Online Opioids Trafficking Domains Sponsored by U.S. Registries and Registrars- Concerning their response to notification in reference to existing lawAuthored by Garth Bruen, Knujon LLCg_bruen@knujon.com

Online Opioids - P � of �1 19 Wednesday, February 15, 2017 KnujOn LLC

1. Introduction

This report discusses U.S. Internet providers supplying various services to domains trafficking in opioids. Opioids are synthetic narcotic drugs considered controlled substances under U.S. law. In the cover page image we see an Internet domain (lomixshop.com) selling opioids paired with an inset of the response from the domain registrar (GKG) following a complaint. What the following report demonstrates, among other things, are inconsistent Internet provider policies and self-contradictory responses to complaints of illegal activity. The domains were either reported to their respective Top-Level Domain (TLD) registries, sponsoring domain registrar and/or content hosting companies. The illegal conditions of these domains along with the response and handling by the service providers are analyzed in detail within the perspective of governing U.S. law. In the process of compiling this report over 300 domains selling opioids were analyzed and nearly 50 different Internet companies were contacted directly. The companies featured here are the ones that did not investigate, suspend and/or report the illegal activity to law enforcement. The particular companies are:

* Registries:

• Public Interest Registry of Virginia (.ORG)

• Versign of Virginia (.COM & .NET)

• XYZ.COM of Nevada (.XYZ)

• Registrars:

• Global Knowledge Group (GKG) of Texas

• NameSilo of Arizona

It is important to note that most of the providers we contacted (some with extreme difficulties) did in fact respond to reports and complied with law, policy or regulation. The compliant providers are not listed here, but the reader should know that opioid domains were found in nearly all Top-Level Domain registries and at most major registrars. Assumptions can therefore be made about compliance in other portions of the DNS. Within the conclusion of this report there is a summary of the differences in policy between compliant and non-complaint parties. Certain compliant providers were well aware of controlled substance laws and fully executed their documented policies. It should be noted our efforts to communicate these issues to the various parties were extensive and occurred over a six-month period.

Online Opioids - P � of �2 19 Wednesday, February 15, 2017 KnujOn LLC

The following points may be useful in understanding the context of this report:

* Online sales of opioids in the U.S. are only permitted under very specific conditions. The domains sponsored by the providers do not meet this basic criteria and are illegal on their face.

* In order for a website to resolve and function on the Internet several parties must be engaged and contracted for services.

* The law that prohibits online sales of opioids extends potential liability to the service providers sponsoring the domains.

* Some studied providers have attempted to assert they have no relationship with the opioid domains or their owners. However, this is a false narrative since the domains would not exist without the sponsorship of the specific companies.

* Some studied providers have attempted to assert they have no technical ability to remove domains from the Internet, but this is a fallacy since they are in-fact the only entities who have the technical ability to remove a domain from the Internet.

* Most studied providers have specific terms of use concerning “illegal activities” and even more specifically drugs or pharmaceuticals yet refused to enforce their documented policies.

* Some studied providers issued contradictory information concerning their policies and refused to clarify the policy when questioned.

* One provider (GKG) stated they “could not determine any illegal act” occurring within an opioid domain.

* One provider (PIR) cited non-existent sections of their contract with ICANN which purportedly prevented them from removing opioid domains from the Internet.

* One provider (PIR) explicitly stated they would not accept/acknowledge further reports of domains selling opioids and requested we stop reporting these as abuse.

* Following a report sent directly to a registrar’s CEO (NameSilo) the opioid domain in question became “hidden” on the Internet from some addresses but was still accessible from other IP locations.

As a caveat, the problem of Internet opioid domain sponsorship is much larger than depicted here. The point is to highlight specific policy failures among these samples.

Online Opioids - P � of �3 19 Wednesday, February 15, 2017 KnujOn LLC

1.1. About KnujOn

KnujOn.com, LLC is an independent abuse handler and Internet policy research organization based in Boston, Massachusetts. KnujOn processes abuse data in the form of spam and other security threats to develop a clear picture of problems facing Internet policy. We see our role as one of assisting the ordinary Internet user in navigating the dense technical bureaucracy of the global network and augmenting public services in the face of rampant illicit electronic traffic.

