Canadian Pharmacy Spam – cheaprxpharmonline.com

July 30, 20091 Comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Behind The Online Pharma

Today a shadowy, transnational network of illicit drug manufacturers, traders, doctors, Web site operators, spammers and criminals makes up the online pharma world.

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
122.56.218.44	New Zealand (Auckland)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.20.183	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Harold Messer Wed Jul 29 18:44:25 2009
Return-Path:
Authentication-Results: mta153.sbc.mail.mud.yahoo.com from=sm.luth.se; domainkeys=neutral (no sig); from=sm.luth.se; dkim=neutral (no sig)
Received: from 122.56.218.44 (EHLO flpi181.prodigy.net) (207.115.20.183)
by mta153.sbc.mail.mud.yahoo.com with SMTP; Wed, 29 Jul 2009 18:44:40 -0700
Received: from 7n8k622 (122-56-218-44.mobile.telecom.co.nz [122.56.218.44] (may be forged))
by flpi181.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6U1hWEk003354;
Wed, 29 Jul 2009 18:44:37 -0700
Message-ID: <000701ca10b7$44cbffc0$627e0202@sm.luth.se>
Reply-To: “Harold Messer” <haroldmesser_zw@sm.luth.se
From: “Harold Messer” <haroldmesser_zw@sm.luth.se
To: , ,
Subject: Need some help focusing?.. get Ritalin!
Date: Wed, 29 Jul 2009 18:44:25 -0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 219

VicodinES, XanaxAmbien, Codeine, Phentermin and many more!
No Doctor or Prescription Needed! Brand & Generic Names Available!
Fast Trackable USPS Shipping!
Browse Our Site Today –> http://cheaprxpharmonline.com

SmartFilter Category: Not Categorized
Make Category Suggestions

IP: 60.12.166.154

Nameservers: ns1.cheaprxpharmonline.com ns2.cheaprxpharmonline.com

ns3.cheaprxpharmonline.com

ns4.cheaprxpharmonline.com

nameservers missing in zone

hot1gaming.com X X

ns1.bd4ns.com X X

ns1.cheaprxpharmonline.com

X X

ns2.cheaprxpharmonline.com

X X

ns2.ef2ns.com X X

ns3.br4ns.com X X

ns3.cheaprxpharmonline.com

X X

ns4.cheaprxpharmonline.com

X X

sdavaiteres.com

hostnames sharing ip with a-records

*.sdavaiteres.com

hot1gaming.com

ns1.listendns.com

ns1.sdavaiteres.com

ns2.sdavaiteres.com

ns3.fa6ns.com

ns3.sdavaiteres.com

ns4.sdavaiteres.com

sdavaiteres.com

www.softokors.com

hostnames sharing ip with a-records
*.sdavaiteres.com hot1gaming.com ns1.listendns.com ns1.sdavaiteres.com ns2.sdavaiteres.com ns3.fa6ns.com ns3.sdavaiteres.com ns4.sdavaiteres.com sdavaiteres.com www.softokors.com

Address lookup

canonical name	cheaprxpharmonline.com.
aliases
addresses	60.12.166.154

Domain Whois record

Queried whois.internic.net with “dom cheaprxpharmonline.com“…

   Domain Name: CHEAPRXPHARMONLINE.COM
   Registrar: XIAMEN ENAME NETWORK TECHNOLOGY CORPORATION LIMITED DBA ENAME CORP
   Whois Server: whois.ename.com
   Referral URL: http://www.ename.com
   Name Server: NS1.BD4NS.COM
   Name Server: NS2.EF2NS.COM
   Name Server: NS3.BR4NS.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Updated Date: 28-jul-2009
   Creation Date: 03-apr-2009
   Expiration Date: 03-apr-2010

 Last update of whois database: Thu, 30 Jul 2009 15:12:12 UTC <<<

Queried whois.ename.com with “cheaprxpharmonline.com“…

Domain Name : cheaprxpharmonline.com

Registrant Contact Information :
XINGYUNRI
XINGYUNRI
baobao7802@hotmail.com
TONGLUOWAN15, 026974
tel: +86 086482179624
fax: +86 086482179624 

