Crime Canadian Pharmacy Spam Servers

June 18, 2009Leave a comment

SmartFilter Category:	Not Categorized Make Category Suggestions
IPs:	58.17.3.41 60.191.221.123 60.191.239.166 61.191.191.241 203.93.208.86

SmartFilter Category: Malicious Sites
Make Category Suggestions

Namerservers on IP: dns1.carryfit.com
dns1.deepworthy.com
dns1.drivefabled.com
dns1.duckspruce.com
dns1.fireideal.com
dns1.flipdollar.com
dns1.fullrail.com
dns1.grewmile.com
dns1.leadspitch.com
dns1.littletrue.com
dns1.luckyoxygen.com
dns1.nationreap.com
dns1.noseaglow.com
dns1.orclock.com
dns1.pamperextra.com
dns1.personsuffix.com
dns1.pleaseself.com
dns1.relaxrange.com
dns1.replyvoice.com
dns1.ropebird.com
dns1.saidplan.com
dns1.thingspend.com
dns1.towardhardy.com
dns1.trendylost.com
dns1.trendysit.com
dns1.varystart.com
dns1.vippast.com
dns1.wentcrisp.com
dns1.wheelfinish.com
dns1.whiteaware.com
dns1.winnertrue.com
dns1.wishlate.com
dns2.aftermulti.com
dns2.agreecrop.com
dns2.boughtcreate.com
dns2.carryfit.com
dns2.createwere.com
dns2.dadfour.com
dns2.deepworthy.com
dns2.dreamylot.com
dns2.drivefabled.com
dns2.fireideal.com
dns2.greatyule.com
dns2.hasfeet.com
dns2.headraise.com
dns2.huntbring.com
dns2.leadspitch.com
dns2.littletrue.com
dns2.nationdimple.com
dns2.nationreap.com
dns2.noseaglow.com
dns2.orclock.com
dns2.pleaseself.com
dns2.replyvoice.com
dns2.ropebird.com
dns2.saidplan.com
dns2.shallcoat.com
dns2.spotseason.com
dns2.tangyprime.com
dns2.towardhardy.com
dns2.trendysit.com
dns2.varystart.com
dns2.vippast.com
dns2.weekplease.com
dns3.agreecrop.com
dns3.deepworthy.com
dns3.drivefabled.com
dns3.fireideal.com
dns3.fullrail.com
dns3.headraise.com
dns3.leadspitch.com
dns3.littletrue.com
dns3.nationdimple.com
dns3.nationreap.com
dns3.noseaglow.com
dns3.noticematch.com
dns3.nounstudy.com
dns3.personsuffix.com
dns3.pleaseself.com
dns3.relaxrange.com
dns3.renownstreet.com
dns3.replyvoice.com
dns3.ropebird.com
dns3.saidplan.com
dns3.shallcoat.com
dns3.tangyprime.com
dns3.towardhardy.com
dns3.trendylost.com
dns3.trendysit.com
dns3.varystart.com
dns3.vippast.com
dns3.weekplease.com
dns4.agreecrop.com
dns4.buyvalued.com
dns4.camediffer.com
dns4.coursethey.com
dns4.createwere.com
dns4.dadfour.com
dns4.decidesmile.com
dns4.deepworthy.com

Canadian Pharmacy Spam – homevaried.com

June 18, 2009Leave a comment

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
66.18.238.145	Canada (Calgary)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.36.154	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Todd Hinkle Sat Jun 13 16:47:50 2009 Return-Path: todd.hinklexs@netron.cz
Authentication-Results: mta167.sbc.mail.mud.yahoo.com from=netron.cz; domainkeys=neutral (no sig); from=netron.cz; dkim=neutral (no sig) Received: from 66.18.238.145 (EHLO nlpi140.prodigy.net) (207.115.36.154) by mta167.sbc.mail.mud.yahoo.com with SMTP;
Sat, 13 Jun 2009 16:47:48 -0700 Received: from zjl05r3 (dsl-vlan458-66-18-238-145.nucleus.com [66.18.238.145]) by nlpi140.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5DNlSlm031067; Sat, 13 Jun 2009 18:47:47 -0500 Message-ID: <000701c9ec81$5c956240$4a37416a@netron.cz>
Reply-To: “Todd Hinkle” todd.hinklexs@netron.cz
From: “Todd Hinkle” todd.hinklexs@netron.cz
To: ScamFraudAlert
Subject: Get anti anxiety medications online!!
Date: Sat, 13 Jun 2009 18:47:50 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=”windows-1250″ reply-type=original Content-Transfer-Encoding: 7bit Content-Length: 136
An Incredible CanadianPharmacy is available at your Fingertips!
No Doctor Needed! Browse our SiteToday! -> http://homevaried.com