1.2. Opioids

Opioids are defined as synthetic analgesics which function in the human body like morphineor other substances derived from the opium poppy plant. Variations of opioids have beendeveloped to treat specific conditions. Opioids as a category are controlled substances,meaning they are on U.S. federal schedules which limit their access and use. Opioids have a high potential for addiction and can easily result in overdose deaths in unsupervised settings. All of these drugs require a prescription.

1.3. Functions of the Internet

On a basic level any website requires three (3) things: 1) an Internet Protocol (IP) address to serve content, 2) a domain name which is human-readable, and 3) a namesever that ties the IP and domain together. Domain names are sold and sponsored by registrars who request that Top-Level Domain (TLD) registries insert the domain name/nameserver pair into a zone file which makes the website visible on the Internet. Registrars and registries have total control over whether a website resolves on the Internet. Illicit online pharmacy operators have created sophisticated systems for marketing and selling dangerous drugs without prescription. There are layers to the online pharmacy process which may include: directory sites listing online pharmacies, malware hijacked sites with click-through links, and click-through tracking for affiliate payouts. All of these segments are at their root domain names.

1.4. Current Law Concerning Online Opioid Domains

The Ryan Haight Act modifications to the Controlled Substances Act make it illegal to sell 1 2

pharmaceuticals on the Internet without a prescription OR to issue prescriptions virtually without an in-person doctor visit. The law requires Internet pharmacies to clearly disclose their location, their license, the names of professionals affiliated with the pharmacy and other regulatory compliance documentation. There is no requirement for the Internet pharmacy to actually ship opioids to violate the law, violations simply occur in their representations to the Internet consumer. The domains featured in this report either sell opioids without a prescription and/or do not disclose their pharmacy information and license.

https://www.justice.gov/archive/olp/pdf/hr-6353-enrolled-bill.pdf1

https://www.gpo.gov/fdsys/pkg/USCODE-2011-title21/pdf/USCODE-2011-title21-chap13-2

subchapI-partB-sec812.pdf

Online Opioids - P � of �4 19 Wednesday, February 15, 2017 KnujOn LLC

1.5. Information Presented in this document

The domains featured here are documented through accepted criteria as being illegal. The domains were reported to the entities responsible for providing the Domain Name Service (DNS) connection which makes them resolvable on the Internet. The focus of study is on how each company, especially those within the U.S., handled each complaint: Was there a response? Was the response reasonable? Did the company comply with the law after being notified? The domains featured in this report were collected from common Internet search engines such as Goggle, Yahoo, Bing, and the social media platform Twitter. Immediately (same day) upon discovery/review of the domains the registrar and registry for each was notified via email to their publicly posted abuse email address with a clear message indicating that this domain was selling opioids and was in apparent violation of existing U.S. law. In general, reports of opioid-trafficking websites appear ignored by certain providers. This research is in essence a follow-up to online opioid research conducted by undergraduates in 2016. The basic findings of 3

this research were: 1) Opioids are easily available through a number of sources on the Internet for purchase; 2) All of the websites recorded are in violation of current law; and 3) Most of the websites recorded have some or all of their operation in the United States.

The domains reviewed generally offer a variety of opioids including hydrocodone, oxycodone, oxycontin, percocet, vicodin, and fentanyl. Some domains also sold items like “crystal meth”, ‘bath salts” or “party pills”. Many of the service providers who refused to terminate the illegal domains or even investigate stated responsibility or liability rested with a different party. Specifically, registries would shift blame to registrars, registrars would shift blame to hosting providers and hosting providers would simply refuse to respond.

http://www.nabp.net/news/college-study-investigates-ease-of-illegal-access-to-opioids-online-3

finds-most-sites-studied-violate-online-pharmacy-consumer-protection-act

Online Opioids - P � of �5 19 Wednesday, February 15, 2017 KnujOn LLC

2. Problematic U.S. Providers

The following providers in the U.S. either did not respond to notices, did not follow-up with complaints as promised, did not comply with the law, and/or outright rejected any responsibility to observe governing regulations. Paradoxically, Internet companies outside the U.S. have been more cooperative on this issue than U.S. based companies.

The absolute authority over whether or not a website domain is reachable rests with registry. The TLD registry places domains in a zone file.The secondary authority over domains is in the hands of the registrar who requests that the registry place a domain in or remove a domain from the zone file. The obligation of registries and registrars to obey the law is a contactual obligation to ICANN and lawful use is obligated on the domain registrant. The argument that a registry or 4 5

registrar does not have the legal or technical ability to suspend a domain name is entirely fallacious. The two paragraphs below explain the specific registry and registrar relationships to the DNS.