Administrative Contact Information :
XINGYUNRI
XINGYUNRI
baobao7802@hotmail.com
TONGLUOWAN15, 026974
tel: +86 086482179624
fax: +86 086482179624 

Technical Contact Information :
XINGYUNRI
XINGYUNRI
baobao7802@hotmail.com
TONGLUOWAN15, 026974
tel: +86 086482179624
fax: +86 086482179624 

Billing Contact Information :
XINGYUNRI
XINGYUNRI
baobao7802@hotmail.com
TONGLUOWAN15, 026974
tel: +86 086482179624
fax: +86 086482179624 

Status :
clientDeleteProhibited
clientTransferProhibited

Domain Name Server :
ns1.bd4ns.com
ns2.ef2ns.com
ns3.br4ns.com

Registration Date :2009-4-3
Expiration Date : 2010-4-3

For more information, please go to http://whois.ename.com.

Network Whois record

Queried whois.apnic.net with “60.12.166.154“…

inetnum:      60.12.0.0 - 60.12.255.255
netname:      UNICOM-ZJ
descr:        China Unicom Zhejiang province network
descr:        China Unicom
country:      CN
admin-c:      CH1302-AP
tech-c:       JQ16-AP
remarks:      service provider
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP-ZJ
mnt-routes:   MAINT-CNCGROUP-RR
status:       ALLOCATED PORTABLE
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      hm-changed@apnic.net 20040629
changed:      hm-changed@apnic.net 20060124
changed:      hm-changed@apnic.net 20090507
changed:      hm-changed@apnic.net 20090508
source:       APNIC

route:        60.12.0.0/16
descr:        CNC Group CHINA169 Zhejiang Province Network
country:      CN
origin:       AS4837
mnt-by:       MAINT-CNCGROUP-RR
changed:      abuse@cnc-noc.net 20060118
source:       APNIC

person:       ChinaUnicom Hostmaster
nic-hdl:      CH1302-AP
e-mail:       abuse@chinaunicom.cn
address:      No.21,Jin-Rong Street
address:      Beijing,100140
address:      P.R.China
phone:        +86-10-66259940
fax-no:       +86-10-66259764
country:      CN
changed:      abuse@chinaunicom.cn 20090408
mnt-by:       MAINT-CNCGROUP
source:       APNIC

person:       Jianhuaq Qian
nic-hdl:      JQ16-AP
e-mail:       chenrenhai@china-netcom.com
address:      No 1,Hangzhou University Road,Hangzhou, Zhejiang,China
phone:        +86-571-28868063
fax-no:       +86-571-28868069
country:      CN
changed:      wuhong@china-netcom.com 20050421
mnt-by:       MAINT-CNCGROUP-ZJ
source:       APNIC

DNS records

DNS query for 154.166.12.60.in-addr.arpa returned an error from the server: NameError

name

class

type

data

time to live

cheaprxpharmonline.com

SOA

server:	ns1.domain.com
email:	admin.domain.com
serial:	1
refresh:	300
retry:	300
expire:	300
minimum ttl:	86400

86400s

(1.00:00:00)

cheaprxpharmonline.com

ns3.cheaprxpharmonline.com

86400s

(1.00:00:00)

cheaprxpharmonline.com

ns2.cheaprxpharmonline.com

86400s

(1.00:00:00)

cheaprxpharmonline.com

ns1.cheaprxpharmonline.com

86400s

(1.00:00:00)

cheaprxpharmonline.com

60.12.166.154

86400s

(1.00:00:00)

cheaprxpharmonline.com

ns4.cheaprxpharmonline.com

86400s

(1.00:00:00)

Service scan

FTP – 21 Error: ConnectionRefused

SMTP – 25 Error: ConnectionRefused

HTTP – 80

POP3 – 110 Error: ConnectionRefused

IMAP – 143 Error: ConnectionRefused

— end —

Canadian Pharmacy Spam KING

July 22, 20091 Comment

The guy is not just a spammer. He’s actually a criminal phisher. He sends spams to collect credit card numbers to steal your money.

