News & Updates

The Latest on Internet Pharmacies, Supplements, Designer Drugs,
and Other High-Risk Merchants

Fake drugs, falsified WHOIS, and UDRPs

I recently had the pleasure of being the Respondent in a Uniform Dispute Resolution Policy (UDRP) complaint. Perhaps unusually for a UDRP filing, I fully supported the Complainant's filing and urged the arbitrator to find in their favor. 

How could that be? Read on.

For those unfamiliar with the term, a UDRP filing allows a brand (trademark) owner to obtain a domain name that contains the trademarked term in question. For example, Rolex would probably prevail in a UDRP filing to have the domain name transferred to Rolex. (Especially if the “watches” were counterfeit or replicas of some kind.) UDRP filings are typically decided by an arbitrator, as opposed to the courts.

UDRPs are also commonly used by drug companies to recover domain names that contain their branded drug terms, and that are frequently utilized by domainers (at best) or rogue Internet pharmacies (at worst). LegitScript sees thousands of these domain names daily; most don’t point to any content, but many do. (The website, for example, likely violates Pfizer’s trademark since it contains “Viagra.”)

Anyway, Cephalon, the drug company that makes Provigil (modafinil), filed a UDRP regarding several domain names containing “provigil” (specifically,,,,,,,,,,, and Although these domain names were registered with a registrar’s privacy protection shield, apparently “behind the shield” contained this WHOIS information:

Registrant Name: John Horton
Registrant Organization: N/A
Registrant Street: 818 SW 3rd Ave #353   
Registrant City: Portland
Registrant State/Province:
Registrant Postal Code: 97204
Registrant Country: US
Registrant Phone: +1.8775344879
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

This information was found on multiple domain names, not just those that contain “provigil.” For example, if you look at the historic WHOIS information for, that’s the registration information you’ll see. Some of these domain names were designated by LegitScript as rogue Internet pharmacies (and several were shut down) for selling prescription drugs without requiring a prescription.

Needless to say, I didn’t register any of those domain names. That’s my name and business address (and business phone number), but I’ve never used that email. Which highlights an uncomfortable fact about WHOIS: it’s very easy to spoof or falsify a domain name registration record. All you need is a responsive email address so that when a registrar sends you a “please verify your account” email, you can respond to it — in this case, under a fake name. And in this case, the rogue Internet pharmacy operator not only hid his identify, but decided to falsify the record at the same time.

So who’s really behind these domain name registrations? As it so happens, all of the information points to a notorious rogue Internet pharmacy operator we’ve gone to battle with on numerous occasions over the years who goes by the moniker “Rx Revenue” (and who, coincidentally, favored the domain name registrar Moniker). “Rx Revenue” operated counterfeit drug websites like, which we shut down and has now been replaced with I use the word “counterfeit” purposefully there: we did a test buy a few years ago from the website, and it was a case where the drugs were visibly fake to the naked eye, falling apart into chalk-like crumbles. And, his websites have sold controlled substances including Oxycodone and Hydrocodone without requiring any prescription at all. 

Anyway, we’ve actually had numerous email changes with “Rx Revenue” over the years following our shut-downs of his websites, in which he’s demanded the domain names back that had been used to sell fake drugs and controlled substances without a prescription. We worked with the registrars in question to ensure that that wouldn’t happen. Apparently in retaliation, he registered the domain names in my name. Which is a little like a toddler throwing a tantrum, throwing a stuffed animal at me and calling me a poopy-pants.

At any rate, I wrote the arbitrator in the UDRP filing regarding the Provigil domain names (they were able to send me a hard copy of the complaint at our business address, since that had been used in the falsified WHOIS record). Amusingly, I was provided a login as the Respondent, and thus got to file a response on behalf of “Rx Revenue” — apparently an unintended result of his misuse of my identify. In my filing, I informed the arbitrator that the WHOIS data had been falsified in my name, and encouraged the arbitrator to grant the Complainant’s request to transfer the domain names away from Rx Revenue to Cephalon. And, it's worth noting that Rx Revenue wasn't particularly original in this case: as cybercrime sleuth Brian Krebs reported a few years ago, this has happened to me before

At the end of the day, stories like this help to pull the curtain back on how rogue Internet pharmacies operate and the importance of accurate domain name registrations. If you visit, it presents a shiny interface designed to engender customer trust. But if the website operator is willing to falsify the WHOIS record, what’s to suggest that they wouldn’t be willing to sell fake drugs? It’s also a reason that we believe WHOIS privacy should be available to individuals using a website for non-commercial activity, but not for websites used to sell goods or services, and certainly not for websites selling prescription medicines. It's inconceivable that any legitimate Internet pharmacy could ever have a valid reason for wanting to conceal its identify from the public. And if a WHOIS record for an Internet pharmacy is falsified, it's a good bet that it's up to no good … much like and Rx Revenue's other websites.