What is a registry? A registry is a company accredited by the Internet Corporation of Assigned Names and Numbers (ICANN) that manages specific portions of the Domain Name System called registries or specifically zones. Registries accept domain name, nameserver and Internet Protocol addresses (IPs) for insertion into the zone file of a registry like .COM, .NET or .ORG. Without insertion in the registry zone a website does not exist. What is the issue in terms of opioid domains? Websites do not exist, cannot be resolved on the Internet without the registry inserting them into the zone file. The registry is the final gatekeeper of the accessible websites.

What is a Registrar? A registrar is a company accredited by the Internet Corporation of Assigned Names and Numbers (ICANN) to sponsor domain names. Domains are the human-readable strings on the Internet. Sponsorship of a domain means that the registrar associates the domain name with an Internet Protocol address (IP) through a nameserver. This combination is placed in a registry zone file which makes the domain name resolvable as a website. Without a registrar, there is no website. Anyone registering a domain with an ICANN registrar enters into an agreement stating they “are not registering the domain name for an unlawful purpose.” 6

https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en4

https://www.icann.org/resources/pages/policy-2012-02-25-en5

https://archive.icann.org/en/udrp/udrp-policy-29sept99.htm6

Online Opioids - P � of �6 19 Wednesday, February 15, 2017 KnujOn LLC

2.1. Public Interest Registry (PIR) - Regarding .ORG: Public Interest Registry: 1775 Wiehle Avenue, Suite 100 Reston, VA 20190 US. Officers: Brian Cute, Brian F. Cimbolic, Megan Soffer, Elizabeth Finberg, Paul Diaz. Public Interest Registry (PIR) is the registry operator for .ORG domains.

overallpharmacy.org, et alPIR manages all domains in the .ORG registry under contract with the Internet Corporation of Assigned Names and Numbers (ICANN). PIR has a publicly stated prohibition against “illegal or fraudulent activities” within the registry, yet PIR has refused to enforce its policy against 7

domains selling opioids without a prescription and domains presenting themselves as “pharmacies” without displaying a license. We attempted, in good faith, to work with PIR.

Multiple .ORG opioid domains were found during this research and reported to PIR, but for this example we focus on overallpharmacy.org which was reported to PIR on 08/10/2016, 09/07/2016, 09/22/2016,10/11/2016, 11/03/2016, 11/08/2016, 12/09/2016, and 01/01/2017. The domain sells Hydrocodone, Percocet, Codeine, and Morphine without a prescription and without disclosing a pharmacy license.

Since PIR policy expressly forbids “Illegal or fraudulent actions” within the registry and PIR 8

“reserves the right to deny, cancel…in its discretion…(2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution

https://pir.org/policies/org-idn-policies/anti-abuse-policy/7

https://pir.org/policies/org-idn-policies/anti-abuse-policy/8

Online Opioids - P � of �7 19 Wednesday, February 15, 2017 KnujOn LLC

process; (3) to avoid any liability, civil or criminal, on the part of Public Interest Registry”, the domain was reported per PIR instructions to abuse@pir.org. The following is the result of 9

attempting to report policy violations to PIR.

The first PIR response from their Associate Counsel stated, in part:

“Pursuant to the terms of its contract with ICANN, Public Interest Registry has no control over the uses to which a domain name may be put, and, absent a finding of technical abuse of the DNS, has no control over the content or operations of any web site. We are not authorized to intervene with a domain name registration unless requested by the registrar or pursuant to the order of a court having jurisdiction.”10

A careful review of the PIR-ICANN contract shows that none of the language or conditions 11

listed by PIR counsel actually exist in the document. Several requests were made for PIR to cite the sections of contract that prohibited PIR from removing illegal domains or a requirement to only remove a domain in response to a court order. However, PIR counsel never responded to these requests. Additionally, PIR’s published policy that it may cancel domains "in its discretion" is at odds with the counsel’s claims of restrictions within the contract. The contract largely defines the relationship between ICANN and PIR and sets no restrictions on the removal of domains. Upon further inquiries the PIR counsel provided this additional explanation:

“We [PIR] are not in a position to substitute ourselves for a court of competent jurisdiction"12

