May 30, 2011 Leave a comment
Over the past couple of years rogue online pharmacies have been advertising their domains on search engines and promoting themselves through search engine optimization. Legitimate pharmaceutical companies have their own measures in place to work on taking these sites offline. The problem with rogue online pharmacies is that they do not meet federal regulations. To be a legitimate online pharmacy they must meet certain requirements including:
- Having a physical pharmacy in the state in which they conduct business,
- If they have a doctor, they must have a relationship with the customer when providing a prescription,
- The online pharmacy must work with those prescriptions,
- In order to sell to customers in the USA, they must again have presence in the United States.
Domain Incite broke news on a new UDRP filing covering 209 domains (hat tip to Garth Bruen from KnujOn for posting this as a status update on his LinkedIn profile). Those domains have a word in common: “cialis”. This is a registered trademark owned by Eli Lilly. Although not conclusive, the Kevin Murphy from Domain Incite alleges Eli Lilly sounds like the most reasonable complainant.
The UDRP stands for Uniform Domain-Name Dispute Policy and is an agreement adopted by ICANN-accredited Registrars that is included in domain registration agreements. It provides a mechanism for trademark holders to file a complaint that shows there is harm being done to the trademark holder’s brand, and if successful, the domain may be reclaimed by the legitimate party.
Aside from industry efforts to help spread awareness and enforcement on the subject of rogue pharmacies like LegitScript, the National Association of Boards Pharmacy has an accredited program named “VIPPS” or Verified Internet Pharmacy Practice Sites to help with this matter.
Directly from the NABP:
Rogue Online Sites
Unfortunately, because it is so easy to create a Web site, there are thousands of sites pretending to be legitimate online pharmacies. To date, NABP has reviewed nearly 7,000 sites – only 4% of those online sites appear to be in compliance with pharmacy laws and practice standards. Using these rogue sites puts patients at risk of receiving counterfeit or adulterated medications. VIPPS accreditation ensures that an Internet pharmacy is a bona fide pharmacy, and it is the best way for patients to determine that they are getting the quality care they deserve.
VIPPS Online Sites
To ensure public health, VIPPS accreditation requires an Internet pharmacy to comply with the licensing and survey requirements of its state and each state to which it dispenses pharmaceuticals. VIPPS-accredited pharmacies meet nationally endorsed standards of pharmacy practice, and they demonstrate compliance with standards of privacy and authentication and security of prescriptions, adhere to quality assurance policy, and provide meaningful consultation between patients and pharmacists.
VIPPS pharmacy sites display the VIPPS Seal on their Web sites. The Seal is a key benchmark for consumers to measure the quality of a pharmacy’s practice, and by clicking on the VIPPS Seal, they are able to access verified information about the pharmacy.
So it is a good thing that we’re seeing this kind of UDRP Filing. I tried to visit a random set of these and found only an HTTP 200 OK response with no DATA. However, search engine being one’s friend and the suspect sites not enabling “do not cache” settings, here we see some snapshots of what they looked like. (click images to enlarge)
Notice on some of these images the same repeating image below. It is to enable a purchase of the illicit pharmacy. Clicking the image takes a person to the same type of site. Two of the above landed me on the same location, an image of which is shown coming up next.
At two of these sites in the footer was the following text with a hyperlink to the same location. Images of both are shown:
The end site:
We’ll pursue that and domains in a moment. Just one more thing to mention about the purchase site. There is an affiliate program where participants start earning 22% commission. This snapshot is shown below (and many of these rogue sites operate in affiliate programs).
Now let us explore some information about domains.
WHOIS on the Hanei Marketing Domain
Registrant: Dmitry Nekrasov email@example.com +1.4036192124 Hanei Foundation 1633 17 Ave. N.W. Calgary,Ab,CA t2m0r8
I’m not exactly sure what their involvement is; however, these illicit sites have the Hanei Marketing domain in their footer and worth pointing out. Searching for “haneimarketing” on the engines shows it has its domain, potentially as a template, for many rogue pharmacy sites, and apparently poker sites too. Snippet below…
WHOIS on the Illicit Drugs Purchase Site
Flex Trading Group LTD
David Pearlman (firstname.lastname@example.org)
Ground Floor Blake building Corner Eyre & Huston streets
Belize City, BZ, bz BZ0000
P: +650.4750882 F: +.
Also worthy to mention, that this particular purchase site is listed on the NABP’s “Not Recommended Sites” list. The list is pretty large, and is accessible here.
WHOIS on one of the affiliate sites
Igor Palchikov email@example.com +7.9163942040
Hanei Marketing LTD
WHOIS on a second of the affiliate sites
Igor Palchikov firstname.lastname@example.org +7.9163942040
Hanei Marketing LTD
There, we have a match with Igor Palchikov. We can go on and explore each of the other domains. Chances are, we’ll find the same sets of Registrants, the same ISP hosting location, and potentially the same affiliate IDs. I’ve personally helped in this kind of investigation before that led to the demise of the Herbal King Spammer under the now defunct CastleCops. This was also part of my work in my previous employment at Microsoft. However I must say, kudos to the complainant, if it is Eli Lilly for issuing UDRP Complaints against the domains. I am sure they investigated each one and confirmed they are illicit pharmacy sites. And as a trademark owner, they have the legal right to do this. In fact, did the simple act of filing cause the small random set of sites I checked to go dark on HTTP DATA?
For further reading, check out the work by LegitScript in this ecosystem by working with industry and government spreading awareness and education.
- And of course their blog for new information (provided earlier).
- Rogue Pharmacies using Facebook to hook Victims
If you are unsure of the site you may always check with NABP VIPPS Verification tool, or simply continue using your brick and mortar established pharmacy. One may also check NABP’s “Not Recommended Sites” List. Otherwise, stay away from online pharmacy sites, as they may be rogue!
Play it safe and be wary, these purchases often come laden with the wrong ingredients, toxic ingredients, and sometimes worse may cause death.
by Paul Laudanski Director of CTAC, North America