Address lookup

canonical name	homevaried.com.
aliases
addresses	60.191.221.123 60.191.239.166 61.191.191.241 203.93.208.86 58.17.3.41

Domain Whois record

Queried whois.internic.net with “dom homevaried.com“…

   Domain Name: HOMEVARIED.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.BEDPLAIN.COM
   Name Server: NS2.BEDPLAIN.COM
   Name Server: NS3.AGAINTAIL.COM
   Name Server: NS4.AGAINTAIL.COM
   Name Server: NS5.OUTMILK.IM
   Name Server: NS6.OUTMILK.IM
   Status: ok
   Updated Date: 10-jun-2009
   Creation Date: 10-jun-2009
   Expiration Date: 10-jun-2010

Last update of whois database: Thu, 18 Jun 2009 07:58:28 UTC <<<

Queried whois.namerich.cn with “homevaried.com“…

 DomainName : homevaried.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS5.OUTMILK.IM
Name Server......................NS3.AGAINTAIL.COM
Name Server......................NS1.BEDPLAIN.COM
Name Server......................NS6.OUTMILK.IM
Name Server......................NS4.AGAINTAIL.COM
Name Server......................NS2.BEDPLAIN.COM
Status...........................ok
Creation  Date ..................2009-06-10
Expiration Date .................2010-06-10
Last Update  Date ...............2009-06-10

Registrant ID ...................V-X-57187-12492
Registrant Name .................JIANG HUA
Registrant Organization .........JIANG HUA
Registrant Address ..............LONGSHABEILU12
Registrant City..................TianJin
Registrant Province/State .......TianJin
Registrant Country Code .........CN
Registrant Postal Code ..........300009
Registrant Phone Number .........+86.02251251685
Registrant Fax ..................+86.02251251685
Registrant Email ................xianeldb@126.com

Administrative ID ...............V-X-57187-12492
Administrative Name .............JIANG HUA
Administrative Organization .....JIANG HUA
Administrative Address ..........LONGSHABEILU12
Administrative City..............TianJin
Administrative Province/State ...TianJin
Administrative Country Code .....CN
Administrative Postal Code ......300009
Administrative Phone Number .....+86.02251251685
Administrative Fax ..............+86.02251251685
Administrative Email ............xianeldb@126.com

Billing ID ......................V-X-57187-12492
Billing Name ....................JIANG HUA
Billing Organization ............JIANG HUA
Billing Address .................LONGSHABEILU12
Billing City.....................TianJin
Billing Province/State ..........TianJin
Billing Country Code ............CN
Billing Postal Code .............300009
Billing Phone Number ............+86.02251251685
Billing Fax .....................+86.02251251685
Billing Email ...................xianeldb@126.com

Technical ID ....................V-X-57187-12492
Technical Name ..................JIANG HUA
Technical Organization...........JIANG HUA
Technical Address ...............LONGSHABEILU12
Technical City...................TianJin
Technical Province/State.........TianJin
Technical Country Code ..........CN
Technical Postal Code ...........300009
Technical Phone Number ..........+86.02251251685
Technical Fax ...................+86.02251251685
Technical Email .................xianeldb@126.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “60.191.221.123“…

inetnum:      60.191.221.0 - 60.191.221.255
netname:      JINHUA-TELECOM-LTD
country:      CN
descr:        Jinhua Telecom Co.,ltd IDC Center
descr:
admin-c:      LW1143-AP
tech-c:       CJ54-AP
status:       ASSIGNED NON-PORTABLE
changed:      auto-dbm@dcb.hz.zj.cn 20070618
mnt-by:       MAINT-CN-CHINANET-ZJ-JH
source:       APNIC

