A global spam termination operation launched by CastleCops, the volunteer SIRT Squad is comprised of folks who report spam, investigate spam, and actively work on spam takedown and termination. SIRT is funded by CastleCops. Become a SIRT Squad terminator by reporting spam today!
AlphaCentauri: sarpletgans.com/ch/ is one of the sites for the spam operation, "Canadian Health&Care Mall." This site and
its spam are violating US law:
* It offers medications which may not be dispensed without a prescription, including Provigil and sometimes Valium,
which are federal contolled substances, without requiring any prescription.
* Its site advertises generic versions of drugs like Viagra which are still under patent protection. Therefore, any
generics are by definition counterfeit.
* Its site includes "certificates" claiming endorsement from Verisign, The "Canadian Pharmaceutical
Association," The American Food and Drug Administration, and the "American Consumers Organization." All
of these claims are outright falsehoods and violations of these agencies' trademarks in those cases in which such an
organization actually exists. See also the BBB alert at http://www.bbbmwo.ca/commonreport.html?bid=1134034 regarding
sister site My Canadian Pharmacy.
* Viewing satellite photos of the addresses it gives for the locations of its offices in Ontario and Louisiana show
residential areas with no evidence of the existence of large buildings like those pictured on the "contact us"
page of their website. The location of the warehouse in New Delhi, India is not precise enough for Google Maps to locate
it and may be a nonexistent address. See http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall .
* The site displays a forged pharmacy license claiming to be issued by the state of Minnesota, USA. See
http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall for a response from the Executive Director of
the Minnesota Board of Pharmacy confirming that this is a forgery.
* It presents photos of people it claims are the physicians and pharmacists running their operation. At least some of
these photos have been identified as stock photos from gettyimages.com. See
http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall#Fake_Doctors
* There is doubt whether they actually sell anything; the website may only be collecting credit card numbers.
* It violates US law by offering drugs for sale to US residents that they may not legally import from pharmacies outside
the US, and it offers them for sale without prescription. See http://www.fda.gov/oc/buyonline/faqs.html
* It offers for sale to US residents drugs that have not been approved by the FDA for sale in the US, like
rimonabant.
* Its site offers for sale antiepileptic medications like Neurontin, Depakote, Lamictal, Trileptal, Keppra, and Topamax.
Given the documented fact that even when spamvertised pharmacies deliver medications, they are subpotent or completely
inactive about half the time, well-controlled epileptics taking these pills could have seizures while driving, causing
an accident that could kill or seriously injure themselves or others, or at very least, lead to loss of their drivers'
licenses.
* Its site offers for sale anticancer agents like casodex and nolvadex. Again, even when spamvertised pharmacies deliver
medications, they are subpotent or completely inactive about half the time. The first indication people taking these
medications would have that they are taking inactive drug would be recurrence of their cancers.
* Its site offers for sale antibiotics like Levaquin, Amoxicillin, Augmentin, Cipro, Zithromax, and Suprax. As Canadian
Health&Care Mall does not even claim to offer overnight delivery, the only reason to order these drugs without
prescription from a pharmacy that takes weeks to deliver (if it ever delivers at all), is to keep it at home "just
in case." As most people are unaware that viral illnesses do not respond to antibiotics, are not aware of which
organisms are most likely to cause which infections nor which antibiotics will cover those organisms, and do not have
the ability to perform culture and sensitivity testing to confirm empiric treatment, this practice is highly likely to
select for drug resistant organisms like CA-MRSA (community acquired methicillin resistant staphylococcus aureus, a
particularly aggressive variety of staph that causes recurrent skin boils and has a 50% mortality when it causes
pneumonia). As Cipro and Levaquin also have anti-tubercular activity, their use can select for drug resistant
tuberculosis. Extended drug resistant mycobacterium tuberculosis (XDR-TB) is extracting nearly 100% mortality in South
Africa at present.
* Its site offers for sale Coumadin, a narrow therapeutic index drug that requires very frequent blood testing to
determing the correct dose, and continued monitoring to readjust dose due to interactions with food and other
medications. The consequence of too much OR too little can be stroke or death.
* Its site offers for sale major antipsychotic medications like Seroquel, Abilify, and Risperdal. In addition to the
fact that inactive drug could cause a patient to relapse, leading to consequences like loss of employment, even if these
pills contain real medication and the correct quantity of real medication, they are only sold by prescription because
patients taking them must be monitored for possible side effects like diabetes.
* Its site offers for sale the fertility medication clomid which carries the risk of multiple pregnancy, visual
disturbances, and ovarian tumors, especially if used in excess.