In response to this statement PIR counsel was asked how then the company is able to suspend domains “in its discretion”. PIR did not respond to this question. However, in future correspondence PIR counsel stated:

“The one carveout in our Abuse policy covering content is for images of child exploitation”13

In response to this statement PIR was asked how it is possible to identify one type of criminal activity but not another. The question was not answered. Furthermore, PIR was asked where the authority originated to also suspend domains engaged in phishing and spam as claimed in PIR’s abuse policy. Again, the issue was not addressed by PIR. Follow-up requests were met 14

with form letters, which actually contradicted previous policy statements by asserting PIR would

https://pir.org/about-us/contact-us/9

correspondence10

http://www.icann.org/en/about/agreements/registries/org11

correspondence12

correspondence13

https://pir.org/policies/org-idn-policies/anti-abuse-policy/14

Online Opioids - P � of �8 19 Wednesday, February 15, 2017 KnujOn LLC

only take action against domains “engaged in technical abuse of the DNS”. Since phishing 15

and child exploitation are not technical abuses of the DNS, it is difficult to understand how the PIR abuse policy actually stands. Further attempts to clarify the PIR policy on abuse were finally met with a specific request to stop reporting domains selling opioids:

“Regarding your numerous and frequent emails to our Abuse alias concerning alleged fraudulent and/or illegal activity associated with pharmaceutical sites within the .org registry, I must insist that you refrain from sending future notices and demands.”16

This was issued by PIR’s General Counsel. It was further specified that PIR would only respond to federal court orders. This expectation fails to acknowledge two facts: A) pharmacy in the U.S. is regulatory issue before it is a legal issue, and B) the Internet provisions of the CSA may be enforced by any state’s attorney general.

The PIR counsel further stated that:

“Public Interest Registry is not in a position to investigate the bona fides of pharmaceutical licenses"17

However, the law as stated, requires pharmacy domains to post pharmacy licenses as a matter of compliance. No license whatsoever has been posted on overallpharmacy.org which places it in violation of the law, not PIR’s imagined need to verify said license. Furthermore, bodies such as the National Association of Boards of Pharmacy (NABP) will verify pharmacy licenses. There is no requirement for PIR to be an expert.

Conclusion

PIR’s abuse policy is inconsistent, incoherent and incorrect. PIR claims in public it reserves the right to cancel any domain at its discretion for illegal or fraudulent actions, but claims in private it is prevented from doing so by the ICANN contract. PIR claims in private it recognizes some activity as being illegal but not other activity. Taking a willful blind eye to criminal activity by instructing concerned members of the public to not report narcotics trafficking domains is not a good policy path for PIR. Demanding court orders to remove domains ignores the general and contractual obligation of PIR to follow the law. PIR needs to clarify its publicly stated policies and provide an acceptable process for referring complaints. A blanket denial of responsibility is not an effective process.

correspondence15

correspondence16

correspondence17

Online Opioids - P � of �9 19 Wednesday, February 15, 2017 KnujOn LLC

2.2. Verisign - Regarding: .COM/.NET Verisign (Registry): 12061 Bluemont Way Reston, VA 20190 US. Officers: D. James Bidzos, George Kilguss III. Verisign is the registry for .COM and .NET which make up the bulk of the domains described in this report.

silkroadmeds.com, et al.COM in particular is the largest portion of the DNS, so as might be expected, the number of domains within .COM selling opioids is so large that it will require a second and more detailed report at a future date. The general response from Version is “go to the registrar” which is problematic because the registrars in these cases have also failed to investigate, comply with the law or even respond. As an example, consider silkroadmeds.com which clearly draws its name from the notorious dark-web “Silk Road” site. Silk Road was an underground Tor/Alternate DNS site which sold a variety of illegal goods and services. The difference here is that silkroadmeds.com is operating completely out in the open despite being reported regularly to Verisign. The domain sells Morphine, Percocet, Hydrocodone, and Roxycontin without a prescription.