The guy is well documented in the following urls. He’s the kingkong of all spams according to the spamhause: “Canadian Pharmacy”.

http://www.spamhaus.org/statistics/spammers.lasso
http://www.spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy

He’s known as;

Jonathan Owens

jowens@unifiedmarkets.com (current)
jowens@unifiedmarket.com (previous)
www.unifiedmarkets.com (current)
www.unifiedmarket.com (previous)
640 Grand Ave.
Carlsbad, North San Diego County
CA 92008-2365
+1 (760) 730-9864

You can find his foot prints by searching the following keywords;

210-888-9089 – Canadian Pharmacy
210-888-9089 – US Drugstore
+ 020 3239 7731 – (new number) Canadian Pharmacy
210 787 1711 – Bogus Marcus Med
845-709-8044 – Bogus university degree
718-524-2096 – Bogus OEM software
888-245-4117 – Bogus collection agency
support@canadianpharmsupport.com
210 East 59st Street New York, NY 10021

The good news is that this scammer has extreme hatered against receiving spams. It’s rather irony, isn’t it? So forward all the spams to the following email addresses. Send them using different email addresses as many as possible, so that he won’t be able to block your email addresses. He has the tendency that if you send a lot of spams to him, he will remove you from his spam databases. THIS IS THE ONLY WAY YOU CAN REMOVE FROM HIS SPAMBASE! You can also automate your email system to redirect to him. Then congratulations!
You will get far less spams!

jowens@unifiedmarkets.com
owensw@unifiedmarkets.com
dmoonfire@unifiedmarkets.com
uminfo@unifiedmarkets.com
dholden@unifiedmarkets.com

Canadian Pharmacy Spam – Fake Online Pharmacy Scam

July 22, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Behind The Online Pharma

Today a shadowy, transnational network of illicit drug manufacturers, traders, doctors, Web site operators, spammers and criminals makes up the online pharma world.

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
114.92.205.227	China*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.20.18	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Tammi G. Sosa Wed Jul 22 00:57:41 2009
Return-Path:
Authentication-Results: mta111.sbc.mail.gq1.yahoo.com from=gelcomms.co.uk; domainkeys=neutral (no sig); from=gelcomms.co.uk; dkim=neutral (no sig)
Received: from 114.92.205.227 (EHLO flph260.prodigy.net) (207.115.20.18)
by mta111.sbc.mail.gq1.yahoo.com with SMTP; Wed, 22 Jul 2009 01:01:19 -0700
Received: from whycmm2 ([114.92.205.227])
by flph260.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6M81AZc028606;
Wed, 22 Jul 2009 01:01:18 -0700
Message-ID: <000701ca0aa2$16bbda30$d828ea62@gelcomms.co.uk>
Reply-To: “Tammi G. Sosa” <tg.sosanb@gelcomms.co.uk>
From: “Tammi G. Sosa” <tg.sosanb@gelcomms.co.uk>
To: , ,
Subject: Look what i found
Date: Wed, 22 Jul 2009 02:57:41 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 142

Address lookup

canonical name

flowersuffix.com.

aliases

addresses

203.93.208.86
218.75.144.6
60.191.239.150

SmartFilter Category:

Malicious Sites
Make Category Suggestions

Namerservers on IP:

