Pharmacy Spam Operators ~ Yambo Financials

This article is in response to news that My Canadian Pharmacy and its other web operations have been linked to Alex Polyakov an almost mythical character in the spam a world (possibly of Russian or Ukrainian descent), and his criminal scam organisation ‘Yambo Financials’ identified by Spamhaus as the worlds biggest spam operators. Since 2004 numerous Canadian pharmacies have been relentlessly dispatching spam emails across the world selling Generic Viagra. Current internet usage statistics estimates that spam email accounts for over 81% of all emails and around 40% of all internet traffic.

Viagra
The group operates a number of websites including International Legal RX US Drugs VIP Pharmacy Canadian Health&Care Mall
Yambo Financials never pay for a server, instead they host their sites on other peoples services. They do this by first identifying unsecure servers and hijacking them with Trojan horses. A clever system of switching sites and servers helps hide their tracks. In this way the operators have evaded capture despite being wanted by many law enforcement groups. They are also wanted for other fraudulent activities including credit card fraud, identity theft, and phishing scams. Indeed most customers never receive an order and where merchandise is received the medications usually turn out to be fake, or lack any active ingredient.
It is a testament to the intelligence of the scam that the operation is still running under the same brands that have been used for over 6 years. The Canadian brand was set up to take advantage of the large US market. The USA is the largest consumer nation in the world, and since the cost of prescription medications in the USA are very high US citizens have for many years now looking across to Canada for a cheaper alternative. The exact market placement of the My Canadian Pharmacy site shows a precise and clever understanding of the demands of the US consumer market, that Americans are always seeking cheaper treatments from their Canadian neighbours.
The reality is that operations like this offering generic Viagra are operating outside the US, UK and any other EU country. There is no legislative authority checking the quality of their service and products and no repercussions or penalties that they can incur. The main lesson to be learnt is never respond to any invitation to buy treatments online. Always double check the credentials of the site. Check if they have a phone number that is active. Scammers such as these have shown themselves all to able to avoid capture and detection and one wonders if they will ever be caught. Only by making sure that online users can spot fraudulent sites and are aware of how to protect themselves against scams can these fraudulent operators be discouraged to operate. So take care when shopping online and check out our how to buy Viagra online safely guide.

http://www.myonlinedoctor.co.uk/generic-viagra-from-canadian-pharmacies.html


The Yambo Financials Group seems to be a pretty widespread group of porn
and spam. The only link I could find to known spammers is Artofit, which
is SPEWS record S2128.
After being spammed by findagrant.com, went looking for “Owned and
operated by Yambo Financials”, which yielded
YAMBO.BIZ, VEGASWORLD.NET, GREENHILL-CASINO.COM, VIVIDINCEST.COM,and
FUCKINGYOUNG.COM.

Summary:
148.233.211.243 FINDAGRANT.COM
200.43.172.3 ns1.south-waters.biz
208.249.126.38 TRANSZAMBA.BIZ
66.246.3.192 YAMBO.BIZ
66.250.39.207 VEGASWORLD.NET
66.246.3.192 YAMBOCS.COM
193.220.58.137 GREENHILL-CASINO.COM
65.117.175.72 VIVIDINCEST.COM
66.230.152.66 COSMICANIME.COM
205.150.5.26 PRYTV.COM
66.34.48.244 FUCKINGYOUNG.COM
66.34.165.70 WEB-HOSTING-PRODUCTS.NET
66.230.133.38 OXEO.COM
66.114.73.58 ARTOFIT.COM S2128
66.114.74.6 ACECAPE.COM
193.220.59.134 WILDPARK.NET
193.219.193.135 TAIDE.NET
205.150.5.20 2MUCH.NET

[www.yambo.biz]
Translated Name: yambo.biz
IP Address: 66.246.3.192
Alias: http://www.yambo.biz
Looking up [yambo.biz]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
yambo.biz nameserver = NS1.ARTOFIT.COM
yambo.biz nameserver = NS1.yambo.biz
yambo.biz nameserver = NS2.yambo.biz

Authoritative answers can be found from:
yambo.biz nameserver = NS1.ARTOFIT.COM
yambo.biz nameserver = NS1.yambo.biz
yambo.biz nameserver = NS2.yambo.biz
NS1.yambo.biz internet address = 66.111.36.80
NS2.yambo.biz internet address = 66.111.36.88

[End Query]

http://www.vegasworld.net
[www.vegasworld.net]
Translated Name: http://www.vegasworld.net
IP Address: 66.250.39.207
[66.250.39.207]
Translated Name: srv-cogent-balance.host-system.com
IP Address: 66.250.39.207
Looking up [VEGASWORLD.NET]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
VEGASWORLD.NET nameserver = ns1.named1.NET
VEGASWORLD.NET nameserver = ns2.named1.NET

