Spam Alert
 
 Full Report: /Canadian_Healthcare_spam216136.html
 
 Consumed following related reports:

[216137] http://ticktwo.com
[216138] http://ticktwo.com/
Changed status to confirmed spam.IP Converted: 218.61.7.21

dword = 3661432597
hex1 = 0xda3d0715
hex2 = 0xda.0x3d.0x7.0x15
oct = 0332.075.07.025
View CIDR AS4837 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4837

"4837 | CN | apnic | 2001-09-17 | CHINA169-BACKBONE CNCGROUP China169 Backbone"<br />
Extended information for AS4837:
State/Province:
Country: cn
Responsible Domain: cnc-noc.net
Abuse Email: abuse@cnc-noc.net
Criminal Evidence

Canadian Healthcare is a highly spammed pharma brand which shares nameservers and payment processing with known Sancash brands like Elite Herbal/Express Herbal/Megadik/VPXL, King Replicas, and Wondercum. Canadian Healthcare sites were previously named "Target Pharmacy," but all changed to "Canadian Healthcare" simultaneously. See http://spamtrackers.eu/wiki/index.php?title=SanCash and http://spamtrackers.eu/wiki/index.php?title=Canadian_Healthcare

Sancash deals with a large number of affiliates, who are all sending spam for the same brands, causing these brands to account for one of the highest percentages of spam clogging inboxes.

Canadian Healthcare sites can be identified as frauds on even the most casual inspection, as they prominently display seals from the Canadian International Pharmacy Association and from PharmacyChecker.com, yet those seals do not have links to those organizations, as all legitimate seals do. See http://pharmacychecker.com/sealprogram/choose.asp# for an example of the correct type of clickable seal for PharmacyChecker.com. PharmacyChecker attempts to give examples of rogue pharmacies such as Canadian Healthcare, which use their seal fraudulently, but given the fact that Canadian Healthcare spams several new domain names every day, they can do no more than provide a few examples. All PharmacyChecker approved pharmacies are listed here: http://www.pharmacychecker.com/onlinepharmacyratings.asp

CIPARx even includes on its home page the warning:
"Latest News:

"Warning: do not deal with a site called "Canadian Pharmacy", "Canadian HealthCare" or "Drugs 5.com." These sites use fradulent seals and information. Go to Fraudulent Sites for more information."
CIPA approved sites can be searched here: http://www.ciparx.ca/pages/verify_membership.html

Canadian Healthcare sites also display a Verisign secure site seal, which also fails to have a link to Verisign. That is not surprising, since despite claims, the sites fail to provide secure ordering, lacking a "https" URL on the page where the customer is asked to enter personal information and credit card data.

Although the site has photos and names of brand-name drugs throughout, their "about us" page indicates they are selling generic copies of those drugs. Since many of them, like Viagra, are still protected by patents, the drugs they are selling are counterfeit by definition. (On the same "about us" page, they refer to themselves as "My Global Pharmacy," either because they have changed their name or because they have plagiarized from another scam pharmacy's website.)

The pharmacy claims to be licensed by The College of Pharmacists of British Columbia and even gives that group's address instead of listing any address for the pharmacy itself. The College has nothing to do with this scam pharmacy. Their list of licensed pharmacies can be obtained here: http://www.bcpharmacists.org/contacts/licensedpharmacies/

The sites display images of several credit cards on their home page, but at the time of ordering the only choices are Visa and American Express. That is because Mastercard has wisely chosen not to have dealings with this scam.

Other Sancash sites on this nameserver are listed at http://rss.uribl.com/ns/uxewxb_com.htmlSee the McAfee Site Advisor information at http://siteadvisor.com/sites/ticktwo.com


> 35 TECHNOLOGY CO., LTD
REGISTRATION OF THE WEB SITE
ticktwo.com

ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold


> HICHINA ZHICHENG TECHNOLOGY LTD.
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites which breaks your terms of service. You can safely suspend them:
NS3.PKFLUS.COM
NS4.PKFLUS.COM

ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to

clientUpdateProhibited,
clientTransferProhibited,
clientDeleteProhibited, and
clientHold

CLIENTHOLD ALONE IS NOT SUFFICIENT TO DISABLE A NAMESERVER
http://wiki.castlecops.com/Suspending_an_EPP_name_server_domain_Chinese
http://www.spamtrackers.hk/wiki/index.php?title=Registrar_Advice


> CHINA169-BACKBONE CNCGROUP China169 Backbone
IP ADDRESS OF HOST 218.61.7.21
The IP address of this criminal site is within your allocated address space.
ACTION: Black-hole the route to this address to prevent further criminal activity