dns2.wishlate.com
dns3.aftermulti.com
dns3.agreecrop.com
dns3.andside.com
dns3.aromaeager.com
dns3.beginwisdom.com
dns3.birdwinner.com
dns3.boostpass.com
dns3.boughtcreate.com
dns3.buyvalued.com
dns3.camediffer.com
dns3.carryfit.com
dns3.dadserve.com
dns3.decenton.com
dns3.decidesmile.com
dns3.dreamylot.com
dns3.dressadd.com
dns3.duckspruce.com
dns3.enginemost.com
dns3.fireideal.com
dns3.flipdollar.com
dns3.geniusyet.com
dns3.giftedproper.com
dns3.grewmile.com
dns3.growverb.com
dns3.hasfeet.com
dns3.headraise.com
dns3.healthspeech.com
dns3.heldforce.com
dns3.huntbring.com
dns3.leadspitch.com
dns3.leveldepend.com
dns3.lightleave.com
dns3.littletrue.com
dns3.luckyoxygen.com
dns3.magnetsent.com
dns3.nationdimple.com
dns3.nightmodest.com
dns3.noseaglow.com
dns3.noticematch.com
dns3.pamperextra.com
dns3.pasttalk.com
dns3.peoplewind.com
dns3.personsuffix.com
dns3.planjust.com
dns3.pleaseself.com
dns3.pridenature.com
dns3.proudliquid.com
dns3.quartmover.com
dns3.relaxrange.com
dns3.renownstreet.com
dns3.saidplan.com
dns3.sawzeal.com
dns3.sereneread.com
dns3.sexyclock.com
dns3.sliporgan.com
dns3.smilefollow.com
dns3.smoothchoose.com
dns3.swimstand.com
dns3.teachwing.com
dns3.thanksent.com
dns3.trendylost.com
dns3.trendysit.com
dns3.varystart.com
dns3.vippast.com
dns3.weekplease.com
dns3.wentcrisp.com
dns3.whichcrop.com
dns3.witfun.com
dns5.good-1dns.com
host3.soonplay.com
nodns2.carrytake.com
nodns2.suitmotion.com
ns0.peakswell.com
ns0.saidcold.com
ns1.112911.org
ns1.adorenew.com
ns1.againseat.com
ns1.alertspring.com
ns1.andfell.com
ns1.ba43.com
ns1.beautybounce.com
ns1.bedplain.com
ns1.bedsing.com
ns1.boughtpose.com
ns1.breadprize.com
ns1.busyorder.com
ns1.cameegg.com
ns1.chartflat.in
ns1.cu28.com
ns1.cutfigure.com
ns1.decentbusy.com
ns1.deluxecrop.com
ns1.evertasty.com
ns1.exceptexotic.com
ns1.expertlofty.com
ns1.fabledmaxi.com
ns1.famousloyal.com
ns1.farkeep.com
ns1.fewwhole.com

Canadian Pharmacy Spam – Online Pharmacy Scam

July 22, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
97.80.187.119	United States (Lawrenceville)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.36.141	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Lupe Knox Tue Jul 21 21:49:15 2009
Return-Path:
Authentication-Results: mta101.sbc.mail.mud.yahoo.com from=abnet.ca; domainkeys=neutral (no sig); from=abnet.ca; dkim=neutral (no sig)
Received: from 97.80.187.119 (EHLO nlpi127.prodigy.net) (207.115.36.141)
by mta101.sbc.mail.mud.yahoo.com with SMTP; Tue, 21 Jul 2009 21:52:53 -0700
Received: from p63upe2 (static.unknown.charter.com [97.80.187.119] (may be forged))
by nlpi127.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n6M4qSn7030845;
Tue, 21 Jul 2009 23:52:51 -0500
Message-ID: <000701ca0a87$c3c94250$d828ea62@abnet.ca>
Reply-To: “Lupe Knox” lupe_knoxic @abnet.ca
From: “Lupe Knox” lupe_knoxic @abnet.ca
To: ,
Subject: Much bigger, than you used to have it!
Date: Tue, 21 Jul 2009 23:49:15 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 142

SmartFilter Category:

Malicious Sites
Make Category Suggestions

Namerservers on IP:

