The after-shocks continue from this operation.
Many spams use redirections to the "target" or landing pages on pharmacy scams. That's to avoid Internet blacklists that track domain names found in spams. However, there is currently a high failure rate in this process as the coordinated effort continue.
Take an example - pillsbu.com
There are many Russian redirectors to this site; one example is medichemr.ru
Domain Name: PILLSBU.COM registered in Pakistan with registrar: PAKNIC (PRIVATE) LIMITED
Updated Date: 06-oct-2011
Creation Date: 08-sep-2011
From the status it is clear that this registrar has taken no effective action to suspend this fraud pharmacy. (Pharmacy Express).
Registrant details from a look-up in whois:
Sergey Zaharcev firstname.lastname@example.org
Olimpiyskaya str. 7-30
Cherepovec, Cherepovec 672103
Phone: 1.73531827217 Ext:
Hosting IP address: 184.108.40.206
The hosting ISP is in China
CHINANET jiangsu province network
Name servers are registerd in the Ukraine and in Russia
The first name server is hosted at the same address as the web site, and the second is in Romania
SC CORAL IT OFFICE SRL
Calea Vitan Nr. 4, Bl. 161
Sector 3, Bucuresti
However, at this moment, around the world only about half the attempts to load this site result in failure.Summary:
To counter this fraud, Interpol needs to have cooperation from operatives in Pakistan, Russia, the Ukraine, China and Romania. All of these operatives are being abused, and until they take action to prevent the abuse, they are contributing to the problem by sponsoring the crime.