role:         CHINANET-ZJ Jinhua
address:      No.155 Xishi street,Jinhua,Zhejiang.321000
country:      CN
phone:        +86-579-2300779
fax-no:       +86-579-2330035
e-mail:       anti_spam@mail.jhptt.zj.cn
trouble:      send spam reports to anti_spam@mail.jhptt.zj.cn
trouble:      and abuse reports to anti_spam@mail.jhptt.zj.cn
trouble:      Please include detailed information and times in UTC
admin-c:      CH55-AP
tech-c:       CH55-AP
nic-hdl:      CJ54-AP
mnt-by:       MAINT-CHINANET-ZJ
changed:      master@dcb.hz.zj.cn 20031204
source:       APNIC

person:       Lujiang Wang
nic-hdl:      LW1143-AP
e-mail:       anti_spam@mail.jhptt.zj.cn
address:      NO.155 Xishi Street,Jinhua,Zhejiang.Postcode:321000
phone:        +86-579-83285460
country:      CN
changed:      auto-dbm@dcb.hz.zj.cn 20070618
mnt-by:       MAINT-CN-CHINANET-ZJ-JH
source:       APNIC

DNS records

DNS query for 123.221.191.60.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
homevaried.com	IN	A	58.17.3.41	3600s	(01:00:00)
homevaried.com	IN	A	60.191.239.166	3600s	(01:00:00)
homevaried.com	IN	A	60.191.221.123	3600s	(01:00:00)
homevaried.com	IN	A	61.191.191.241	3600s	(01:00:00)
homevaried.com	IN	A	203.93.208.86	3600s	(01:00:00)

— end —

Canadian Pharmacy – rosefight.com – causebreezy.com

June 6, 20091 Comment

An Incredible Canadian~Pharmacy is available at your Fingertips!
NO_Doctor_Needed! Click Here => http://rosefight.com

An Incredible Canadian~Pharmacy is available at your_Fingertips!
NO_Doctor_Needed! Click Here => http://causebreezy.com

An Incredible CanadianPharmacy is available at your Fingertips!
NO Doctor Needed! Click Here -> http://zealstay.com

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
60.198.140.245	Taiwan (Taipei)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.20.195	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Amanda King Wed Jun 3 19:08:30 2009
Return-Path:
Authentication-Results: mta124.sbc.mail.mud.yahoo.com from=anglianet.co.uk; domainkeys=neutral (no sig); from=anglianet.co.uk; dkim=neutral (no sig)
Received: from 60.198.140.245 (EHLO flpi193.prodigy.net) (207.115.20.195)
by mta124.sbc.mail.mud.yahoo.com with SMTP; Wed, 03 Jun 2009 19:08:30 -0700
Received: from wd4l8b2 (60-198-140-245.dynamic.tfn.ent.tw [60.198.140.245] (may be forged))
by flpi193.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5427Wlt003373;
Wed, 3 Jun 2009 19:08:27 -0700
Message-ID: <000701c9e4b9$5af491b0$4a37416a@anglianet.co.uk>
Reply-To: “Amanda King” <a_kingjf@anglianet.co.uk>
From: “Amanda King” <a_kingjf@anglianet.co.uk>
To: ScamFraudAlert
Subject: We have all the best Rxmed Out!
Date: Wed, 03 Jun 2009 21:08:30 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 124

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
194.254.168.135	France (Sannois)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.36.113	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Louie Hicks Fri Jun 5 02:48:58 2009
Return-Path:
Authentication-Results: mta138.sbc.mail.re3.yahoo.com from=sparebank1.no; domainkeys=neutral (no sig); from=sparebank1.no; dkim=neutral (no sig)
Received: from 194.254.168.135 (EHLO nlpi097.prodigy.net) (207.115.36.113)
by mta138.sbc.mail.re3.yahoo.com with SMTP; Fri, 05 Jun 2009 02:48:58 -0700
Received: from 9brjah2 ([194.254.168.135])
by nlpi097.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n559mm9j001639;
Fri, 5 Jun 2009 04:48:57 -0500
Message-ID: <000701c9e5c2$d939a6a0$4a37416a@sparebank1.no>
Reply-To: “Louie Hicks” louiehicks_ig@sparebank1.no
From: “Louie Hicks” louiehicks_ig@sparebank1.no
To: , ,
Subject: Have long strong night in BED!
Date: Fri, 05 Jun 2009 04:48:58 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 128

Address lookup

canonical name	rosefight.com.
aliases
addresses	203.93.208.86 58.17.3.41 60.191.239.181

