WhoIs s-u.me/premiumrxpills.com

What we are seeing majority of PHARMACY SPAM sites being REDIRECTED from the s-u.me domain.

Address lookup
canonical name s-u.me
scamalert
aliases
addresses 50.87.145.166
Domain Whois record

Queried whois.nic.me with “s-u.me

Domain ID:D10067444-ME
Domain Name:S-U.ME

Domain Create Date:28-Oct-2013 19:12:09 UTC
Domain Last Updated Date:28-Oct-2013 19:14:55 UTC
Domain Expiration Date:28-Oct-2014 19:12:09 UTC

Last Transferred Date:
Sponsoring Registrar:GoDaddy.com, LLC R41-ME
Created by:GoDaddy.com, LLC R41-ME
Last Updated by Registrar:GoDaddy.com, LLC R41-ME

Domain Status:CLIENT DELETE PROHIBITED
Domain Status:CLIENT RENEW PROHIBITED
Domain Status:CLIENT TRANSFER PROHIBITED
Domain Status:CLIENT UPDATE PROHIBITED
Domain Status:TRANSFER PROHIBITED

Registrant ID:CR153564119
Registrant Name:cantar marian
Registrant Organization:
Registrant Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Registrant City:drobeta turnu severin
Registrant State/Province:mehedinti
Registrant Country/Economy:RO
Registrant Postal Code:220077
Registrant Phone:+40.0040740204010
Registrant E-mail:admin@salonauto.ro

Admin ID:CR153564121
Admin Name:cantar marian
Admin Organization:
Admin Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Admin City:drobeta turnu severin
Admin State/Province:mehedinti
Admin Country/Economy:RO
Admin Postal Code:220077
Admin Phone:+40.0040740204010
Admin E-mail:admin@salonauto.ro

Tech ID:CR153564120
Tech Name:cantar marian
Tech Organization:
Tech Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Tech City:drobeta turnu severin
Tech State/Province:mehedinti
Tech Country/Economy:RO
Tech Postal Code:220077
Tech Phone:+40.0040740204010
Tech E-mail:admin@salonauto.ro

Nameservers:NS4023.HOSTGATOR.COM
Nameservers:NS4024.HOSTGATOR.COM

DNSSEC:Unsigned

Network Whois record

Queried rwhois.unifiedlayer.com with “50.87.145.166”…

%rwhois V-1.5:000080:00 rwhois.unifiedlayer.com (by Unified Layer, V-1.0.0)
network:Class-Name:network
network:ID: NETBLK-UL.50.87.144.0/21
network:Auth-Area: 50.87.144.0/21
network:Network-Name: UL-50.87.144.0/21
network:IP-Network: 50.87.144.0/21
network:Organization: websitewelcome.com
network:Tech-Contact: abuse@websitewelcome.com
network:Admin-Contact: abuse@websitewelcome.com
network:Abuse-Contact: abuse@websitewelcome.com
network:Created: 20130103
network:Updated: 20130103
network:Updated-By: abuse@websitewelcome.com

%ok

Queried whois.arin.net with “n 50.87.145.166″…

NetRange: 50.87.0.0 – 50.87.255.255
CIDR: 50.87.0.0/16
OriginAS: AS46606
NetName: UNIFIEDLAYER-NETWORK-9
NetHandle: NET-50-87-0-0-1
Parent: NET-50-0-0-0-0
NetType: Direct Allocation
RegDate: 2011-01-24
Updated: 2012-11-14
Ref: http://whois.arin.net/rest/net/NET-50-87-0-0-1

OrgName: Unified Layer
OrgId: BLUEH-2
Address: 1958 South 950 East
City: Provo
StateProv: UT
PostalCode: 84606
Country: US
RegDate: 2006-08-08
Updated: 2012-11-26
Ref: http://whois.arin.net/rest/org/BLUEH-2

ReferralServer: rwhois://rwhois.unifiedlayer.com:4321

OrgAbuseHandle: ABUSE3581-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-888-401-4678
OrgAbuseEmail: abuse@unifiedlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3581-ARIN

OrgNOCHandle: NETWO5508-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-888-401-4678
OrgNOCEmail: netops@unifiedlayer.com
OrgNOCRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

OrgTechHandle: NETWO5508-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-888-401-4678
OrgTechEmail: netops@unifiedlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

DNS records
name class type data time to live
s-u.me IN TXT v=spf1 a mx include:websitewelcome.com ~all 14400s (04:00:00)
s-u.me IN MX
preference: 0
exchange: s-u.me
14400s (04:00:00)
s-u.me IN SOA
server: ns4023.hostgator.com
email: root@gator2012.hostgator.com
serial: 2013102802
refresh: 86400
retry: 7200
expire: 3600000
minimum ttl: 86400
86400s (1.00:00:00)
s-u.me IN NS ns4024.hostgator.com 86400s (1.00:00:00)
s-u.me IN NS ns4023.hostgator.com 86400s (1.00:00:00)
s-u.me IN A 50.87.145.166 14400s (04:00:00)
166.145.87.50.in-addr.arpa IN PTR 50-87-145-166.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN NS ns2.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN NS ns1.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN SOA
server: ns1.unifiedlayer.com
email: abuse@unifiedlayer.com
serial: 2011012701
refresh: 28800
retry: 14400
expire: 3600000
minimum ttl: 300
86400s (1.00:00:00)