Verisign has a posted abuse address for reporting “Malicious Conduct” so the various illegal 18

domains were reported there. We attempted, in good faith, to work with Verisign on the issue.

https://www.verisign.com/en_US/legal-notices/index.xhtml18

Online Opioids - P � of �10 19 Wednesday, February 15, 2017 KnujOn LLC

The following is a detailed series of questions sent to Versign in response to their regular refusals to take action:

Dear Verisign Staff,

I have a number of questions concerning the handling of reports of domains related to opioids trafficking within the .COM and .NET registries. Since approximately August 2016 I have reported dozens of domains selling opioids (fentanyl, oxycodone, etc) without a prescription and without displaying the pharmacy license information, both of which are violations of federal law. Verisign has responded to all these reports with the following statement (or similar):

"Verisign is the top-level registry operator. As such, Verisign has no relationship, contractual or otherwise, with the registrant of a domain name nor does Verisign provide any services to the registrant or the webhost. Therefore, Verisign will not take any actions pertaining to a domain name absent an order from a court of competent jurisdiction directing it to take actions that are within its technical capabilities."

1) My first question, in regards to this statement, is how can Verisign take actions against a domain name with a court order when Verisign "has no relationship" and does not "provide any services to the registrant or the webhost"?

2) Verisign provides, as a matter of contract, an address to report "Malicious Conduct", yet I am unable to find a definition of "Malicious Conduct" on Verisign's site. Can you point me to your definition of "Malicious Conduct"?

3) How does Verisign, as the party that enables a domain to be resolvable on the Internet by inserting into the zone file and allowing to continue to be resolvable by maintaining it in the zone file, avoid responsibility for .COM/.NET domains engaging in trafficking opioids?

4) In general, does Verisign have any specific policies concerning opioids/narcotics traffic OR does Verisign have any published policies concerning illegal activities which are not acceptable within the registry - assuming this differs from a definition of "Malicious Conduct"?

Conclusion

As stated previously, Verisign staff did not respond to the above questions. The inherent problem in Verisign’s stance are their self-conflicting policy statements. Without a clear definition of “Malicious Conduct” their policy is opaque. Without a specific response as to why these illegal domains do not meet their abuse criteria, there is in effect no policy.

Online Opioids - P � of �11 19 Wednesday, February 15, 2017 KnujOn LLC

2.3. XYZ.COM: .XYZ is sponsored by XYZ.COM LLC 2121 E Tropicana Ave Las Vegas NV 89119 United States. Daniel Negari, Manager.

online-pharmacy.xyzThe stated policy of XYZ clearly states: “we may terminate or suspend the Services at any time for cause, which, without limitation…allegations of illegal conduct”. Because of this, one might 19

assume reporting the domain online-pharmacy.xyz would be quick work. However, multiple notices about this domains since August 11, 2016 have not resulted in action or response. The domain sells Hydrocodone, Oxycodone, Percocet, and Roxicodone.

Conclusion

Without a response or verified action, it is unknown what XYZ’s abuse policy truly is.

http://nic.xyz/xyzLaunchPolicies_v1.03.pdf19

Online Opioids - P � of �12 19 Wednesday, February 15, 2017 KnujOn LLC

2.4. GKG.NET INC (Registrar): 302 N. Bryan Ave., Bryan, Texas 77803 US. Officers: Mike Schout, Taylor W Marvin, Paul D Marvin.

lomixshop.com, at alGKG has the largest concentration of active opioid domains following the notifications issued in advance of this report. The opioid domain lomixshop.com appears to be part of an illicit network (which includes cityhealthcares.com novahealthcaresolutions.com espanhealthcareservice.com, dnethealthcare.com, and citywalkhealthcare.com).The domains claim to be “FDA Approved” and that their drugs are “Made in the U.S.A.” yet the pharmacy is not disclosed as required by law so the consumer does not know if in fact the drugs are FDA approved or made in the U.S.A.

The domains in this list also offer virtual consultations which are not permitted under the law.

Online Opioids - P � of �13 19 Wednesday, February 15, 2017 KnujOn LLC

Since August of 2016 the many domains trafficking opioids registered through GKG were reported to GKG, however the domains remain active. In response to these reports GKG has issued the following statement (or similar):

"Due to the fact that we can not determine any illegal act occurring with [the domain],you will need to address your requests with the hosting provider, or provide a valid US court order demonstrating illegal activity is occurring with this website."..."Additionally, the domain name in question is not in any direct violation of GKG's terms of service. If you have any specific information leading to a specific policy violation, please provide that information so we may validate the request."..."Lastly, a valid US Court Order supporting your claim would make it an easy decision for us. In cases where laws are clearly being violated, we can act accordingly. Those that are not so clear are reserved for the US Court to decide."

The response is problematic. Below is an analysis of each portion of the response.