* Their spam messages violate the CAN-SPAM act because they have forged "from" and "reply to"
addresses, are sent from hijacked computers without the knowledge or permission of the owners, do not include valid
information identifying who has sent the spam or how to opt out, and do not honor opt-out requests on their websites.
Addresses are collected by bots spidering the internet for email addresses.
* Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall,
Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") utilize hijacked Unix servers using the tirqd trojan.
See:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
* In each case in which this reporter was able to contact the person named in the whois information in the domain
registration of one of these sites, that person denied having any knowledge of his/her personal information being used
to register any domains. Some victims had already been aware of fraudulent charges on their credit cards for domain
registrations. See documentation at http://spamtrackers.eu/wiki/index.php?title=Fake_yambo_whois . In this case I was
able to speak by phone to the woman whose name was used in the registration. She confirms that she did not register this
domain.
* Spamwiki entry: http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall . SiteAdvisor reviews at
http://www.siteadvisor.com/sites/sarpletgans.com/ch/
Online prices for warfarin 5mg x 90 tabs (generic coumadin, a blood thinner) on 4/13/08:
Rite Aid (drugstore.com): US $35
CVS US $46
My Canadian Pharmacy US $227
The only reason for someone to order warfarin via an illegal pharmacy is to avoid having to see a doctor and get blood
tests done to obtain a prescription. Warfarin is derived from a natural compound and has a complex metabolism and many
food/drug interactions. Not only is there a very narrow range between the dose that prevents clots and the dose that
causes excessive bleeding, the dose is different from person to person and even varies at different times for the same
person. There is an extremely high risk of someone having complications like bleeding or strokes if he/she is not
getting regular blood tests to check whether the dosage needs to be changed.
SiteAdvisor review at http://www.siteadvisor.com/sites/edikalpeng.com
sarpletgans.com/ch/ is located at IP address 61.199.236.180
but loads images from port 8080 of five of the following servers:
http://58.241.87.130:8080/e/ch/images/theme.jpg
http://62.168.101.112:8080/e/ch/images/theme.jpg
http://62.123.71.188:8080/e/ch/images/theme.jpg
http://77.245.149.25:8080/e/ch/images/theme.jpg
http://82.140.67.171:8080/e/ch/images/theme.jpg
http://84.253.77.6:8080/e/ch/images/theme.jpg
http://193.231.163.125:8080/e/ch/images/theme.jpg
http://194.107.92.211:8080/e/ch/images/theme.jpg
http://204.186.146.60:8080/e/ch/images/theme.jpg
Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+
Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") will often block traffic from IP addresses associated with
legal, financial and antispam organizations as well as anyone who has visited more than one of their sites. It may be
necessary to use a proxy to view the pages. In addition, nameservers will selectively refuse queries for certain domains
not currently being spammed, and it is necessary to use traversal to see that the domains themselves are not
suspended.
Nameservers:
Generated by www.DNSstuff.com at 01:51:30 GMT on 06 Jul 2008.
ns1.jizcountermine.com [201.219.199.101]
ns2.ribangustation.ru [218.21.90.7]
Nameservers move frequently from one IP address to another, as is typical of hijacked servers. These nameservers were
observed at all of the following IP addresses within recent days:
ns1.jizcountermine.com A 201.219.199.101
ns1.jizcountermine.com A 218.21.90.7
ns2.ribangustation.ru A 201.219.199.101
ns2.ribangustation.ru A 218.21.90.7
ns2.ribangustation.ru A 221.199.0.114
Spamhaus information on these IPs may be found at the following links:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54651 for 41.207.125.18
http://cbl.abuseat.org/lookup.cgi?ip=58.241.87.130 for 58.241.87.130
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59039 for 59.44.59.141
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64157 for 59.50.112.130
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64074 for 59.60.62.196
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60344 for 60.12.130.117
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64073 for 60.171.201.38
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60665 for 60.248.126.7
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60552 for 60.249.29.91
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60552 for 60.249.77.35
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63805 for 61.108.145.2
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60632 for 61.153.209.98
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59105 for 61.167.116.129
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64326 for 61.178.249.13
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64075 for 61.218.156.29
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60665 for 62.123.71.188
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65702 for 62.168.101.112
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL39974 for 66.198.139.131
http://cbl.abuseat.org/lookup.cgi?ip=72.156.26.28 for 72.156.26.28
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62487 for 77.245.149.25
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64778 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64834 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64881 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65112 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61420 for 79.135.166.58
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61419 for 79.135.166.58
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61712 for 79.135.166.58
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62483 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63806 for 81.31.179.248
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65520 for 82.140.67.171
http://cbl.abuseat.org/lookup.cgi?ip=82.177.4.14 for 82.177.4.14
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62080 for 82.177.4.14
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL50921 for 83.15.82.74
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64072 for 84.253.77.6
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59469 for 85.198.84.194
http://cbl.abuseat.org/lookup.cgi?ip=85.198.84.194 for 85.198.84.194
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60044 for 88.201.133.151