dns2.wishlate.com
dns3.nightmodest.com
ns0.peakswell.com
ns0.saidcold.com
ns1.112911.org
ns1.adorenew.com
ns1.againseat.com
ns1.alertspring.com
ns1.andfell.com
ns1.ba43.com
ns1.beautybounce.com
ns1.bedplain.com
ns1.boughtpose.com
ns1.breadprize.com
ns1.cameegg.com
ns1.cu28.com
ns1.cutfigure.com
ns1.decentbusy.com
ns1.deluxecrop.com
ns1.evertasty.com
ns1.expertlofty.com
ns1.fabledmaxi.com
ns1.famousloyal.com
ns1.farkeep.com
ns1.fewwhole.com
ns1.flattry.com
ns1.flypair.com
ns1.fromview.com
ns1.galoresize.com
ns1.gonemade.com
ns1.growten.com
ns1.hadagree.ru
ns1.hadwalk.com
ns1.ku17.net
ns1.letterwant.com
ns1.listwere.com
ns1.mainhumble.com
ns1.me15.net
ns1.nu23.com
ns1.okhalf.com
ns1.ownlate.com
ns1.peakswell.com
ns1.pickcool.in
ns1.pill35.net
ns1.re25.org
ns1.relaxtoward.com
ns1.rockflair.com
ns1.sawplump.com
ns1.skinglad.com
ns1.teethoxygen.com
ns1.towardlegend.in
ns1.tubeold.com
ns1.typetruck.com
ns1.watchnorth.com
ns1.yardaware.com
ns2.112911.org
ns2.ablenumber.com
ns2.againseat.com
ns2.aglowpaint.com
ns2.alertspring.com
ns2.beautybounce.com
ns2.beforebegin.com
ns2.boughtdeluxe.com
ns2.boughtpose.com
ns2.coateach.com
ns2.cutfigure.com
ns2.deluxecrop.com
ns2.directlisten.com
ns2.doctorstill.com
ns2.dounder.com
ns2.eitherbounce.com
ns2.famousloyal.com
ns2.flattry.com
ns2.flypair.com
ns2.grewcall.com
ns2.growfour.com
ns2.growten.com
ns2.hadagree.ru
ns2.letterwant.com
ns2.listwere.com
ns2.mainhumble.com
ns2.med22.org
ns2.med95.net
ns2.pridebought.com
ns2.primehurry.com
ns2.re25.org
ns2.regionearly.com
ns2.roomrow.com
ns2.sawplump.com
ns2.seedequate.com
ns2.skinglad.com
ns2.streetgreat.com
ns2.te26.com
ns2.thosekept.com
ns2.towardlegend.in
ns2.tubeold.com
ns2.typetruck.com
ns2.via99.org
ns2.watchnorth.com
ns2.yearbusy.com

Canadian Pharmacy Spam – andmelody.com.

July 21, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

An Incredible Canadian`Pharmacy is available at your_Fingertips!
No_Doctor_Needed! Browse our Site Today! -> http://andmelody.com

Vicodin_ES, ViagraXanax, Codeine, Phentermin, Ritalin and many more!
Brand Named & Generic Medications! No Doctor or Prescription Needed! Fast Trackable USPS Shipping! Browse Our Site Today –> http://cheaprx02.com

Address lookup

canonical name	andmelody.com.
aliases
addresses	60.191.239.150 203.93.208.86 218.75.144.6

Domain Whois record

Queried whois.internic.net with “dom andmelody.com“…

   Domain Name: ANDMELODY.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.SPEAKSMELL.COM
   Name Server: NS2.SPEAKSMELL.COM
   Name Server: NS3.STANDBRIEF.COM
   Name Server: NS4.STANDBRIEF.COM
   Name Server: NS5.B9T.RU
   Name Server: NS6.B9T.RU
   Status: ok
   Updated Date: 20-jul-2009
   Creation Date: 20-jul-2009
   Expiration Date: 20-jul-2010

Last update of whois database: Wed, 22 Jul 2009 01:31:53 UTC

Queried whois.namerich.cn with “andmelody.com“…

 DomainName : andmelody.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS1.SPEAKSMELL.COM
Name Server......................NS6.B9T.RU
Name Server......................NS3.STANDBRIEF.COM
Name Server......................NS2.SPEAKSMELL.COM
Name Server......................NS5.B9T.RU
Name Server......................NS4.STANDBRIEF.COM
Status...........................ok
Creation  Date ..................2009-07-20
Expiration Date .................2010-07-20
Last Update  Date ...............2009-07-20

Registrant ID ...................V-X-59716-16698
Registrant Name .................JIANG HUA
Registrant Organization .........JIANG HUA
Registrant Address ..............HUANMEILU82
Registrant City..................CZ
Registrant Province/State .......JS
Registrant Country Code .........CN
Registrant Postal Code ..........300009
Registrant Phone Number .........+86.059176147512
Registrant Fax ..................+86.059176147512
Registrant Email ................afwhndsg@126.com

Administrative ID ...............V-X-59716-16698
Administrative Name .............JIANG HUA
Administrative Organization .....JIANG HUA
Administrative Address ..........HUANMEILU82
Administrative City..............CZ
Administrative Province/State ...JS
Administrative Country Code .....CN
Administrative Postal Code ......300009
Administrative Phone Number .....+86.059176147512
Administrative Fax ..............+86.059176147512
Administrative Email ............afwhndsg@126.com

