Day: June 25, 2009

Legal Rx Drugs – www.legalrxdrugs.com

Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

warning1

National Association of Boards of Pharmacy (NABP)

Legalrxdrugs

Address lookup

canonical name www.legalrxdrugs.com.
aliases
addresses 85.17.189.163

Domain Whois record

Queried whois.internic.net with “dom legalrxdrugs.com“…

   Domain Name: LEGALRXDRUGS.COM
   Registrar: MONIKER ONLINE SERVICES, INC.
   Whois Server: whois.moniker.com
   Referral URL: http://www.moniker.com/whois.html
   Name Server: NS1.SPECIALHOSTING.INFO
   Name Server: NS2.SPECIALHOSTING.INFO
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 26-dec-2008
   Creation Date: 27-nov-2006
   Expiration Date: 27-nov-2009

>>> Last update of whois database: Thu, 25 Jun 2009 13:57:35 UTC <<<

Queried whois.moniker.com with “legalrxdrugs.com“…

Domain Name: LEGALRXDRUGS.COM

Registrant [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US

Administrative Contact [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Billing Contact [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Technical Contact [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Domain servers in listed order:

        NS1.SPECIALHOSTING.INFO
        NS2.SPECIALHOSTING.INFO

        Record created on:        2006-11-27 18:22:00.0
        Database last updated on: 2008-12-26 06:35:00.293
        Domain Expires on:        2009-11-27 18:22:00.0

Network Whois record

Queried whois.ripe.net with “-B 85.17.189.163“…

% Information related to '85.17.189.0 - 85.17.189.255'

inetnum:        85.17.189.0 - 85.17.189.255
netname:        LEASEWEB
descr:          LeaseWeb
descr:          P.O. Box 93054
descr:          1090BB AMSTERDAM
descr:          Netherlands
descr:          www.leaseweb.com
remarks:        Please send email to "abuse@leaseweb.com" for complaints
remarks:        regarding portscans, DoS attacks and spam.
remarks:        INFRA-AW
country:        NL
admin-c:        LSW1-RIPE
tech-c:         LSW1-RIPE
status:         ASSIGNED PA
mnt-by:         OCOM-MNT
changed:        ripe@leaseweb.com 20070809
source:         RIPE

person:         RIP Mean
address:        P.O. Box 93054
address:        1090BB AMSTERDAM
address:        Netherlands
phone:          +31 20 3162880
fax-no:         +31 20 3162890
abuse-mailbox:  abuse@leaseweb.com
e-mail:         ripe@leaseweb.com
nic-hdl:        LSW1-RIPE
notify:         ripe@leaseweb.com
mnt-by:         OCOM-MNT
changed:        ripe@ocom.com 20050607
changed:        ripe@ocom.com 20060215
changed:        ripe@ocom.com 20060608
changed:        ripe@ocom.com 20080603
source:         RIPE

% Information related to '85.17.0.0/16AS16265'

route:          85.17.0.0/16
descr:          LEASEWEB
origin:         AS16265
remarks:        LeaseWeb
mnt-by:         OCOM-MNT
changed:        ripe@ocom.com 20050311
changed:        ripe@ocom.com 20070610
source:         RIPE

DNS records

name class type data time to live
http://www.legalrxdrugs.com IN A 85.17.189.163 14400s (04:00:00)
legalrxdrugs.com IN MX
preference: 10
exchange: mail.legalrxdrugs.com
14400s (04:00:00)
legalrxdrugs.com IN TXT v=spf1 a mx ip4:85.17.189.163 ?all 14400s (04:00:00)
legalrxdrugs.com IN A 85.17.189.163 14400s (04:00:00)
legalrxdrugs.com IN SOA
server: ns1.specialhosting.info
email: root.legalrxdrugs.com
serial: 2008040600
refresh: 14400
retry: 3600
expire: 1209600
minimum ttl: 86400
14400s (04:00:00)
legalrxdrugs.com IN NS ns2.specialhosting.info 14400s (04:00:00)
legalrxdrugs.com IN NS ns1.specialhosting.info 14400s (04:00:00)
163.189.17.85.in-addr.arpa IN PTR hosted-by.leaseweb.com 86400s (1.00:00:00)
Domain
mobitube.org
phoneporn.org
dietdeals.net
gmgint.net
hotdrugs.net
myphentermine.net
paintabs.net
sleeptabs.net
yourphentermine.net
masterfibre.net
meds-easy.net
specialhosting.info
drugslive.com
germanycars-direct.com
legalrxdrugs.com
medicationstocks.com
trustpharm.com
unfairclients.com
veritypharma.com
replok.com
online-meds-order.com
acompliaweb.com
medical-and-pharmacy.com
webxanax.com
viagradirectonline.com
medmarketer.com
alpram.com
ruagra.com
meds-trade.com
meds-easy.com
buywmz.com
acompliageneric.com
ozernoe.com
meds-buy.com
sfordela.com

