Day: July 19, 2009

Canadian Pharmacy Spam – cheaprx02.com (217.150.55.94)

1 Comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

warning1

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Behind The Online Pharma

Today a shadowy, transnational network of illicit drug manufacturers, traders, doctors, Web site operators, spammers and criminals makes up the online pharma world.

Header Analysis

The following IP addresses were extracted from your headers:

IP Address Probable Country Additional Info
217.150.55.94 Russian Federation (Moscow)* Whois Google DNSStuff Urgentmessage.org
207.115.36.108 United States (Richardson)* Whois Google DNSStuff Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Antone George Fri Jul 17 22:31:35 2009
Return-Path:
Authentication-Results: mta135.sbc.mail.mud.yahoo.com from=hkusua.hku.hk; domainkeys=neutral (no sig); from=hkusua.hku.hk; dkim=neutral (no sig)
Received: from 217.150.55.94 (EHLO nlpi092.prodigy.net) (207.115.36.108)
by mta135.sbc.mail.mud.yahoo.com with SMTP; Fri, 17 Jul 2009 22:29:31 -0700
Received: from efswfco (NefteGazKomplektService-gw.transtelecom.net [217.150.55.94] (may be forged))
by nlpi092.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6I5TC0k015825;
Sat, 18 Jul 2009 00:29:30 -0500
Message-ID: <000701ca0769$03fbbaf0$431333e2@hkusua.hku.hk>
Reply-To: “Antone George” <antonegeorgeny@hkusua.hku.hk
From: “Antone George”  <antonegeorgeny@hkusua.hku.hk
To: ScamFraudAlert.com
Subject: buy Ritalin online NoPRESCRIPTION!
Date: Sat, 18 Jul 2009 00:31:35 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 223

Vicodin_ES, ViagraXanax, Codeine, Phentermin, Ritalin and many more!
Brand Named & Generic Medications! No Doctor or Prescription Needed! Fast Trackable USPS Shipping! Browse Our Site Today –> http://cheaprx02.com

Canadian Pharmacy Spam – http://cheaprx02.com

Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

warning1

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Header Analysis

The following IP addresses were extracted from your headers:

IP Address Probable Country Additional Info
78.251.40.213 France* Whois Google DNSStuff Urgentmessage.org
207.115.20.133 United States (Richardson)* Whois Google DNSStuff Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Clarence Overton Sat Jul 18 05:37:31 2009
Return-Path:
Authentication-Results: mta131.sbc.mail.re2.yahoo.com from=addenbrookes.nhs.uk; domainkeys=neutral (no sig); from=addenbrookes.nhs.uk; dkim=neutral (no sig)
Received: from 78.251.40.213 (EHLO flpd123.prodigy.net) (207.115.20.133)
by mta131.sbc.mail.re2.yahoo.com with SMTP; Sat, 18 Jul 2009 06:41:41 -0700
Received: from x5lwy53 ([78.251.40.213])
by flpd123.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6IDfOH8020044;
Sat, 18 Jul 2009 06:41:39 -0700
Message-ID: <000701ca07a4$84a00130$627e2c7a@addenbrookes.nhs.uk>
Reply-To: “Clarence Overton”  clarenceovertonqc@addenbrookes.nhs.uk
From: “Clarence Overton”  <clarenceovertonqc@addenbrookes.nhs.uk>
To: ScamBuster aka ScamFraudAlert.com
Subject: great deals goin on
Date: Sat, 18 Jul 2009 08:37:31 -0400
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 223

Vicodin_ES, ViagraXanax, Codeine, Phentermin, Ritalin and many more!
Brand Named & Generic Medications! No Doctor or Prescription Needed! Fast Trackable USPS Shipping! Browse Our Site Today –> http://cheaprx02.com

Address lookup

lookup failed cheaprx02.com
Could not find an IP address for this domain name.

Domain Whois record

Queried whois.internic.net with “dom cheaprx02.com“…

   Domain Name: CHEAPRX02.COM
   Registrar: ONLINENIC, INC.
   Whois Server: whois.onlinenic.com
   Referral URL: http://www.OnlineNIC.com
   Name Server: NS1.FE5NS.COM
   Name Server: SP536.DELETEDNS.COM
   Status: clientHold
   Status: clientTransferProhibited
   Updated Date: 19-jul-2009
   Creation Date: 27-jun-2009
   Expiration Date: 27-jun-2010

Last update of whois database: Mon, 20 Jul 2009 05:34:57 UTC

Queried whois.onlinenic.com with “cheaprx02.com“…

Registrant:
	 Serpino Berbeto ad6@safe-mail.net +1.2128848801
	 Serpino Berbeto
	 403 po box
	 New York,NY,US 10037

Domain Name:cheaprx02.com
Record last updated at 2009-07-16 19:25:01
Record created on 2009/6/27
Record expired on 2010/6/27

Domain servers in listed order:
	 ns1.fe5ns.com 	 ns2.re3ns.com 

Administrator:
	 name: Serpino Berbeto
	Email: ad6@safe-mail.net tel-- +1.2128848801
	 Serpino Berbeto
	 403 po box
r
t New York
NY,
US

 zipcode:10037

Technical Contactor:
	 name: Serpino Berbeto
	Email: ad6@safe-mail.net tel-- +1.2128848801
	 Serpino Berbeto
	 403 po box
r
t New York
NY,
US

 zipcode:10037

Billing Contactor:
	 name: Serpino Berbeto
	Email: ad6@safe-mail.net tel-- +1.2128848801
	 Serpino Berbeto
	 403 po box
r
t New York
NY,
US

 zipcode:10037

Registration Service Provider:
	name: Serpino Berbeto
	tel: +1.2128848801
 	fax: +1.2128848801
 	web:

Network Whois record

Don’t have an IP address for which to get a record

DNS records

name class type data time to live
cheaprx02.com IN SOA
server: ns1.domain.com
email: admin.domain.com
serial: 1
refresh: 300
retry: 300
expire: 300
minimum ttl: 86400
86400s (1.00:00:00)
cheaprx02.com IN A 220.248.172.39 86400s (1.00:00:00)
cheaprx02.com IN NS ns1.cheaprx02.com 86400s (1.00:00:00)
cheaprx02.com IN NS ns2.cheaprx02.com 86400s (1.00:00:00)
cheaprx02.com IN NS ns3.cheaprx02.com 86400s (1.00:00:00)
cheaprx02.com IN NS ns4.cheaprx02.com 86400s (1.00:00:00)

— end —

SmartFilter Category: Not Categorized
Make Category Suggestions
Namerservers on IP: ns1.99999ns.com
ns1.thebestusrx.com
ns1.thebestusrxnow.com
ns1.usacheapmeds.com
ns2.hotrxlive.com
ns2.thebestusrx.com
ns4.tertorests.com
acounterstas.com
afropeloses.com
awepolikars.com
dertorests.com
tertorests.com
yertorests.com
sertorests.com
sategonovas.com
aredouters.com
aertorests.com
pertorests.com
uertorests.com
fertorests.com
iertorests.com
oertorests.com
gemenysofts.com
friokeares.com
wallouters.com
qertorests.com
softenouss.com
rertorests.com
bartolosofts.com
verobounss.com
adremacolares.com
grefoulsofs.com
wertorests.com
hropokons.com
jimenesouns.com
grestosofts.com