Billing ID ......................V-X-59716-16698
Billing Name ....................JIANG HUA
Billing Organization ............JIANG HUA
Billing Address .................HUANMEILU82
Billing City.....................CZ
Billing Province/State ..........JS
Billing Country Code ............CN
Billing Postal Code .............300009
Billing Phone Number ............+86.059176147512
Billing Fax .....................+86.059176147512
Billing Email ...................afwhndsg@126.com

Technical ID ....................V-X-59716-16698
Technical Name ..................JIANG HUA
Technical Organization...........JIANG HUA
Technical Address ...............HUANMEILU82
Technical City...................CZ
Technical Province/State.........JS
Technical Country Code ..........CN
Technical Postal Code ...........300009
Technical Phone Number ..........+86.059176147512
Technical Fax ...................+86.059176147512
Technical Email .................afwhndsg@126.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “60.191.239.150“…

inetnum:      60.191.239.0 - 60.191.239.255
netname:      JINHUA-TELECOM-LTD
country:      CN
descr:        Jinhua Telecom Co.,ltd
descr:
admin-c:      LW945-AP
tech-c:       CJ54-AP
status:       ASSIGNED NON-PORTABLE
changed:      auto-dbm@dcb.hz.zj.cn 20060824
mnt-by:       MAINT-CN-CHINANET-ZJ-JH
source:       APNIC

role:         CHINANET-ZJ Jinhua
address:      No.155 Xishi street,Jinhua,Zhejiang.321000
country:      CN
phone:        +86-579-2300779
fax-no:       +86-579-2330035
e-mail:       anti_spam@mail.jhptt.zj.cn
trouble:      send spam reports to anti_spam@mail.jhptt.zj.cn
trouble:      and abuse reports to anti_spam@mail.jhptt.zj.cn
trouble:      Please include detailed information and times in UTC
admin-c:      CH55-AP
tech-c:       CH55-AP
nic-hdl:      CJ54-AP
mnt-by:       MAINT-CHINANET-ZJ
changed:      master@dcb.hz.zj.cn 20031204
source:       APNIC

person:       Lujiang Wang
nic-hdl:      LW945-AP
e-mail:       anti_spam@mail.jhptt.zj.cn
address:      NO.155 Xishi Street,Jinhua,Zhejiang.Postcode:321000
phone:        +86-579-3285460
country:      CN
changed:      auto-dbm@dcb.hz.zj.cn 20060824
mnt-by:       MAINT-CN-CHINANET-ZJ-JH
source:       APNIC

DNS records

DNS query for 150.239.191.60.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
andmelody.com	IN	A	60.191.239.150	10800s	(03:00:00)
andmelody.com	IN	A	203.93.208.86	10800s	(03:00:00)
andmelody.com	IN	A	218.75.144.6	10800s	(03:00:00)

— end —

Canadian Pharmacy Spam Domains

July 17, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Domains on Nameserver ns2.growfour.com

Entries 1 – 26 of 26

Domain
growfour.com
agethough.com
prettydone.com
wonderagree.com
rosyworthy.com
tirethem.com
undersilent.com
lethour.com
walkcamp.com
reasoncount.com
sitsign.com
grewduring.com
cornerdeep.com
musiclucky.com
thansingle.com
isbounce.com
levelarrive.com
bodyseem.com
bornmind.com
alerthour.com
activeawake.com
liveevery.com
headten.com
toldan.com
streamvictor.com
stoodfriend.com

Stolen Identity Canadian Pharmacy – pfizer-incorporated.com

July 4, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Address lookup

canonical name	pfizer-incorporated.com.
aliases
addresses	91.207.4.202

Domain Whois record

Queried whois.internic.net with “dom pfizer-incorporated.com“…

   Domain Name: PFIZER-INCORPORATED.COM
   Registrar: ONLINENIC, INC.
   Whois Server: whois.onlinenic.com
   Referral URL: http://www.OnlineNIC.com
   Name Server: NS1.PFIZER-INCORPORATED.COM
   Name Server: NS2.PFIZER-INCORPORATED.COM
   Name Server: NS3.PFIZER-INCORPORATED.COM
   Name Server: NS4.PFIZER-INCORPORATED.COM
   Status: clientTransferProhibited
   Updated Date: 02-jul-2009
   Creation Date: 02-jul-2009
   Expiration Date: 02-jul-2010