Canadian Pharmacy – www.firmvictor.com

Leave a comment

Header Analysis

The following IP addresses were extracted from your headers:

IP Address Probable Country Additional Info
151.95.186.133 Italy (Pignone)* Whois Google DNSStuff Urgentmessage.org
207.115.20.195 United States (Richardson)* Whois Google DNSStuff Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Lorena N. Livingston Mon Jun 22 17:26:07 2009
Return-Path: <llivingston_wt@avantgarde.de>
Authentication-Results: mta112.sbc.mail.gq1.yahoo.com from=avantgarde.de; domainkeys=neutral (no sig); from=avantgarde.de; dkim=neutral (no sig)
Received: from 151.95.186.133 (EHLO flpi193.prodigy.net) (207.115.20.195)
by mta112.sbc.mail.gq1.yahoo.com with SMTP; Tue, 23 Jun 2009 04:14:27 -0700
Received: from lqdbnh2 ([151.95.186.133])
by flpi193.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5NBDbs2029631;
Tue, 23 Jun 2009 04:14:25 -0700
Message-ID: <000701c9f399$334e5fd0$627e2c7a@avantgarde.de>
Reply-To: “Lorena N. Livingston”
From: “Lorena N. Livingston” <llivingston_wt@avantgarde.de>
To: ScamFraudAlert
Subject: Stay Hard and Last Longer in Bed!
Date: Mon, 22 Jun 2009 17:26:07 -0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 126

From: Lorena N. Livingston <llivingston_wt@avantgarde.de>
To: ScamFraudAlert.com
Sent: Monday, June 22, 2009 5:26:07 PM
Subject: Stay Hard and Last Longer in Bed!

An Incredible Canadian Pharmacy is available at your Fingertips!
No_Doctor_Needed! Click Here -> http://firmvictor.com

This spam brand has the dubious distinction of being the most heavily spammed domain our staff receives.

The “Canadian Pharmacy” titled sites are the most common. They may also be labeled “European Pharmacy” for visitors from IP addresses located outside North America.

Other sites include “PharmSite” and “best online PHARMACY.” They are riddled with identical fraudulent claims.

For simplicity, this entry refers by default to Canadian Pharmacy, but the false claims apply equally to all of these.

The copyright statement in the trailers for “PharmSite” and “best online PHARMACY” actually contains the words Copyright Canadian Pharmacy.

Visitors to these sites are cautioned against placing an unsecure order for any of the products advertised. With so much obvious fraud in the set up of the web site, any reasonable person would be justified in having doubts about passing identity and credit card details to such blatant criminals.

See Spamtracker.eu – Canadian Pharmacy

firmvictor

Address lookup

canonical name firmvictor.com.
aliases
addresses 119.39.238.2
203.93.208.86
218.75.144.6
60.191.221.117
60.191.239.153
61.191.191.241

Domain Whois record

Queried whois.internic.net with “dom firmvictor.com“…

   Domain Name: FIRMVICTOR.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.SOUNDPRIZE.IN
   Name Server: NS2.SOUNDPRIZE.IN
   Name Server: NS3.GROUNDBED.COM
   Name Server: NS4.GROUNDBED.COM
   Name Server: NS5.CHANGESTORY.PL
   Name Server: NS6.CHANGESTORY.PL
   Status: ok
   Updated Date: 18-jun-2009
   Creation Date: 18-jun-2009
   Expiration Date: 18-jun-2010

>>> Last update of whois database: Thu, 25 Jun 2009 07:36:37 UTC <<<

Queried whois.namerich.cn with “firmvictor.com“…

; This data is provided by China Springboard Inc.
; for information purposes, and to assist persons obtaining information
; about or related to domain name registration records.
; China Springboard Inc. does not guarantee its accuracy.
; By submitting a WHOIS query, you agree that you will use this data
; only for lawful purposes and that, under no circumstances, you will
; use this data to
; 1) allow, enable, or otherwise support the transmission of mass
; unsolicited, commercial advertising or solicitations via E-mail
; (spam); or
; 2) enable high volume, automated, electronic processes that apply
; to this WHOIS server.
; These terms may be changed without prior notice.
; By submitting this query, you agree to abide by this policy.