Domain Whois record

Queried whois.internic.net with “dom rosefight.com“…

   Domain Name: ROSEFIGHT.COM
   Registrar: XIN NET TECHNOLOGY CORPORATION
   Whois Server: whois.paycenter.com.cn
   Referral URL: http://www.xinnet.com
   Name Server: NS1.FELTTWENTY.COM
   Name Server: NS2.FELTTWENTY.COM
   Name Server: SP151.DELETEDNS.COM
   Name Server: SP152.DELETEDNS.COM
   Name Server: SP153.DELETEDNS.COM
   Name Server: SP154.DELETEDNS.COM
   Status: ok
   Updated Date: 04-jun-2009
   Creation Date: 03-jun-2009
   Expiration Date: 03-jun-2010

>>> Last update of whois database: Sat, 06 Jun 2009 22:46:50 UTC <<<

Queried whois.paycenter.com.cn with “rosefight.com“…

Domain Name      : rosefight.com
PunnyCode        : rosefight.com

Registrant:
  Organization   : TIANCHUNLIN
  Name           : TIANCHUNLING
  Address        : daxuenanlu29
  City           : xinxiangshi
  Province/State : henansheng
  Country        : china
  Postal Code    : 453039

Administrative Contact:
  Name           : TIANCHUNLING
  Organization   : TIANCHUNLIN
  Address        : daxuenanlu29
  City           : xinxiangshi
  Province/State : henansheng
  Country        : china
  Postal Code    : 453039
  Phone Number   : 86-0373-61255412
  Fax            : 86-0373-61255412
  Email          : TIANCHUNLIN@139.COM

Technical Contact:
  Name           : TIANCHUNLING
  Organization   : TIANCHUNLIN
  Address        : daxuenanlu29
  City           : xinxiangshi
  Province/State : henansheng
  Country        : china
  Postal Code    : 453039
  Phone Number   : 86-0373-61255412
  Fax            : 86-0373-61255412
  Email          : TIANCHUNLIN@139.COM

Billing Contact:
  Name           : TIANCHUNLING
  Organization   : TIANCHUNLIN
  Address        : daxuenanlu29
  City           : xinxiangshi
  Province/State : henansheng
  Country        : china
  Postal Code    : 453039
  Phone Number   : 86-0373-61255412
  Fax            : 86-0373-61255412
  Email          : TIANCHUNLIN@139.COM

Network Whois record

Queried whois.apnic.net with “203.93.208.86“…

inetnum:      203.93.0.0 - 203.93.255.255
netname:      UNICOM-CN
descr:        China Unicom IP network
descr:        China Unicom
country:      CN
admin-c:      CH1302-AP
tech-c:       CH1302-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP
mnt-routes:   MAINT-CNCGROUP-RR
status:       ALLOCATED PORTABLE
changed:      hm-changed@apnic.net 20040116
changed:      hm-changed@apnic.net 20060124
changed:      hm-changed@apnic.net 20090507
changed:      hm-changed@apnic.net 20090508
source:       APNIC

person:       ChinaUnicom Hostmaster
nic-hdl:      CH1302-AP
e-mail:       abuse@chinaunicom.cn
address:      No.21,Jin-Rong Street
address:      Beijing,100140
address:      P.R.China
phone:        +86-10-82993155
fax-no:       +86-10-82993144
country:      CN
changed:      abuse@chinaunicom.cn 20090408
mnt-by:       MAINT-CNCGROUP
source:       APNIC

DNS records

DNS query for 86.208.93.203.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
rosefight.com	IN	A	60.191.239.181	3600s	(01:00:00)
rosefight.com	IN	A	58.17.3.41	3600s	(01:00:00)
rosefight.com	IN	A	203.93.208.86	3600s	(01:00:00)

scamFRAUDalert®Pharmacies Checker

Safety, Accountability, Affordability, Transparency In The Sale of Prescription Drugs Online

Category: fraudulent website alert

Crime Canadian Pharmacy Spam Servers

Canadian Pharmacy Spam – homevaried.com

Header Analysis

Address lookup

Domain Whois record

Network Whois record

DNS records

Canadian Pharmacy – rosefight.com – causebreezy.com

Header Analysis

Header Analysis

Domain Whois record

Network Whois record

DNS records