— end —

One thought on “WhoIs s-u.me/premiumrxpills.com

  1. SFA Reporter says:

    Address lookup
    canonical name discountmeds24.net

    aliases
    addresses 109.235.49.195
    Domain Whois record

    Queried whois.internic.net with “dom discountmeds24.net”…

    Domain Name: DISCOUNTMEDS24.NET
    Registrar: PAKNIC (PRIVATE) LIMITED
    Whois Server: whois.paknic.com
    Referral URL: http://www.paknic.com
    Name Server: NS.LOCAL-PROVIDER.COM
    Name Server: NS.LOCAL-PROVIDER2.COM
    Status: ok
    Updated Date: 16-dec-2013
    Creation Date: 16-dec-2013
    Expiration Date: 16-dec-2014

    Last update of whois database: Mon, 06 Jan 2014 15:34:23 UTC
    Queried whois.paknic.com with "discountmeds24.net"…

    Domain name: DISCOUNTMEDS24.NET

    Created On: 12/16/2013 10:34:00 AM
    Expires On: 12/16/2014 10:34:00 AM
    Last Updated On: 12/16/2013 10:34:00 AM

    Registrant:
    Web Domains By Proxy
    Whois Agent contact@webdomainsbyproxy.com
    P.O. BOX 3068
    Lahore, Punjab 54000
    PK
    92.427583039 Fax: 92.427596639

    Administrative Contact:
    Web Domains By Proxy
    Whois Agent contact@webdomainsbyproxy.com
    P.O. BOX 3068
    Lahore, Punjab 54000
    PK
    92.427583039 Fax: 92.427596639

    Billing Contact:
    Web Domains By Proxy
    Whois Agent contact@webdomainsbyproxy.com
    P.O. BOX 3068
    Lahore, Punjab 54000
    PK
    92.427583039 Fax: 92.427596639

    Technical Contact:
    Web Domains By Proxy
    Whois Agent contact@webdomainsbyproxy.com
    P.O. BOX 3068
    Lahore, Punjab 54000
    PK
    92.427583039 Fax: 92.427596639

    Domain servers in listed order:
    NS.LOCAL-PROVIDER.COM
    NS.LOCAL-PROVIDER2.COM

    modify these terms at any time.
    PAKNIC Whois Version 1.1.6.0 1/6/2014 3:34:52 PM

    Network Whois record
    Queried whois.ripe.net with "-B 109.235.49.195.
    inetnum: 109.235.49.0 – 109.235.49.255
    netname: NL-NETROUTING
    descr: Netrouting Telecom
    remarks: INFRA-AW
    country: NL
    admin-c: SBT10-RIPE
    tech-c: SBT10-RIPE
    status: ASSIGNED PA
    mnt-by: NETROUTING-MNT
    mnt-lower: NETROUTING-MNT
    mnt-routes: NETROUTING-MNT
    changed: savvas@netrouting.eu 20100519
    source: RIPE

    person: S Bout
    address: Handelsweg 8
    address: 2404 CD Alphen a/d Rijn
    address: The Netherlands
    phone: +31 172 720 135
    e-mail: noc@netrouting.com
    abuse-mailbox: abuse@netrouting.com
    nic-hdl: SBT10-RIPE
    mnt-by: NETROUTING-MNT
    changed: noc@netrouting.eu 20120304
    source: RIPE

    % Information related to '109.235.48.0/21AS47869'

    route: 109.235.48.0/21
    descr: Netrouting Route Object
    origin: AS47869
    mnt-by: NETROUTING-MNT
    changed: noc@netrouting.eu 20100122
    source: RIPE

    % This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS2)

    DNS records
    name class type data time to live
    discountmeds24.net IN SOA
    server: ns.local-provider.com
    email: ns@local-provider2.com
    serial: 2013103002
    refresh: 3600
    retry: 900
    expire: 360000
    minimum ttl: 3600
    180s (00:03:00)
    discountmeds24.net IN NS ns.local-provider.com 180s (00:03:00)
    discountmeds24.net IN NS ns.local-provider2.com 180s (00:03:00)
    discountmeds24.net IN A 109.235.49.195 180s (00:03:00)
    195.49.235.109.in-addr.arpa IN PTR axiomfrontiers.com 14400s (04:00:00)
    49.235.109.in-addr.arpa IN SOA
    server: ns1.netrouting.net
    email: info@netrouting.net
    serial: 2013032605
    refresh: 14400
    retry: 7200
    expire: 604800
    minimum ttl: 86400
    14400s (04:00:00)
    49.235.109.in-addr.arpa IN RRSIG
    type covered: NSEC (47)
    algorithm: RSA/SHA-1 (5)
    labels: 5
    original ttl: 7200 (02:00:00)
    signature expiration: 2014-02-05 10:00:22Z
    signature inception: 2014-01-06 09:00:22Z
    key tag: 751
    signer's name: 109.in-addr.arpa
    signature:
    (1024 bits)

    47C8D9E9FB4235F63F14C6FEDC085B2A
    9F24EEF53AFA94A188AE17B6F17EE5B5
    0E78156BE1CF019AC8A9D6CF4F8AFD1A
    F334CAD1CD21EDD6B44A9DB7DC35E08F
    7F34B5EB4A86D4DA0DC47640300825B6
    B6150F2A94F240565AD7CD99E542B787
    CFC18529DFFB40B0AF218CB4BFB82D38
    0F32E89523084D3DF72A3064EB3839DE

    4118s (01:08:38)
    49.235.109.in-addr.arpa IN NSEC
    next domain name: 5.235.109.in-addr.arpa
    record types: NS RRSIG NSEC
    4118s (01:08:38)
    49.235.109.in-addr.arpa IN NS ns3.netrouting.net 14400s (04:00:00)
    49.235.109.in-addr.arpa IN NS ns1.netrouting.net 14400s (04:00:00)
    49.235.109.in-addr.arpa IN NS ns2.netrouting.net 14400s (04:00:00)

    — end —

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s