 DomainName : firmvictor.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS2.SOUNDPRIZE.IN
Name Server......................NS6.CHANGESTORY.PL
Name Server......................NS4.GROUNDBED.COM
Name Server......................NS5.CHANGESTORY.PL
Name Server......................NS1.SOUNDPRIZE.IN
Name Server......................NS3.GROUNDBED.COM
Status...........................ok
Creation  Date ..................2009-06-18
Expiration Date .................2010-06-18
Last Update  Date ...............2009-06-18

Registrant ID ...................V-X-57697-13132
Registrant Name .................GU FEI
Registrant Organization .........GU FEI
Registrant Address ..............FUZHOUGUANGCHANG29
Registrant City..................FZ
Registrant Province/State .......FJ
Registrant Country Code .........CN
Registrant Postal Code ..........350019
Registrant Phone Number .........+86.059175695124
Registrant Fax ..................+86.059175695124
Registrant Email ................baijakdfe@yeah.net

Administrative ID ...............V-X-57697-13132
Administrative Name .............GU FEI
Administrative Organization .....GU FEI
Administrative Address ..........FUZHOUGUANGCHANG29
Administrative City..............FZ
Administrative Province/State ...FJ
Administrative Country Code .....CN
Administrative Postal Code ......350019
Administrative Phone Number .....+86.059175695124
Administrative Fax ..............+86.059175695124
Administrative Email ............baijakdfe@yeah.net

Billing ID ......................V-X-57697-13132
Billing Name ....................GU FEI
Billing Organization ............GU FEI
Billing Address .................FUZHOUGUANGCHANG29
Billing City.....................FZ
Billing Province/State ..........FJ
Billing Country Code ............CN
Billing Postal Code .............350019
Billing Phone Number ............+86.059175695124
Billing Fax .....................+86.059175695124
Billing Email ...................baijakdfe@yeah.net

Technical ID ....................V-X-57697-13132
Technical Name ..................GU FEI
Technical Organization...........GU FEI
Technical Address ...............FUZHOUGUANGCHANG29
Technical City...................FZ
Technical Province/State.........FJ
Technical Country Code ..........CN
Technical Postal Code ...........350019
Technical Phone Number ..........+86.059175695124
Technical Fax ...................+86.059175695124
Technical Email .................baijakdfe@yeah.net

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “119.39.238.2“…

inetnum:      119.39.232.0 - 119.39.239.255
netname:      yueyang
country:      CN
descr:        CNC Group HuNan YueYang network
descr:        SanHui building ,WuLiPai Street,
descr:        YueYang 411104
admin-c:      CH444-AP
tech-c:       CH444-AP
status:       ASSIGNED NON-PORTABLE
changed:      zoulei@chinaunicom.cn 20081215
mnt-by:       MAINT-CNCGROUP-HN
source:       APNIC

route:        119.39.0.0/16
descr:        CNC Group CHINA169 Hunan Province Network
country:      CN
origin:       AS4837
mnt-by:       MAINT-CNCGROUP-RR
changed:      abuse@cnc-noc.net 20080102
source:       APNIC

person:       CNCGroup Hostmaster
nic-hdl:      CH444-AP
e-mail:       abuse@cnc-noc.net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
phone:        +86-10-82993155
fax-no:       +86-10-82993144
country:      CN
changed:      abuse@cnc-noc.net 20041220
mnt-by:       MAINT-CNCGROUP
source:       APNIC

DNS records

DNS query for 2.238.39.119.in-addr.arpa returned an error from the server: NameError

name class type data time to live
firmvictor.com IN A 218.75.144.6 10800s (03:00:00)
firmvictor.com IN A 119.39.238.2 10800s (03:00:00)
firmvictor.com IN A 203.93.208.86 10800s (03:00:00)
firmvictor.com IN A 60.191.221.117 10800s (03:00:00)
firmvictor.com IN A 60.191.239.153 10800s (03:00:00)
firmvictor.com IN A 61.191.191.241 10800s (03:00:00)