Authoritative answers can be found from:
VEGASWORLD.NET nameserver = ns1.named1.NET
VEGASWORLD.NET nameserver = ns2.named1.NET
ns1.named1.NET internet address = 66.250.39.35
ns2.named1.NET internet address = 66.250.39.36

[End Query]

http://www.yambocs.com
Translated Name: yambocs.com
IP Address: 66.246.3.192
Alias: http://www.yambocs.com
Looking up [YAMBOCS.COM]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
YAMBOCS.COM nameserver = ns1.artofit.COM
YAMBOCS.COM nameserver = ns1.yambo.biz
YAMBOCS.COM nameserver = ns2.yambo.biz

Authoritative answers can be found from:
YAMBOCS.COM nameserver = ns1.artofit.COM
YAMBOCS.COM nameserver = ns1.yambo.biz
YAMBOCS.COM nameserver = ns2.yambo.biz
ns1.artofit.COM internet address = 66.114.73.58

[End Query]

[www.greenhill-casino.com]
Translated Name: http://www.greenhill-casino.com
IP Address: 193.220.58.137
[193.220.58.137]
Looking up [greenhill-casino.com]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
greenhill-casino.com nameserver = DNS.WILDPARK.NET
greenhill-casino.com nameserver = NS0.greenhill-casino.com
greenhill-casino.com nameserver = PARABOL.TAIDE.NET

Authoritative answers can be found from:
greenhill-casino.com nameserver = DNS.WILDPARK.NET
greenhill-casino.com nameserver = NS0.greenhill-casino.com
greenhill-casino.com nameserver = PARABOL.TAIDE.NET
NS0.greenhill-casino.com internet address = 193.220.58.137
PARABOL.TAIDE.NET internet address = 193.219.193.135

[End Query]

http://www.vividincest.com
[www.vividincest.com]
Translated Name: http://www.vividincest.com
IP Address: 65.117.175.72
Looking up [vividincest.com]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
vividincest.com nameserver = elizabet.artofit.com
vividincest.com nameserver = ns2.artofit.com

Authoritative answers can be found from:
vividincest.com nameserver = elizabet.artofit.com
vividincest.com nameserver = ns2.artofit.com
elizabet.artofit.com internet address = 66.114.73.58
ns2.artofit.com internet address = 66.22.30.53

[End Query]

Looking up [www.artofit.com]

Server: ns1.sprintlink.net
Address: 204.117.214.10

http://www.artofit.com internet address = 66.114.73.58
artofit.com nameserver = elizabet.artofit.com
artofit.com nameserver = ns2.artofit.com
elizabet.artofit.com internet address = 66.114.73.58
elizabet.artofit.com internet address = 66.114.73.58

[End Query]
Looking up [www.artofit.com]

Server: colo3-58.acedsl.com
Address: 66.114.73.58

artofit.com
origin = elizabet.artofit.com
mail addr = hostmaster.artofit.com
serial = 1055037721
refresh = 16384(4 hours 33 mins 4 secs)
retry = 2048(34 mins 8 secs)
expire = 1048576(12 days 3 hours 16 mins 16 secs)
minimum ttl = 2560(42 mins 40 secs)

[End Query]

[Query: 65.117.175.72, Server: whois.arin.net]

Qwest Communications NET-QWEST-BLKS-4 (NET-65-112-0-0-1)
65.112.0.0 – 65.127.255.255
CREATIVE INTERNET TECHNIQUES QWST-65-117-175 (NET-65-117-175-0-1)
65.117.175.0 – 65.117.175.255

[www.cosmicanime.com]
Translated Name: cosmicanime.com
IP Address: 66.230.152.66
Alias: http://www.cosmicanime.com

Looking up [cosmicanime.com]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
cosmicanime.com nameserver = ns2.oxeo.com
cosmicanime.com nameserver = ns.oxeo.com

Authoritative answers can be found from:
cosmicanime.com nameserver = ns2.oxeo.com
cosmicanime.com nameserver = ns.oxeo.com
ns2.oxeo.com internet address = 66.230.133.180
ns.oxeo.com internet address = 66.230.133.40

[End Query]

http://www.prytv.com
[205.150.5.26]
http://www.fuckingyoung.com
[66.34.48.244]
Translated Name: 244-48-34-66-rev.propagation.net
IP Address: 66.34.48.244

