrx.net has address 213.55.114.132
- later in the day, these 5 IPs
- tabletspillsrx.net has address 91.200.240.251
- tabletspillsrx.net has address 91.200.240.252
- tabletspillsrx.net has address 201.7.103.58
- tabletspillsrx.net has address 202.164.39.218
- tabletspillsrx.net has address 213.55.114.132
- Uses a network of compromised machines to serve up the images, eg
These IP addresses were refreshed on a fast-flux basis every 10 minutes
Each of these IP addresses represented a site that had been hijacked, and taken over to provide services to these criminals, without the knowledge of the owners. The method used to infiltrate and take over these sites has been documented, together with cleaning instructions. See Hijacked host.
How to Report this Spam
The Complainterator is configured to report this spam to the registrars. It performs a "whois" lookup on the domain names used by the name servers that resolve access to the web site. It discovers the registrars that are sponsoring the access to the web site. It prepares a complaint to the sponsoring registrars.
Removal instructions
web site domains
- the registrar needs to set the status of the domain to
- clientHold
- clientUpdateProhibited
- clientDeleteProhibited
- clientTransferProhibited
name server domains
- the registrar needs to set the status of each of the name server domains to
- clientHold
- clientUpdateProhibited
- clientDeleteProhibited
- clientTransferProhibited
In addition, to remove them as name servers, the subdomain address records (eg for ns1 and ns2) need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space.
Sponsor Organization
Spamming Affiliates
Bulker.biz is the criminal sponsor organization behind this type of site.
Registrars
WikiPharmacy domain name | Registrar sponsoring the domain |
---|---|
theherbseshop.eu | 1 API GmbH |
Suspended by registrar: | |
thewikipharmacy.com | TODAYNIC.COM, INC. suspended |
fastmedicalprogram.com | NETLYNX, INC. suspended |
wiki-pharmacy.org | TODAYNIC.COM,INC. suspended |
wiki-pharmacy.net | BIZCN.COM, INC. suspended |
herbalpillsgroup.com | NETEARTH ONE, INC. DBA NETEARTH suspended |
tabletspillsrx.net | ELB GROUP, INC. suspended |
tabletprecisionpharmacyrx.net | ELB GROUP, INC. suspended |
sleepingpillspharmacy.com | TRUNKOZ TECHNOLOGIES PVT LTD. suspended |
pharmacyhealthpills.net | NETEARTH ONE, INC. DBA NETEARTH suspended |
drugtorerxnewslettertablets.net | NETEARTH ONE, INC. DBA NETEARTH suspended |
wikipharmacy.biz | CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES suspended |
wikipharmacy.net | CENTER OF UKRAINIAN INTERNET NAMES DBA UKRNAMES suspended |