1) GKG Staff responded to a report: "Due to the fact that we can not determine any illegal act occurring with the domain lomixshop.com" - lomixshop.com sells Oxycodone without a 20

prescription.

2) GKG Staff responded to a report: "Additionally, the domain name in question is not in any direct violation of GKG's terms of service" - GKG's AUP states, in part, that use of GKG 21

services which "promotes illegal drugs" violate GKG terms.22

3) GKG Staff responded to a report: "In cases where laws are clearly being violated, we can act accordingly." - The Controlled Substances Act (CSA) states, in part: "An online pharmacy 23

shall display in a visible and clear manner on its homepage a statement that it complies with the requirements of this section with respect to the delivery or sale or offer for sale of controlled substances" - The GKG domains do not comply with the CSA.24

GKG's public declaration is that it will consider a violation of its terms "Any site that is performing obviously illegal activities." and specifically:

"(7) If it comes to GKG's attention that you are using the service for purposes of engaging in, participating in, sponsoring or hiding Your involvement in, illegal or morally objectionable activities, including but not limited to, activities which are designed, intended to or otherwise:...(7.3) violate state or federal laws of the United States and/or foreign territories;...(7.7) harm minors in any way;"

Correspondence20

Correspondence21

https://www.gkg.net/policies/server_aup.html22

Correspondence23

https://www.justice.gov/archive/olp/pdf/hr-6353-enrolled-bill.pdf24

Online Opioids - P � of �14 19 Wednesday, February 15, 2017 KnujOn LLC

We additionally asked how the GKG domains sanjhonecareservice.com, norxonlineproducts.com, easyhealthcaresupport.com, and onlinepharmacyforpain.com do not fall into GKG’s definition, but there has been no response.

Conclusion

GKG is either woefully incompetent in reviewing basic facts or willfully blind to criminal activity within among their customers.

Online Opioids - P � of �15 19 Wednesday, February 15, 2017 KnujOn LLC

2.5. NameSilo, LLC (Registrar) 5322 E. Anderson Drive, Scottsdale, Arizona 85254 US. Officers: Michael S McCallister, Michael D Goldfarb.

greenpharmnow.comThe case of the NameSilo sponsored opioid domain greenpharmnow.com is particularly disturbing because 1) the domain openly sells Fentanyl and 2) after the CEO and other officers were directly advised of the domain selling of Fentanyl without a prescription the domain became “hidden” from some IP addresses but was still accessible from other locations. NameSilo was first notified 8/11/2016 about greenpharmnow.com. NameSilo has posted various policies concerning illegal activities:

“…engaging in any Illegal Uses will constitute an incurable material breach of this Agreement.”25…“Domains and web sites designed to encourage unlawful behavior by others”26…“Domains and web sites designed to harm or use unethically minors in any way"27

https://www.namesilo.com/terms.php25

https://www.namesilo.com/terms.php26

https://www.namesilo.com/terms.php27

Online Opioids - P � of �16 19 Wednesday, February 15, 2017 KnujOn LLC

The domain remained online selling Fentanyl so subsequent reports were filed on 9/22/16, 11/3/16, 11/8/16, 12/9/16, 12/27/16 and 1/5/17. NameSilo in fact renewed its domain sponsorship agreement with the owners of greenpharmnow.com 10/12/2016 despite the reports of opioids traffic.

On 1/10/2017 the officers of NameSilo: Sarah Lessmann, Mike Schout, Taylor W Marvin, and Paul D Marvin were all notified directly about greenpharmnow.com. There was no response, but the following day greenpharmnow.com became “hidden” from specific IP addresses. The image below shows two versions of the domain greenpharmnow.com accessed on the same day from different locations. The left pane shows the domain blocked while the right pane shows the domain’s real content seen through a proxy browser (using an address in another location) hence the switch to Euros for pricing.

Conclusion

Because NameSilo has not responded to reports directly, their position cannot truly be known. However it is clear this domain violates NameSilo’s terms and the law. It is also not known if the registrant also tried to conceal the domain from NameSilo (this is a strategy which has actually fooled other registrars).