Domain Name: YAMBO.BIZ
Domain ID: D2914606-BIZ
Sponsoring Registrar: INTERCOSMOS MEDIA GROUP,
INC. D.B.A. DIRECTNIC.COM
Domain Status: ok
Registrant ID: IMG-368485
Registrant Name: Customer Service
Registrant Organization: Yambo Financials Inc.
Registrant Address1: 1001 SW 16th Avenue, #103
Registrant City: Gainesville
Registrant State/Province: FL
Registrant Postal Code: 32601
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.12123017424
Registrant Email: custome…@yambo.biz
Administrative Contact ID: IMG-321421
Administrative Contact Name: Yegor Bugaenko
Administrative Contact Organization: Million Software Inc.
Administrative Contact Address1: Leningradskoe shosse, 5
Administrative Contact City: Moscow
Administrative Contact State/Province: Moscow
Administrative Contact Postal Code: 123007
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +7.70957963057
Administrative Contact Email: eg…@millionsoftware.com
Billing Contact ID: IMG-321421
Billing Contact Name: Yegor Bugaenko
Billing Contact Organization: Million Software Inc.
Billing Contact Address1: Leningradskoe shosse, 5
Billing Contact City: Moscow
Billing Contact State/Province: Moscow
Billing Contact Postal Code: 123007
Billing Contact Country: Russian Federation
Billing Contact Country Code: RU
Billing Contact Phone Number: +7.70957963057
Billing Contact Email: eg…@millionsoftware.com
Technical Contact ID: IMG-321421
Technical Contact Name: Yegor Bugaenko
Technical Contact Organization: Million Software Inc.
Technical Contact Address1: Leningradskoe shosse, 5
Technical Contact City: Moscow
Technical Contact State/Province: Moscow
Technical Contact Postal Code: 123007
Technical Contact Country: Russian Federation
Technical Contact Country Code: RU
Technical Contact Phone Number: +7.70957963057
Technical Contact Email: eg…@millionsoftware.com
Name Server: NS1.ARTOFIT.COM
Name Server: NS2.YAMBO.BIZ
Name Server: NS1.YAMBO.BIZ
Created by Registrar: INTERCOSMOS MEDIA GROUP,
INC. D.B.A. DIRECTNIC.COM
Last Updated by Registrar: INTERCOSMOS MEDIA GROUP,
INC. D.B.A. DIRECTNIC.COM
Domain Registration Date: Thu Apr 11 12:35:11 GMT 2002
Domain Expiration Date: Sat Apr 10 23:59:59 GMT 2004
Domain Last Updated Date: Thu May 29 11:57:51 GMT 2003
———————————————————————–
Domain Name: VEGASWORLD.NET

Administrative Contact:
Holan, John ad…@vegasworld.net
Republic of Kalmykia
Klykova str, building 1
Elista, RU 358000
RU
123-1234

Technical Contact:
Holan, John ad…@vegasworld.net
Republic of Kalmykia
Klykova str, building 1
Elista, RU 358000
RU
123-1234
———————————————————————-
Registrant:
Yambo Financials Inc.
1001 SW 16th Avenue, #103
Gainesville, FL 32601
US
1.212.301.7424

Domain Name: YAMBOCS.COM

Administrative Contact:
Service, Customer custome…@yambo.biz
1001 SW 16th Avenue, #103
Gainesville, FL 32601
US
1.212.301.7424
Looking up [www.yambocs.com]

Non-authoritative answer:
http://www.yambocs.com canonical name = yambocs.com

Authoritative answers can be found from:
yambocs.com nameserver = ns1.yambo.biz
yambocs.com nameserver = million.dp.ua
ns1.yambo.biz internet address = 66.111.36.80
million.dp.ua internet address = 195.248.185.130
million.dp.ua internet address = 195.248.163.58

[End Query]

Technical Contact:
Service, Customer custome…@yambo.biz
1001 SW 16th Avenue, #103
Gainesville, FL 32601
US
1.212.301.7424
———————————————————————–
Registrant:
artofit.com
350 Fifth Ave
Suite 6908
New York, NY 10118
US

Registrar: DOTSTER
Domain Name: ARTOFIT.COM
Created on: 19-JAN-00
Expires on: 19-JAN-04
Last Updated on: 21-JAN-03

Administrative Contact:
Administrator, Domain dom…@artofit.com
ARTofIT LLC.
350 Fifth Ave
Suite 6908
New York, NY 10118
US
212-465-9683

Technical Contact:
Administrator, Domain dom…@artofit.com
ARTofIT LLC.
350 Fifth Ave
Suite 6908
New York, NY 10118
US
212-465-9683

Domain servers in listed order:
NS1.ARTOFIT.COM
NS2.ARTOFIT.COM
Registrant:
None
23200 19th AVE SE
Bothell, WA 98021
US
425-483-6502

———————————————————-
Domain Name: COSMICANIME.COM

Administrative Contact:
Dalton, Robin webm…@ezsexarchives.com
23200 19th AVE SE
Bothell, WA 98021
US
425-483-6502

Technical Contact:
Dalton, Robin webm…@ezsexarchives.com
23200 19th AVE SE
Bothell, WA 98021
US
425-483-6502

Record last updated 04-04-2003 09:10:53 PM
Record expires on 01-28-2004
Record created on 01-28-2003

Domain servers in listed order:
NS.OXEO.COM 66.230.133.40
NS2.OXEO.COM 66.230.133.180
_________________________________________________________
Registrant:
BuckFifty Networks, Inc.
258 Prescott Ave
Staten Island, NY 10306
US

Registrar: DOTSTER
Domain Name: OXEO.COM
Created on: 31-JAN-02
Expires on: 01-FEB-05
Last Updated on: 18-DEC-02

Administrative Contact:
OXEO, Web Hosting sup…@oxeo.com
BuckFifty Networks, Inc.
258 Prescott Ave.
Suite 2
Staten Island, NY 10306
US
866-ASK-OXEO
718-504-4886

Technical Contact:
OXEO, Web Hosting sup…@oxeo.com
BuckFifty Networks, Inc.
258 Prescott Ave.
Suite 2
Staten Island, NY 10306
US
866-ASK-OXEO
718-504-4886

Domain servers in listed order:
NS.OXEO.COM
NS2.OXEO.COM
____________________________________________________

Registrant:
Aurumcash Inc.
Kalku iela 28-26
Riga, N/A LV-1340
LV

Registrar: DOTSTER
Domain Name: VIVIDINCEST.COM
Created on: 16-MAY-02
Expires on: 16-MAY-04
Last Updated on: 26-FEB-03

Administrative, Technical Contact:
Matveev, Pavel auru…@yahoo.com
Aurumcash Inc.
Kalku iela 28-26
Riga, N/A LV-1340
LV
+371-7437194
+371-7437194

Domain servers in listed order:
NS1.FOONET.NET
NS3.FOONET.NET
NS1.ARTOFIT.COM
NS1.NS-HOSTER.COM
NS1.SMARTDNS.ORG
___________________________________________________
Registrant:
PryTV
avenu 5
00 4 4
NY, NY 20625
US

Domain name: PRYTV.COM

Administrative Contact:
Miller, Zack adm…@pisem.net
avenu 5
00 4 4
New Yorck, NY 20625
US
416-555-11222
Technical Contact:
Miller, Zack adm…@pisem.net
avenu 5
00 4 4
New Yorck, NY 20625
US
416-555-11222
______________________________________________________

Looking up [PRYTV.COM]

Non-authoritative answer:
PRYTV.COM nameserver = ns2.2much.net
PRYTV.COM nameserver = ns1.2much.net

Authoritative answers can be found from:
PRYTV.COM nameserver = ns2.2much.net
PRYTV.COM nameserver = ns1.2much.net
ns2.2much.net internet address = 205.150.5.101
ns1.2much.net internet address = 205.150.5.2

[End Query]

Domain name: FUCKINGYOUNG.COM

Name servers:
NS.WEB-HOSTING-PRODUCTS.NET
NS2.WEB-HOSTING-PRODUCTS.NET

Creation date: 01/24/02 00:00:29
Expiration date: 01/24/04 00:00:29

Registrant Contact:
Web Hosting Products
erik hatch (dom…@web-hosting-products.net)
+1.8888888888
FAX: +1.8888888888
1605 Wright Drive
Sandwich, IL 60548
US

Administrative Contact:
Web Hosting Products
erik hatch (dom…@web-hosting-products.net)
+1.8888888888
FAX: +1.8888888888
1605 Wright Drive
Sandwich, IL 60548
US

Billing Contact:
Web Hosting Products
erik hatch (dom…@web-hosting-products.net)
+1.8888888888
FAX: +1.8888888888
1605 Wright Drive
Sandwich, IL 60548
US

Technical Contact:
Web Hosting Products
erik hatch (dom…@web-hosting-products.net)
+1.8888888888
FAX: +1.8888888888
1605 Wright Drive
Sandwich, IL 60548
US
——————————————————-
Registrant Contact:
NA
Web Hosting Products (NA)
NA
12289 Pembroke Road Suite 24
Pembroke Pines
FL, 33025
US

Administrative Contact:
NA
Web Hosting Products (NA)
NA
12289 Pembroke Road Suite 24
Pembroke Pines
FL, 33025
US

Billing Contact:
NA
Web Hosting Products (NA)
NA
12289 Pembroke Road Suite 24
Pembroke Pines
FL, 33025
US

Technical Contact:
n a
Tecnical Domain ( dom…@web-hosting-products.net)
877-766-8772
12289 Pembroke Road Suite 24
Pembroke Pines, FL 33025
US
____________________________________________________
Registrant:
RosBusinessConsulting (PISEM2-DOM)
78, Profsoyznaya st.
Moscow, RU 117393
RU

Domain Name: PISEM.NET

Administrative Contact, Technical Contact:
RosBusinessConsulting (21762514O) hosting@rbc.ru
RosBusinessConsulting
78, Profsoyznaya st.
Moscow, RU 117393
RU
+7 (095) 363-1111 fax: +7 (095) 363-1125

Record expires on 18-Oct-2003.
Record created on 18-Oct-2000.
Database last updated on 29-May-2003 23:51:29 EDT.

Domain servers in listed order:

RELAY.MAILRU.COM 80.68.244.2
RELAY1.MAILRU.COM 194.186.36.181

______________________________________________________
Registrant:
Creative Internet Techniques
3982 Powell Rd.
Suite 225
Powell, OH 43065
US

Registrar: DOTSTER
Domain Name: FOONET.NET
Created on: 17-JUN-96
Expires on: 16-JUN-04
Last Updated on: 05-FEB-03

Administrative Contact:
Support, CIT sup…@foonet.net
Creative Internet Techniques
3982 Powell Rd.
Suite 225
Powell, OH 43065
US
740 881 0323
419 710 1992

Technical Contact:
Support, CIT sup…@foonet.net
Creative Internet Techniques
3982 Powell Rd.
Suite 225
Powell, OH 43065
US
740 881 0323
419 710 1992

Domain servers in listed order:
NS1.FOONET.NET
NS3.FOONET.NET
——————————————————–
Registrant:
artofit.com
350 Fifth Ave
Suite 6908
New York, NY 10118
US

Registrar: DOTSTER
Domain Name: ARTOFIT.COM
Created on: 19-JAN-00
Expires on: 19-JAN-04
Last Updated on: 21-JAN-03

Administrative Contact:
Administrator, Domain dom…@artofit.com
ARTofIT LLC.
350 Fifth Ave
Suite 6908
New York, NY 10118
US
212-465-9683

Technical Contact:
Administrator, Domain dom…@artofit.com
ARTofIT LLC.
350 Fifth Ave
Suite 6908
New York, NY 10118
US
212-465-9683

Domain servers in listed order:
NS1.ARTOFIT.COM
NS2.ARTOFIT.COM

—————————————————
Registrant:
Acecape, Inc (ACEDSL-DOM)
325 West 38th Street
Suite 1005
New York, NY 10018
US

Domain Name: ACEDSL.COM

Administrative Contact, Technical Contact:
Acecape, Inc (22386040O) info@ACECAPE.COM
325 West 38th Street
Suite 1005
New York, NY 10018
US
212-868-2366 fax: 212-868-2356

Record expires on 05-Mar-2006.
Record created on 09-Sep-2002.
Database last updated on 7-Jun-2003 22:37:04 EDT.

Domain servers in listed order:

NS1.ACECAPE.COM 66.114.74.40
NS2.ACECAPE.COM 66.114.74.195

[End of Whois message]

Looking up [www.acecape.com]

http://www.acecape.com internet address = 66.114.74.6
acecape.com nameserver = ns2.acecape.com
acecape.com nameserver = ns1.acecape.com
ns1.acecape.com internet address = 66.114.74.40
ns2.acecape.com internet address = 66.114.74.195

[End Query]
Looking up [www.named1.net]

http://www.named1.net internet address = 66.159.20.60
named1.net nameserver = NS.ZIHOST.COM
named1.net nameserver = NS2.HOST-SYSTEM.COM
NS.ZIHOST.COM internet address = 66.159.20.60
NS2.HOST-SYSTEM.COM internet address = 66.250.39.23

[End Query]

Registrar: THE NAME IT CORPORATION DBA AITDOMAINS.COM

Domain Name: wildpark.net

Registrant:

Wildpark
Alexander Lapidus
Lenina av. 52

Nikolaev
UA UA 54021
al…@wildpark.net

Phone: +380-512-470555

Administrative Contact:
Alexander Lapidus
Lenina av. 52

Nikolaev
UA UA
54021
al…@wildpark.net

Phone: +380-512-470555

Technical Contact:
Alexander Lapidus
Lenina av. 52

Nikolaev
UA UA
54021
al…@wildpark.net

Phone: +380-512-470555

Billing Contact:
Igor Golubar
Lenina av. 52

Nikolaev
UA UA
54021
al…@wildpark.net

Phone: +380-512-470555

Record Created on…….. 1999-08-24 08:42:46.000
Record last updated on… 2001-11-22 03:59:27.000
Expire on……………. 2006-08-24 08:42:46.000

Domain servers in listed order:

dns.wildpark.net 193.220.59.133
parabol.taide.net 193.219.193.135
————————–
Looking up [www.wildpark.net]

http://www.wildpark.net canonical name = pop3.wildpark.net
wildpark.net nameserver = parabol.taide.net
wildpark.net nameserver = dns.wildpark.net
parabol.taide.net internet address = 193.219.193.135
dns.wildpark.net internet address = 193.220.59.133

[End Query]
Looking up [parabol.taide.net]

Non-authoritative answer:
parabol.taide.net internet address = 193.219.193.135

Authoritative answers can be found from:
taide.net nameserver = absolut.taide.net
taide.net nameserver = parabol.taide.net
taide.net nameserver = ns.nl.net
absolut.taide.net internet address = 193.219.193.130
parabol.taide.net internet address = 193.219.193.135
ns.nl.net internet address = 193.78.240.1

[End Query]
Registrant:
TAIDE NETWORK AS (TAIDE4-DOM)
Weidemannsgate 9
Holmestrand N-3081
NO

Domain Name: TAIDE.NET

Administrative Contact, Technical Contact:
Taide Network AS (TA3808-ORG) networksolutions@TAIDE.NET
Weidemannsgate 9
Holmestrand, Holmestrand
NO
+47 33 06 67 50 fax: +47 33 06 67 60

Record expires on 02-Aug-2003.
Record created on 09-Sep-2002.
Database last updated on 7-Jun-2003 22:54:43 EDT.

Domain servers in listed order:

PARABOL.TAIDE.NET 193.219.193.135
NS.NL.NET 193.78.240.1
ABSOLUT.TAIDE.NET 193.219.193.130

[End of Whois message]

[Query: 195.248.185.130, Server: whois.ripe.net]

% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 195.248.185.128 – 195.248.185.143
netname: MILLION-CORP
descr: Million corp.
descr: Simferopolskaya st, h.21, of.205
descr: 49000, Dneipropetrovsk
country: UA
admin-c: YL40-RIPE
tech-c: YL40-RIPE
status: ASSIGNED PA
notify: regi…@alkar.net
mnt-by: AS6703-MNT
changed: nic…@alkar.net 20000818
source: RIPE

route: 195.248.160.0/19
descr: ALKAR
origin: AS6703
mnt-by: AS6703-MNT
changed: d…@alkar.net 19971007
source: RIPE

person: Yuri Lozinsky
address: Mironova st, h.15, of.317a
address: Dneipropetrovsk
address: 49000, Ukraine
phone: +380 0562 7782667
fax-no: +380 0562 340315
e-mail: u…@isd.dp.ua
nic-hdl: YL40-RIPE
notify: u…@isd.dp.ua
changed: u…@isd.dp.ua 20020627
source: RIPE

[End of Whois message]

Looking up [FINDAGRANT.COM]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
FINDAGRANT.COM nameserver = ns1.south-waters.biz
FINDAGRANT.COM nameserver = ns1.transzamba.biz
FINDAGRANT.COM nameserver = ns2.south-waters.biz
FINDAGRANT.COM nameserver = ns2.transzamba.biz

Authoritative answers can be found from:
FINDAGRANT.COM nameserver = ns1.south-waters.biz
FINDAGRANT.COM nameserver = ns1.transzamba.biz
FINDAGRANT.COM nameserver = ns2.south-waters.biz
FINDAGRANT.COM nameserver = ns2.transzamba.biz

[End Query]
Looking up [ns1.south-waters.biz]

Server: ns1.sprintlink.net
Address: 204.117.214.10

Non-authoritative answer:
ns1.south-waters.biz internet address = 200.43.172.3

Authoritative answers can be found from:
south-waters.biz nameserver = DNS1.south-waters.biz
south-waters.biz nameserver = DNS1.TRANSZAMBA.biz
south-waters.biz nameserver = DNS2.south-waters.biz
south-waters.biz nameserver = DNS2.TRANSZAMBA.biz
DNS1.south-waters.biz internet address = 208.249.126.36
DNS1.TRANSZAMBA.biz internet address = 208.249.126.38
DNS2.south-waters.biz internet address = 208.249.126.37
DNS2.TRANSZAMBA.biz internet address = 208.249.126.39

[End Query]

https://groups.google.com/forum/?fromgroups=#!topic/news.admin.net-abuse.email/LoXsZ1xf_BE

209.85.51.152 resolves to 209-85-51-152.opticaljungle.com.

The following A records are set to 209.85.51.152:
oldstreetadvisors.com, topwayse.com

Perviously 209.85.51.152
ns1.ceilnanete.com => 209.85.51.152
ns2.bestimportedmeds.eu => 216.8.179.25

casinadya.com
dathachastity.com
cynthiavivi.com
vivieblondie.com
suellenbecca.com
martamichaelina.com
josidanyette.com
janeybrittani.com
isahellabellina.com
hertastephie.com
harriettgusella.com
birgitdebora.com
rozinakarin.com
phillievonnyeba.com
odettekyrstin.com
nertaodelia.com
nertaodelia.com
minneraphaela.com
melliebelicia.com
junelynna.com
jillaneeilis.com
cookiediandra.com
barbesofie.com
adelaidasibylla.com
monicamelinda.com
milkajoeann.com
michaelinajoleen.com
marjoryadeline.com
luckyamie.com
lillidemeter.com
leandramattie.com
georgeannafiann.com
feystacie.com
darseykimbra.com
cordeliaannecorinne.com

domain: 33drugs.com
owner: – –
organization: 33 DRUGS LTD
email: domains@33drugs.com
address: Slington House, Rankine Road
address: Office 6
city: Basingstoke
state: Hampshire
postal-code: RG24 8PH
country: GB
phone: +44.2081338455
admin-c: CCOM-1283149 domains@33drugs.com
tech-c: CCOM-1283149 domains@33drugs.com
billing-c: CCOM-1283149 domains@33drugs.com
nserver: ns1.drugcustomer.com 83.233.30.151
nserver: ns2.drugcustomer.com 91.214.44.4
nserver: ns3.33drugs.com 94.102.49.110
nserver: ns4.33drugs.com 83.233.30.151
nserver: ns5.alpha-ns.com
status: lock
created: 2007-09-23 14:23:33 UTC
modified: 2010-08-26 19:51:09 UTC
expires: 2015-09-23 14:23:33 UTC

contact-hdl: CCOM-1283149
person: – – – – –
organization: 33 DRUGS LTD
email: domains@33drugs.com
address: Slington House, Rankine Road
address: Office 6
city: Basingstoke
state: Hampshire
postal-code: RG24 8PH
country: GB
phone: +44.2081338455

source: joker.com live whois service
query-time: 0.013566
db-updated: 2010-11-12 07:16:41

[whois.joker.com]
domain: drugcustomer.com
owner: James Schumaker
organization: DRUG CUSTOMER LTD
email: domains@drugcustomer.com
address: Poul Due Jensens Vej 7
city: Bjerringbro
state: —
postal-code: 8850
country: DK
phone: +49.1234578
admin-c: CCOM-1383292 domains@drugcustomer.com
tech-c: CCOM-1383294 domains@drugcustomer.com
billing-c: CCOM-1155673 domains@drugcustomer.com
nserver: ns1.drugcustomer.com 83.233.30.151
nserver: ns2.drugcustomer.com 91.214.44.4
nserver: ns3.drugcustomer.com 94.102.49.110
nserver: ns4.drugcustomer.com 83.233.30.151
nserver: ns5.drugcustomer.com 91.214.44.4
status: lock
created: 2007-10-15 12:30:41 UTC
modified: 2009-07-15 16:27:16 UTC
expires: 2013-10-15 12:30:41 UTC

contact-hdl: CCOM-1383292
person: James Schumaker
email: domains@drugcustomer.com
address: Poul Due Jensens Vej 7
city: Bjerringbro
state: —
postal-code: 8850
country: DK
phone: +45.36965520

contact-hdl: CCOM-1383294
person: James Schumaker
email: domains@drugcustomer.com
address: Poul Due Jensens Vej 7
city: Bjerringbro
state: —
postal-code: 8850
country: DK
phone: +45.36965520

contact-hdl: CCOM-1155673
person: – –
organization: DRUG CUSTOMER LTD
email: domains@drugcustomer.com
address: Poul Due Jensens Vej 7
city: Bjerringbro
state: —
postal-code: 8850
country: DK
phone: +45.36965520

source: joker.com live whois service
query-time: 0.014644
db-updated: 2010-11-12 07:16:12

One thought on “Pharmacy Spam Operators ~ Yambo Financials

  1. SFA Reporter says:

    February 9, 2005
    EARTHLINK ANNOUNCES FOUR LAWSUITS IN ITS ONGOING FIGHT AGAINST SPAM
    Defendants named in California, Florida, Nevada and Washington State

    ATLANTA, Feb 09, 2005 /PRNewswire-FirstCall via COMTEX/ — EarthLink (Nasdaq: ELNK), the nation’s next generation Internet service provider, today announced four lawsuits in its continuing fight against fraudulent and deceptive commercial e-mails. The lawsuits identify defendants in California, Florida, Nevada and Washington state, as well as John Doe defendants.

    “EarthLink is committed to protecting the Internet,” said Larry Slovensky, assistant general counsel for EarthLink. “We will continue to pursue litigation, technical solutions, consumer education and legislative support to help ensure the quality of the Internet experience for all users.”