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59440 for 88.255.90.42
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL58733 for 91.84.29.53
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61626 for 121.28.49.18
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65523 for 130.34.152.16
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64775 for 136.145.55.9
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61959 for 140.109.91.193
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60232 for 150.214.102.243
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62105 for 150.186.64.35
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL55948 for 193.95.254.71
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63807 for 193.231.163.125
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65522 for 194.67.66.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL58731 for 195.87.6.3
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64158 for 196.35.64.58
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63807 for 193.231.163.125
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65703 for 194.107.92.211
for 200.21.207.82
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL58732 for 200.99.139.250
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60132 for 200.102.130.130
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL58376 for 200.123.130.185
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60346 for 200.153.184.37
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64173 for 200.171.178.11
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62952 for 200.171.244.140
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61996 for 200.175.156.232
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60046 for 201.0.8.247
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54651 for 201.49.11.181
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62022 for 201.87.215.230
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL53118 for 201.236.86.60
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61960 for 201.252.246.15
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62257 for 202.30.20.159
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61274 for 202.106.51.50
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61961 for 202.120.127.239
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62955 for 202.150.86.91
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62686 for 202.158.36.50
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59549 for 202.160.22.14
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61910 for 203.155.63.34
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63639 for 203.174.60.37
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL46595 for 210.47.0.50
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL58375 for 210.201.138.28
http://www.njabl.org/lookup?210.212.92.196 for 210.212.92.196
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62259 for 210.240.222.195
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL56848 for 211.20.213.156/32
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59635 for 211.91.218.131
http://cbl.abuseat.org/lookup.cgi?ip=211.140.51.102 for 211.140.51.102
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62958 for 211.166.24.14
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63729
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63729 for 212.154.24.78
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62949 for 212.154.24.85
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62488 for 212.154.24.88
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62950 for 212.154.24.92
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62958 for 211.166.24.14
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62950 for 212.154.24.92
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62079 for 212.235.9.66
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL49934 for 213.85.227.50
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59718 for 213.85.227.50
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62979 for 213.217.48.36
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63810 for 216.94.112.39
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54033 for 217.219.86.118
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56016 for 218.3.160.2
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL57599 for 218.21.90.7
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59038 for 218.26.165.234
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59694 for 218.57.210.166
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61101 for 218.200.244.7
http://cbl.abuseat.org/lookup.cgi?ip=220.130.59.213 for 220.130.59.213
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54650 for 220.130.216.55
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL59366 for 220.132.53.217
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63922 for 220.164.12.42
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL60555 for 222.173.145.4
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61102 for 222.190.111.100
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63793 for 222.246.190.13
Handler Note: 06 Jul, 2008 03:44:53
AlphaCentauri: sarpletgans.com/cv/ is located at IP address 61.199.236.180
but also loads its images from the same hijacked servers:
http://62.94.154.164:8080/e/cv/index.php/images/logo.gif
http://79.135.166.58:8080/e/cv/index.php/images/logo.gif
http://82.177.4.14:8080/e/cv/index.php/images/logo.gif
http://85.198.84.194:8080/e/cv/index.php/images/logo.gif
http://91.84.29.53:8080/e/cv/index.php/images/logo.gif
http://200.123.130.185:8080/e/cv/index.php/images/logo.gif
http://202.30.20.159:8080/e/cv/index.php/images/logo.gif
http://213.130.70.102:8080/e/cv/index.php/images/logo.gif
http://220.130.216.55:8080/e/cv/index.php/images/logo.gif
sarpletgans.com/cv is one of the sites for the spam operation, "VIP Pharmacy (Viagra + Cialis)." This site
and its spam are violating US law:
* It violates US law by offering drugs for sale to US residents that they may not legally import from pharmacies outside
the US, and it offers them for sale without prescription. See http://www.fda.gov/oc/buyonline/faqs.html
* Its site advertises generic versions of drugs like Viagra which are still under patent protection. Therefore, any
generics are by definition counterfeit.
* Its site includes "certificates" claiming endorsement from the Verisign and Thawte, and claiming that all
their products are approved by the FDA. These claims are false. Clicking on one of the images opens a page on
sarpletgans.com/cv itself, not a page on the site of the supposed accrediting organization.
