RxExpressOnline / RxMedications - rogue pharmacies

Post Reply
User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RxExpressOnline / RxMedications - rogue pharmacies

Post by MarkGiles » Mon Nov 11, 2013 11:21 pm

New from September 1, 2013 RxExpressOnline and RxMedications are two more of the Eva Pharmacy frauds.

The reference entry for this fraud is at
http://fraud-reports.wikia.com/wiki/RxExpressOnline
http://fraud-reports.wikia.com/wiki/RxMedications

Like other Eva Pharmacy frauds, RxExpressOnline and RxMedications use many spammed domains which are set up as disposables. They are registered with a small subset of registrars.

These spammed domains will redirect to a central site which is not spammed,
in an attempt to avoid blacklisting by the spam URL detection methods, such as SURBL.

Unlike most other Eva sites, RxExpressOnline and RxMedications use SSL layer security at checkout, with a certificate issued by RapidSSL CA from the GeoTrust Inc. organization to the web site rxcheckoutnow.com or securerxshopping.com and later smartrxpayments.com registered in Russia.

Examples of redirection targets from November 2013 -
RxExpressOnline e102.carcareprescription.net
RxMedications c100.healthrxshop.ru

Examples of redirection target domains from October 2014

Registered on R01.RU in Russia

thedruginc.ru
pilldrugstablets.ru
canadapillgroup.ru
bestpharmacydirect.ru
yourtabstrade.ru
safetabletpurchase.ru
pillhealthcaretenet.ru
goodtabletvalue.ru
luckyrxtrade.ru
safeaidassist.ru
bestrxgrouponline.ru
themedicalstore.ru
canadianprivateinc.ru

Redirecting domains on TRUNKOZ TECHNOLOGIES PVT LTD.
madeleneulla.com
octaviafrayda.com

Infrastructure domains

Registrar = 1 API GMBH

discountreorder.com
my-support-central.com
refillmyorders.com


Registrar = CJSC REGISTRAR R01

pleasefixdeclines.com
privatesupportpages.com
rxprivatesupport.com


Registrar = KEY-SYSTEMS GMBH

smartreorders.com
todayreorder.com

User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Mon Nov 11, 2013 11:49 pm

Redirectors:

===BIZCN.COM, INC.===


aloiseerica.com
benitananice.com
earthasheila.com
katinamagda.com
kristicharlot.com
nessyzahara.com
tinavivia.com
zanetakerstin.com


User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Mon Nov 11, 2013 11:50 pm

===HTTP.NET INTERNET GMBH===


lindieanabella.com
lorenadeni.com
merrillelle.com
paulitamarysa.com


User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Mon Nov 11, 2013 11:50 pm

===NAMESILO, LLC===


damitaerica.com
deenalaney.com
dinadonielle.com
elsinorevivienne.com
roiscamel.com


User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Mon Nov 11, 2013 11:51 pm

===NETLYNX, INC.===


abbielegra.com
allinamel.com
gertshelba.com
kileytana.com
nataaurel.com
reenarafa.com
trixmeridel.com


User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Mon Nov 11, 2013 11:52 pm

===PSI-USA, INC. DBA DOMAIN ROBOT / InterNetX, Germany===


ailenearlyne.com
angedamaris.com
cinnamonbeatrice.com
cosettasandi.com
georginealmeda.com
hyacinthiazorine.com
melisandraadrian.com
poppyshandeigh.com


User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Mon Nov 11, 2013 11:56 pm

===TRUNKOZ TECHNOLOGIES PVT LTD.===


cybillvanny.com
madeleneulla.com
malissagwendolen.com
maurebiddie.com
octaviafrayda.com
roannamirabelle.com
zenaflossy.com


User avatar
c۞g
Posts: 10927
Joined: Mon Jan 05, 2009 4:02 am

RxMeds / RxMedications

Post by c۞g » Wed Nov 13, 2013 5:20 am

Same scam different site template
screen capture

scam payment processors: rxcheckoutnow.com (referenced in OP)
rxsupportcheckout.com - IP: 192.111.130.133


healthrxshop.ru
o100.healthrxshop.ru
edonlinerx.com
ns1.edonlinerx.com
ns2.edonlinerx.com
rxscheap.com
ns1.rxscheap.com
ns2.rxscheap.com
rxsupportcheckout.com
edprods.com
ns1.edprods.com
ns2.edprods.com
edtrs.com
ns1.edtrs.com
ns2.edtrs.com



edonlinerx.com - whois
Creation Date: 2012-12-14

rxscheap.com - whois
Creation Date: 2012-12-14

edtrs.com - whois
Creation Date: 2012-08-21
∞ Opto, ergo sum
_https://en.wikipedia.org/wiki/And_You_and_I


User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Sat Nov 16, 2013 10:44 pm

Redirection targets sponsored by NETLYNX


e100.mypillgenerics.in
mypillgenerics.in

User avatar
MarkGiles
Posts: 1986
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: RxExpressOnline - rogue pharmacy

Post by MarkGiles » Sun Nov 17, 2013 12:31 am

Update in the original posting

Infrastructure domains

Registrar = 1 API GMBH

christmasrx.com
discountreorder.com
my-support-central.com
pharmacyreoder.com
refillmyorders.com


Registrar = CJSC REGISTRAR R01

rxcheckoutnow.com
securerxshopping.com
christmasrxsupport.com
pleasefixdeclines.com
privatesupportpages.com
rxprivatesupport.com
rxsupportcenter.com


Registrar = KEY-SYSTEMS GMBH

smartreorders.com
todayreorder.com


Registrar = ACTIVE REGISTRAR, INC.

fastordertracking.com

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests