What we are seeing majority of PHARMACY SPAM sites being REDIRECTED from the s-u.me domain.
Address lookup
canonical name s-u.me
aliases
addresses 50.87.145.166
Domain Whois record
Queried whois.nic.me with “s-u.me
Domain ID:D10067444-ME
Domain Name:S-U.ME
Domain Create Date:28-Oct-2013 19:12:09 UTC
Domain Last Updated Date:28-Oct-2013 19:14:55 UTC
Domain Expiration Date:28-Oct-2014 19:12:09 UTC
Last Transferred Date:
Sponsoring Registrar:GoDaddy.com, LLC R41-ME
Created by:GoDaddy.com, LLC R41-ME
Last Updated by Registrar:GoDaddy.com, LLC R41-ME
Domain Status:CLIENT DELETE PROHIBITED
Domain Status:CLIENT RENEW PROHIBITED
Domain Status:CLIENT TRANSFER PROHIBITED
Domain Status:CLIENT UPDATE PROHIBITED
Domain Status:TRANSFER PROHIBITED
Registrant ID:CR153564119
Registrant Name:cantar marian
Registrant Organization:
Registrant Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Registrant City:drobeta turnu severin
Registrant State/Province:mehedinti
Registrant Country/Economy:RO
Registrant Postal Code:220077
Registrant Phone:+40.0040740204010
Registrant E-mail:admin@salonauto.ro
Admin ID:CR153564121
Admin Name:cantar marian
Admin Organization:
Admin Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Admin City:drobeta turnu severin
Admin State/Province:mehedinti
Admin Country/Economy:RO
Admin Postal Code:220077
Admin Phone:+40.0040740204010
Admin E-mail:admin@salonauto.ro
Tech ID:CR153564120
Tech Name:cantar marian
Tech Organization:
Tech Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Tech City:drobeta turnu severin
Tech State/Province:mehedinti
Tech Country/Economy:RO
Tech Postal Code:220077
Tech Phone:+40.0040740204010
Tech E-mail:admin@salonauto.ro
Nameservers:NS4023.HOSTGATOR.COM
Nameservers:NS4024.HOSTGATOR.COM
DNSSEC:Unsigned
Network Whois record
Queried rwhois.unifiedlayer.com with “50.87.145.166”…
%rwhois V-1.5:000080:00 rwhois.unifiedlayer.com (by Unified Layer, V-1.0.0)
network:Class-Name:network
network:ID: NETBLK-UL.50.87.144.0/21
network:Auth-Area: 50.87.144.0/21
network:Network-Name: UL-50.87.144.0/21
network:IP-Network: 50.87.144.0/21
network:Organization: websitewelcome.com
network:Tech-Contact: abuse@websitewelcome.com
network:Admin-Contact: abuse@websitewelcome.com
network:Abuse-Contact: abuse@websitewelcome.com
network:Created: 20130103
network:Updated: 20130103
network:Updated-By: abuse@websitewelcome.com
%ok
Queried whois.arin.net with “n 50.87.145.166″…
NetRange: 50.87.0.0 – 50.87.255.255
CIDR: 50.87.0.0/16
OriginAS: AS46606
NetName: UNIFIEDLAYER-NETWORK-9
NetHandle: NET-50-87-0-0-1
Parent: NET-50-0-0-0-0
NetType: Direct Allocation
RegDate: 2011-01-24
Updated: 2012-11-14
Ref: http://whois.arin.net/rest/net/NET-50-87-0-0-1
OrgName: Unified Layer
OrgId: BLUEH-2
Address: 1958 South 950 East
City: Provo
StateProv: UT
PostalCode: 84606
Country: US
RegDate: 2006-08-08
Updated: 2012-11-26
Ref: http://whois.arin.net/rest/org/BLUEH-2
ReferralServer: rwhois://rwhois.unifiedlayer.com:4321
OrgAbuseHandle: ABUSE3581-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-888-401-4678
OrgAbuseEmail: abuse@unifiedlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3581-ARIN
OrgNOCHandle: NETWO5508-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-888-401-4678
OrgNOCEmail: netops@unifiedlayer.com
OrgNOCRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN
OrgTechHandle: NETWO5508-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-888-401-4678
OrgTechEmail: netops@unifiedlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN
DNS records
name class type data time to live
s-u.me IN TXT v=spf1 a mx include:websitewelcome.com ~all 14400s (04:00:00)
s-u.me IN MX
preference: 0
exchange: s-u.me
14400s (04:00:00)
s-u.me IN SOA
server: ns4023.hostgator.com
email: root@gator2012.hostgator.com
serial: 2013102802
refresh: 86400
retry: 7200
expire: 3600000
minimum ttl: 86400
86400s (1.00:00:00)
s-u.me IN NS ns4024.hostgator.com 86400s (1.00:00:00)
s-u.me IN NS ns4023.hostgator.com 86400s (1.00:00:00)
s-u.me IN A 50.87.145.166 14400s (04:00:00)
166.145.87.50.in-addr.arpa IN PTR 50-87-145-166.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN NS ns2.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN NS ns1.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN SOA
server: ns1.unifiedlayer.com
email: abuse@unifiedlayer.com
serial: 2011012701
refresh: 28800
retry: 14400
expire: 3600000
minimum ttl: 300
86400s (1.00:00:00)
— end —
scamFRAUDalert®Pharmacies Checker 
Address lookup
canonical name discountmeds24.net
aliases
addresses 109.235.49.195
Domain Whois record
Queried whois.internic.net with “dom discountmeds24.net”…
Domain Name: DISCOUNTMEDS24.NET
Registrar: PAKNIC (PRIVATE) LIMITED
Whois Server: whois.paknic.com
Referral URL: http://www.paknic.com
Name Server: NS.LOCAL-PROVIDER.COM
Name Server: NS.LOCAL-PROVIDER2.COM
Status: ok
Updated Date: 16-dec-2013
Creation Date: 16-dec-2013
Expiration Date: 16-dec-2014
Last update of whois database: Mon, 06 Jan 2014 15:34:23 UTC
Queried whois.paknic.com with "discountmeds24.net"…
Domain name: DISCOUNTMEDS24.NET
Created On: 12/16/2013 10:34:00 AM
Expires On: 12/16/2014 10:34:00 AM
Last Updated On: 12/16/2013 10:34:00 AM
Registrant:
Web Domains By Proxy
Whois Agent contact@webdomainsbyproxy.com
P.O. BOX 3068
Lahore, Punjab 54000
PK
92.427583039 Fax: 92.427596639
Administrative Contact:
Web Domains By Proxy
Whois Agent contact@webdomainsbyproxy.com
P.O. BOX 3068
Lahore, Punjab 54000
PK
92.427583039 Fax: 92.427596639
Billing Contact:
Web Domains By Proxy
Whois Agent contact@webdomainsbyproxy.com
P.O. BOX 3068
Lahore, Punjab 54000
PK
92.427583039 Fax: 92.427596639
Technical Contact:
Web Domains By Proxy
Whois Agent contact@webdomainsbyproxy.com
P.O. BOX 3068
Lahore, Punjab 54000
PK
92.427583039 Fax: 92.427596639
Domain servers in listed order:
NS.LOCAL-PROVIDER.COM
NS.LOCAL-PROVIDER2.COM
modify these terms at any time.
PAKNIC Whois Version 1.1.6.0 1/6/2014 3:34:52 PM
Network Whois record
Queried whois.ripe.net with "-B 109.235.49.195.
inetnum: 109.235.49.0 – 109.235.49.255
netname: NL-NETROUTING
descr: Netrouting Telecom
remarks: INFRA-AW
country: NL
admin-c: SBT10-RIPE
tech-c: SBT10-RIPE
status: ASSIGNED PA
mnt-by: NETROUTING-MNT
mnt-lower: NETROUTING-MNT
mnt-routes: NETROUTING-MNT
changed: savvas@netrouting.eu 20100519
source: RIPE
person: S Bout
address: Handelsweg 8
address: 2404 CD Alphen a/d Rijn
address: The Netherlands
phone: +31 172 720 135
e-mail: noc@netrouting.com
abuse-mailbox: abuse@netrouting.com
nic-hdl: SBT10-RIPE
mnt-by: NETROUTING-MNT
changed: noc@netrouting.eu 20120304
source: RIPE
% Information related to '109.235.48.0/21AS47869'
route: 109.235.48.0/21
descr: Netrouting Route Object
origin: AS47869
mnt-by: NETROUTING-MNT
changed: noc@netrouting.eu 20100122
source: RIPE
% This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS2)
DNS records
name class type data time to live
discountmeds24.net IN SOA
server: ns.local-provider.com
email: ns@local-provider2.com
serial: 2013103002
refresh: 3600
retry: 900
expire: 360000
minimum ttl: 3600
180s (00:03:00)
discountmeds24.net IN NS ns.local-provider.com 180s (00:03:00)
discountmeds24.net IN NS ns.local-provider2.com 180s (00:03:00)
discountmeds24.net IN A 109.235.49.195 180s (00:03:00)
195.49.235.109.in-addr.arpa IN PTR axiomfrontiers.com 14400s (04:00:00)
49.235.109.in-addr.arpa IN SOA
server: ns1.netrouting.net
email: info@netrouting.net
serial: 2013032605
refresh: 14400
retry: 7200
expire: 604800
minimum ttl: 86400
14400s (04:00:00)
49.235.109.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 7200 (02:00:00)
signature expiration: 2014-02-05 10:00:22Z
signature inception: 2014-01-06 09:00:22Z
key tag: 751
signer's name: 109.in-addr.arpa
signature:
(1024 bits)
47C8D9E9FB4235F63F14C6FEDC085B2A
9F24EEF53AFA94A188AE17B6F17EE5B5
0E78156BE1CF019AC8A9D6CF4F8AFD1A
F334CAD1CD21EDD6B44A9DB7DC35E08F
7F34B5EB4A86D4DA0DC47640300825B6
B6150F2A94F240565AD7CD99E542B787
CFC18529DFFB40B0AF218CB4BFB82D38
0F32E89523084D3DF72A3064EB3839DE
4118s (01:08:38)
49.235.109.in-addr.arpa IN NSEC
next domain name: 5.235.109.in-addr.arpa
record types: NS RRSIG NSEC
4118s (01:08:38)
49.235.109.in-addr.arpa IN NS ns3.netrouting.net 14400s (04:00:00)
49.235.109.in-addr.arpa IN NS ns1.netrouting.net 14400s (04:00:00)
49.235.109.in-addr.arpa IN NS ns2.netrouting.net 14400s (04:00:00)
— end —