Online Opioids - P � of �17 19 Wednesday, February 15, 2017 KnujOn LLC

3. Overall Conclusions

At the end of this effort and analysis a clear contrast has emerged between providers who suspended domains in response to reports and providers who refused to take action against reported opioid domains. The table below demonstrates this contrast in general while accepting not every example applies to all providers. The analysis here compares 1) posting of policy, 2) response by provider to abuse reports, 3) assignment of responsibility by the provider, 4) expectations of pharmacy license legitimacy, 5) use of provider policy by the provider, 6) view of the role of the provider’s ICANN contract, 7) view of general legal compliance, AND 8) use of the provider’s internal legal resources.

Providers suspending opioids domains vs. providers permitting opioids domains

Providers who suspended domains Providers who permit opioid domains

Policy Posting Published clear Terms of Use to their customers and clients

Published ambiguous policies or no policy whatsoever

Response Responded immediately Responded only after additional complaints or did not respond at all

Responsibility Onus is on the domain registrant to provide documentation and/or to modify the domain

Onus is on the Internet user to provide proof of illegal activity

Licensure Required domain owners to produce pharmacy licenses

Claimed they are not qualified to authenticate pharmacy licenses

Internal Abuse Policy

Effectively used internal abuse policies Disregarded published abuse policies

ICANN Contract Recognized that the ICANN contract obligates them to follow the law

Falsely claimed that the ICANN contract prevents them from suspending domains

The Law Correctly believe the law indemnifies them for acting proactively against opioid trafficking domains

Incorrectly claim that domains can only be suspended with a court order

Internal Legal Staff

Used legal staff to terminate customer agreements and enforce policy

Used legal staff to issue form letters to Internet users who complained about opioids traffic.

Online Opioids - P � of �18 19 Wednesday, February 15, 2017 KnujOn LLC

Among Internet companies featured as non-responsive or non-compliant there appears to be a pervasive attitude of disregard in terms of consumer complaints as well as regulation. Some U.S. based providers cite the ICANN contract as the governing policy that forbids them from taking action. This is not factual since the ICANN contract explicitly compels them to follow local law and regulation. In terms of contract language, ICANN contracts specify that parties must comply law and regulation, this is distinct from the actual process of a court order which demands compliance. In these matters, ICANN’s contractual parties have discretion in terms of suspending or terminating domains. The contracts in fact provide protection to registries and registrars who suspend domains violating the law.

The following U.S. based registry companies are of concern in terms of response to reports of domains trafficking in opioids: 1. Verisign (.COM & .NET) holds the most opioid domains found in this research and was the least responsive, 2. Public Interest Registry (.ORG) rejected technical or legal responsibility to take any action, and 3. XYZ.COM LLC (.XYZ) which did not respond. This is a disappointing situation considering proper enforcement at the registry level would effectively prevent opioids traffic on most of the Internet as a whole. As for registrars, based on their actions, the registrars GKG and NameSilo should be considered rogue registrars.

Follow up reports to this one may include: A) A complete review of opioid domains in Verisign’s registries, B) ICANN’s procedural failures in handling complaints concerning opioid domains, and C) Non-U.S. Internet companies sponsoring opioid domains.

Online Opioids - P � of �19 19 Wednesday, February 15, 2017 KnujOn LLC

Appendix A: Domains Forwarded to Verisign Abuse

The following opioid selling domains were still active as of the publishing of this report. All were reported to Verisign directly, some multiple times for months.

silkroadmeds.com24x7pillstore.comanonshop.netbrandnewrx.combuycheaphydrocodone.combuyhydrocodoneonline.combuyphentermineonlinenow.combuyrx-online.comcal-adphi.netchoice-pharmacy.comcontrolledmeds.comcureonlinepharmacy.netdrug-cart.comdrugs-point.comfastpainreliefstore.comgoldpharma-24.comgoodrxpharmacy.comhealthyzstorez.comhelendagner.comlegalonlinepharmacy.comlegitdrugstore.comlegitpharma.comlifechekpharma.comluvalotrecords.comtop-rx-medicines.commysleepingtabs.comnewrxpharmacy.comoverthcounter.compainreliefcheckout.compharma-checkout.comphenterminebuyonline.netpillsorderonline.compillspharma.netpillspoint.comquickpainmeds.comrushmedsrx.comrx-easymeds.comrx-medico.comrxonlinemedicines.comrxpharmstore.comrxplaces.com

Online Opioids - P � of �1 2 Wednesday, February 15, 2017 KnujOn LLC

Appendix B: Associated Complaints

Online Opioids - P � of �2 2 Wednesday, February 15, 2017 KnujOn LLC