vialauditThe Roundup

affiliate disclosure · we earn commission on some vendor links. audits, scores, and rankings are independent — vendors do not pay for placement. read more →

METHODOLOGY · 11 MIN·UPDATED 2026-05-09·BY MARA HOLLIS

Alias clusters in the research-peptide vendor market — what a 32-vendor 10-signal scan found

We applied a 10-signal hostname-aliasing check to 32 research-peptide vendor domains. Multiple confirmed alias clusters surfaced, including a smoking-gun shared Google Tag Manager ID linking three "different" peptide brands to one operator.

This is the follow-up to How to spot a hostname-aliased peptide vendor. The original methodology piece described four signals; we extended the scan to ten and re-ran it across 32 research-peptide vendor domains.

The full signal set

The scan now checks each domain against ten independent fingerprints. Each is weighted by reliability — favicon and tracking-ID matches are 2.0 (strong), shared mail server is 1.0, shared nameserver is 0.5 (many vendors use the same Cloudflare or GoDaddy nameservers and that alone proves nothing).

SignalWhat it catchesWeight
Reverse-IP (dig +short)Domains sharing infrastructure1.0
Nameserver records (dig NS)Same DNS admin, same registrar account0.5
MX records (dig MX)Same email infrastructure1.0
SOA admin email (dig SOA)Same registered DNS admin2.0
Favicon SHA-256 hashIdentical icon file across "different" brands2.0
Google Analytics / GTM / Facebook Pixel IDSame tracking account2.0 (decisive)
WordPress theme pathIdentical custom theme on two brands0.5
HTML page title vs hostname brandBrand mismatch in rendered HTML1.0
OpenGraph site_name vs hostname brandBrand mismatch in social-card metadata1.0
Cross-domain root redirectHomepage 301 to a different domain1.5

A domain is flagged as a confirmed alias when its weighted score across these ten signals is ≥ 2.0. Tracking IDs and favicon hashes are decisive on their own — they can't accidentally match across unrelated operators.

Confirmed clusters

1. Truform Compounds — score 7.5 / 5.0 / 2.0 across three domains

The Round-62 finding now has additional fingerprint evidence:

DomainSignals fired
primeresearchpeptides.comsharedIp + sharedNs + sharedTracking (GTM-P9QHNWM9) + sharedTheme + titleMismatch + ogMismatch + crossRedirect
truformcompounds.comsharedIp + sharedNs + sharedMx + sharedTracking (GTM-P9QHNWM9) + sharedTheme
primeresearchlabs.comsharedIp + sharedNs + sharedTheme

The decisive evidence: the same Google Tag Manager container ID GTM-P9QHNWM9 appears in the HTML of both primeresearchpeptides.com and truformcompounds.com. GTM container IDs map one-to-one to Google accounts; identical IDs across domains is a same-operator fingerprint with no ambiguity.

Plus all three domains:

  • Resolve to the same Hostinger IP (46.202.198.196)
  • Use the same ns1.dns-parking.com / ns2.dns-parking.com nameservers
  • Run the same WordPress hello-elementor-child theme
  • The OpenGraph og:site_name on the Prime hostname is "Truform Compounds"

Legal entity per cert-transparency: Truform Supplements LLC.

2. Summit Research → Summit Biotech — score 4.0

The post-FDA-enforcement rebrand:

DomainSignals fired
summitresearchpeptides.comsharedIp + sharedNs + titleMismatch + crossRedirect
summitbiotechusa.com(target of redirect; identified via the redirect)

summitresearchpeptides.com 301-redirects to summitbiotechusa.com. The page title on both domains reads "Summit Biotech | Woman & Veteran Owned". Summit Research was named in the December 10, 2024 FDA warning letters for marketing semaglutide and retatrutide as unapproved drugs.

3. ThinkPeptides → ProImmune — score 4.0

UK-based research-peptide brand consolidated under a parent operator:

DomainSignals fired
thinkpeptides.comsharedTheme + titleMismatch + ogMismatch + crossRedirect

Title: "Home - ProImmune". OpenGraph og:site_name: "ProImmune". Root redirect to proimmune.com. The Think hostname is preserved as a 301 with full ProImmune branding inside.

4. NEW — DomesticPeptides / PrimalSciencePeptides — score 2.5 / 2.0

A cluster the Round-64 v1 scan missed because both domains have distinct titles and no cross-redirects. The infrastructure fingerprints caught it:

DomainSignals fired
domesticpeptides.comsharedNs + sharedMx + titleMismatch
primalsciencepeptides.comsharedNs + sharedMx + sharedTheme

Both use SiteGround nameservers (ns1.siteground.net / ns2.siteground.net) AND the same custom mail-spam-protection MX records (mx10.antispam.mailspamprotection.com / mx20...). Domesticpeptides.com is a US-domestic vendor; primalsciencepeptides.com positions itself as a separate research-peptide brand.