* There is doubt whether they actually sell anything; the website may only be collecting credit card numbers.
* Their spam messages violate the CAN-SPAM act because they have forged "from" and "reply to"
addresses, are sent from hijacked computers without the knowledge or permission of the owners, do not include valid
information identifying who has sent the spam or how to opt out, and do not honor opt-out requests on their websites.
Addresses are collected by bots spidering the internet for email addresses.
* Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall,
Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") utilize hijacked Unix servers using the tirqd trojan.
See:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
* In each case in which this reporter was able to contact the person named in the whois information in the domain
registration of one of these sites, that person denied having any knowledge of his/her personal information being used
to register any domains. Some victims had already been aware of fraudulent charges on their credit cards for domain
registrations. See documentation at http://spamtrackers.eu/wiki/index.php?title=Fake_yambo_whois
As demonstrated by this domain, Canadian Health&Care Mall and VIP Pharmacy are part of the same spam brand and share
the same hijacked servers.
AlphaCentauri: Extended information for AS4134:
State/Province:
Country: cn
Responsible Domain: chinanet.cn.net
Abuse Email: cncert@cert.org.cn
Handler Note: 06 Jul, 2008 04:53:40
AlphaCentauri:
As is seen here, adding /e/ch/ to a VIP Pharmacy domain may show a Canadian Health&Care Mall site.
Handler Note: 06 Jul, 2008 05:07:39
AlphaCentauri:
The following bulker.biz/Yambo/Polyakov domains are registered with WildWestDomains. They also share the same hijacked
servers. Please suspend these illegal domains, which do not have paid hosting services to do so:
abutardack.info International Legal Rx Medication
acolobird.com US Drugs
adsertoll.info My Canadian Pharmacy
aparentlif.com Canadian Health&Care Mall
assendalubam.net Canadian Health&Care Mall
bellsompal.com My Canadian Pharmacy
borecometin.com Men+ Health
breetadmol.com My Canadian Pharmacy
buseropast.com Canadian Health&Care Mall
coypadiser.com My Canadian Pharmacy
denomitardes.com Canadian Health&Care Mall
graiterits.com My Canadian Pharmacy
growdowndast.net Canadian Health&Care Mall
idasaftyarn.info My Canadian Pharmacy
imolikeiky.net My Canadian Pharmacy
incomplerob.com International Legal Rx Medication
inlengotict.info VIP Pharmacy
isignalbind.info Men+ Health
kaimepresid.net International Legal Rx Medication
leafedpalaw.com My Canadian Pharmacy
lendsevert.com My Canadian Pharmacy
mikerpinkdo.net VIP Pharmacy
ouchweelvast.net My Canadian Pharmacy
relyupolon.com VIP Pharmacy
sadratchlock.com My Canadian Pharmacy
sarpletgans.com VIP Pharmacy
saupetoile.com Canadian Health&Care Mall
shoostcalte.net Men+ Health
songanimyk.com My Canadian Pharmacy
sproweduynf.com International Legal Rx Medication
sulcknyga.com Canadian Health&Care Mall
tankdanse.net Canadian Health&Care Mall
thorgteroma.com US Drugs
usweragegt.net My Canadian Pharmacy
weranyral.com International Legal Rx Medication
yongduman.info US Drugs
ISPs: Please assist your customers in identifying and disinfecting servers at the following addresses:
aon.at
194.107.92.211
astral.ro
193.231.163.125
atlanet.it
62.123.71.188
chinanet.cn.net
218.21.90.7
cnc-noc.net
58.241.87.130
dinanet.net.co
201.219.199.101
gtsi.sk
62.168.101.112
niobeweb.net
77.245.149.25
ntt.ru
84.253.77.6
ocn.ad.jp
61.199.236.180
peterstar.net
82.140.67.171
ptd.net
204.186.146.60
Registrars: please suspend the following domains and nameservers. Please investigate the payment history as it was
almost certainly fraudulent as well. Please forward evidence of fraudulent activity to law enforcement.
See domain suspension instructions at
http://www.spamtrackers.eu/wiki/index.php?title=Registrar_Advice
Hong Kong mirror:
香港 镜象地点
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_domain
(Removal of nameservers is here:
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_name_server_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_name_server_domain )
As the domains for the Yambo family of spamvertised websites (My Canadian Pharmacy, International Legal Rx Medications,
Men+ Health, US Drug, VIP Pharmacy ("Viagra + Cialis"), and Canadian Health&Care Mall are uniformly
registered with information obtained by identity theft and paid with fraudulent credit/debit card information, please
suspend any other sites in this family that you become aware of.