    In litigation filed in U.S. District Court in Atlanta last month, EarthLink charges the defendants in all four lawsuits with violating the CAN- SPAM Act and various other state and federal statutes, including the federal Computer Fraud and Abuse Act, the Georgia Computer Systems Protection Act and state and federal racketeering laws, among others. A summary of each lawsuit is included below.

    Specific CAN-SPAM violations alleged include:
    – Falsifying “from” e-mail addresses (spoofing)
    – Failing to include a physical address in the e-mail
    – Deceptive subject lines
    – False and misleading header information
    – Failing to provide an electronic unsubscribe option
    – Failing to identify the sender as required
    – Using automated programs to generate possible e-mail addresses by
    combining names, letters and numbers into numerous combinations
    (dictionary attacks)
    – Using scripts used to register for multiple electronic e-mail or online
    user accounts
    As in previous cases, EarthLink is asking for injunctive relief that will prevent the defendants from illegally spamming any Internet user, regardless of the user’s ISP. EarthLink is also seeking unspecified damages.

    EarthLink’s lawsuits are the latest example of the ISP’s multi-faceted fight against spam. In 2003, EarthLink launched spamBlocker, becoming the first major ISP to provide a permission-based spam-fighting tool that blocks virtually 100 percent of all junk e-mail. Last year, EarthLink launched ScamBlocker™, a free tool that helps protect consumers against online identity theft from “phisher” spam e-mail messages.

    EarthLink has sued and won multi-million dollar judgments against spammers, including a $16.4 million judgment and injunctive relief against Howard Carmack, aka the “Buffalo Spammer,” shutting down an operation that had generated more than 825 million spam e-mails on the Internet. EarthLink’s pursuit of Carmack led to his criminal conviction by the New York Attorney General’s office on charges related to his spamming.

    CASE SUMMARIES
    EarthLink v. Gregory Lars Alsing d/b/a Parcelship.com, of Elk Grove, California, and Impression Media, Inc., of Las Vegas, Nevada

    EarthLink’s lawsuit charges the defendants with sending hundreds of thousands of fraudulent e-mails in 2004 advertising cable descramblers that promised to let users watch unlimited pay-per-view cable programming without paying, as well as fraudulent college diploma spam. In addition, the lawsuit charges the defendants with using text randomizers to insert long passages of gibberish in messages in attempts to evade EarthLink’s spam filters.

    EarthLink v. BC Alliance, Inc., of Sunrise, Florida, and Craig S. Brockwell of Miami, Florida

    EarthLink’s lawsuit alleges that Brockwell and BC Alliance sent hundreds of thousands of deceptive e-mails advertising discount ink jet printer cartridges and other printer supplies.

    EarthLink v. Christina Reese; YamboCS, Inc.; Angela M. Nickerson d/b/a YamboCS.com, all of Redmond, Washington; and John Does 4 – 25

    EarthLink’s lawsuit charges the defendants with sending tens of thousands of fraudulent and deceptive e-mails advertising pornographic Web sites. According to the lawsuit, the defendants sent illegal spam e-mails containing obscene subject lines and explicit pictures and text.

    EarthLink v. Peter Moshou of Auburndale, Florida; and John Does 3 – 25

    According to EarthLink’s lawsuit, the defendants sent hundreds of thousands of unsolicited commercial e-mails throughout 2004 and 2005 soliciting contact information by offering brokerage services for people interested in selling their timeshares.

    About EarthLink

    “EarthLink. We revolve around you™.” As the nation’s next generation Internet service provider, Atlanta-based EarthLink has earned an award-winning reputation for outstanding customer service and its suite of online products and services. According to the J.D. Power and Associates 2004 Internet Service Provider Residential Customer Satisfaction Study(SM), EarthLink is ranked highest in customer satisfaction among high-speed and dial up Internet Service Providers. Serving over five million subscribers, EarthLink offers what every user should expect from their Internet experience: high-quality connectivity, minimal online intrusions, and customizable features. Whether it’s dial-up, high-speed, Web hosting, wireless voice and data services, or “EarthLink Extras” like home networking, security or voice over IP, EarthLink provides the tools that best let individuals use and enjoy the Internet on their own terms. Learn more about EarthLink by calling (800) EARTHLINK or visiting EarthLink’s Web site at http://www.earthlink.net .

    SOURCE EarthLink

    Carla Shaw, +1-404-748-7436, or mobile, +1-404-849-1140, or shawcm@corp.earthlink.net
    , or Alexandra Trask, +1-404-748-7267, or mobile, +1-404-441-2814, or
    traska@corp.earthlink.net , both of EarthLink
    http://www.prnewswire.com

    http://ir.earthlink.net/releasedetail.cfm?ReleaseID=249690

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.