This is the kind of cluster the v1 scan would have missed entirely. The infrastructure-level signals (NS + MX) caught it where the content-layer signals (title, redirect) didn't.

5. Defunct domains — sportstechlabs.com / questgear.com — score 2.5

Both domains parked at HugeDomains:

DomainSignals fired
sportstechlabs.comsharedNs + crossRedirect
questgear.comsharedNs + titleMismatch + ogMismatch

Same parked-DNS provider (namebrightdns.com). Both still appear in older vendor-review content as if they were operating peptide vendors. Reader landing on either gets the HugeDomains marketplace.

What didn't trigger — the legitimate-vendor pattern

A clean pass through the ten signals looks like:

  • Unique IP that doesn't match any other vendor
  • Distinct nameservers (or generic Cloudflare NS, which is too common to flag)
  • Email server matching the hostname domain (e.g. MX is *.swisschems.is)
  • HTML title matches hostname brand
  • OpenGraph site_name matches hostname brand
  • No cross-domain redirect
  • Favicon either unique or absent

Vendors in our cohort that hit this clean pattern: purerawz.co (score 2.0 — only flag is a generic title mismatch noise), all six other audit-cohort vendors, and primepeptides.co. The legitimate default is "no flags fire." When two or more flags fire on the same domain, an operator made enough infrastructure choices in common with another brand that it's worth investigating.

Surface findings worth disclosing on individual vendor profiles

Several scan results are about specific vendors in our cohort and worth surfacing on their profiles:

  • Particle Peptides — legal entity disclosed via OpenGraph. The og:site_name on particlepeptides.com reads "PARTICLE, s. r. o." — a Czech/Slovak limited-liability company. We hadn't flagged the legal entity before; it's now in the Particle vendor profile.
  • Ascension Peptides shares Zoho Mail with Truform and Prime Peptides. All three use mx.zoho.com for inbound mail. Zoho Mail is a popular budget host, so this is shared-infrastructure rather than a same-operator fingerprint. We're not treating it as alias evidence but worth noting in vendor due-diligence context.
  • Pure Rawz shares Google Workspace MX with Peptide Sciences. Both use *.aspmx.l.google.com. Same caveat — Google Workspace is the most-used mail host in the world; coincidence.

How operators usually scrub this — and what they miss

Operators who want to obscure alias relationships typically:

  1. Use Cloudflare in front of every domain so dig +short returns Cloudflare IPs that don't cluster
  2. Customize page titles to remove the parent brand
  3. Strip the og:site_name to be the hostname brand instead of the parent

What they almost always forget:

  • Tracking-ID propagation. GTM is set up once at the operator level and inherited across properties; almost nobody re-creates a separate GTM container per brand. This is the single highest-yield signal in the scan.
  • WordPress theme paths. Custom child themes (hello-elementor-child in the Truform case) are reused across the operator's properties.
  • Favicon files. Operators copy-paste their site setup; the favicon binary often comes along.
  • MX records. Email is provisioned once at the operator level.

The scan exploits exactly these forgetting-points.

Calibration — what the score thresholds mean

We've been running with score >= 2.0 as the confirmed-cluster threshold:

  • Score ≥ 4.0: Multiple independent infrastructure and content signals concur. Same-operator at near-certainty. (Examples: the full Truform cluster, Summit Research, ThinkPeptides.)
  • Score 2.0–3.5: At least two signals concur. Suggestive but warrants manual confirmation via the fourth signal (cert-transparency) or a manual page-source inspection. (Examples: the new DomesticPeptides / PrimalSciencePeptides cluster.)
  • Score < 2.0: Single weak signal or noise; not flagged.

The ten-signal weighted score is a heuristic, not proof. Domains that score above the threshold are claims to investigate, not verdicts.

Sources

More from the desk

ALL ARTICLES →
METHODOLOGY
Coded SKU names — how research-peptide vendors hide FDA-cited compounds in plain sight

We documented Particle Peptides selling Retatrutide as 'GLP-3' and Summit Biotech selling 8 different FDA-cited compounds under code names like 'R-10mg', '

9 minREAD →
METHODOLOGY
How to spot a hostname-aliased peptide vendor — a reverse-IP walkthrough

Some research-peptide brands aren't separate vendors — they're hostname aliases pointing at a shared backend. Here's how to detect the pattern in under six

8 minREAD →
METHODOLOGY
Same supplier, different brand — how shared lab-test URLs reveal upstream peptide manufacturers

When two 'different' peptide vendors cite the exact same Janoshik test URL for the same product batch, they're sourcing from the same upstream manufacturer

10 minREAD →
THE ROUNDUP · MONTHLY

Receipts in your inbox. Once a month.

New audits, expired coupons pruned, lab notes from vials still on the bench. No marketing. No lifestyle copy. Unsubscribe in one click.

14,200 SUBSCRIBERS·0 SPONSORED ITEMS·11 ISSUES SINCE LAUNCH