>>> Last update of whois database: Sat, 04 Jul 2009 11:41:46 UTC <<<

Queried whois.onlinenic.com with “pfizer-incorporated.com“…

Registrant:
	 Deloris P Perticone fake_4b72bf7b5551be0072b6f3e6d6925864@smartdesign.by +7.4294967295
	 N/A
	 ul. Tsentral'naya, d. 18, kv. 11
	 Moskva,Moskovskaya obl.,RUSSIAN FEDERATION 101000

Domain Name:pfizer-incorporated.com 
Record last updated at 2009-07-02 10:19:48
Record created on 2009/7/2
Record expired on 2010/7/2

Domain servers in listed order:
	 ns1.pfizer-incorporated.com 	 ns2.pfizer-incorporated.com 

Administrator:
	 name: Deloris P Perticone
 mail: fake_4b72bf7b5551be0072b6f3e6d6925864@smartdesign.by tel: +7.4294967295
	 org: N/A

address: ul. Tsentral'naya, d. 18, kv. 11
	 city: Moskva
,province: Moskovskaya obl.
,country: RUSSIAN FEDERATION
 postcode: 101000

Technical Contactor:
	 name: Deloris P Perticone
 mail: fake_4b72bf7b5551be0072b6f3e6d6925864@smartdesign.by tel: +7.4294967295
	 org: N/A

address: ul. Tsentral'naya, d. 18, kv. 11
	 city: Moskva
,province: Moskovskaya obl.
,country: RUSSIAN FEDERATION
 postcode: 101000

Billing Contactor:
	 name: Deloris P Perticone
 mail: fake_4b72bf7b5551be0072b6f3e6d6925864@smartdesign.by tel: +7.4294967295
	 org: N/A

address: ul. Tsentral'naya, d. 18, kv. 11
	 city: Moskva
,province: Moskovskaya obl.
,country: RUSSIAN FEDERATION
 postcode: 101000

Registration Service Provider:
	name: Serpino Berbeto 
	tel: +1.2128848801
 	fax: +1.2128848801
 	web:

Network Whois record

Queried whois.ripe.net with “-B 91.207.4.202“…

% Information related to '91.207.4.0 - 91.207.9.255'

inetnum:        91.207.4.0 - 91.207.9.255
netname:        SteepHost-DC-UA
descr:          SteepHost.COM Datacentre Allocation
descr:          +380-63-618-45-00
descr:          +380-67-375-27-03
remarks:        Please send all spam/scam/fraud abuse to abuse@steephost.com
country:        UA
org:            ORG-SH7-RIPE
admin-c:        SH3855-RIPE
tech-c:         SH3855-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-HM-PI-MNT
mnt-by:         SH3855-MNT
mnt-lower:      RIPE-NCC-HM-PI-MNT
mnt-routes:     SH3855-MNT
mnt-domains:    SH3855-MNT
changed:        hostmaster@ripe.net 20080911
source:         RIPE

organisation:   ORG-SH7-RIPE
org-name:       SteepHost DC-UA
descr:          SteepHost.COM Datacentre Allocation
org-type:       OTHER
address:        Kosmicheskaya 21 of.310
address:        61072, Kharkiv, Ukraine
phone:          +380-63-618-45-00
phone:          +380-67-375-27-03
e-mail:         noc@steephost.com
abuse-mailbox:  abuse@steephost.com
mnt-ref:        SH3855-MNT
mnt-by:         SH3855-MNT
changed:        vvs@teleportsv.net 20080421
changed:        hostmaster@ripe.net 20080911
source:         RIPE

role:           SteepHost DC-UA
address:        Kosmicheskaya 21 of.310
address:        61072, Kharkiv, Ukraine
phone:          +380-63-618-45-00
phone:          +380-67-375-27-03
e-mail:         noc@steephost.com
abuse-mailbox:  abuse@steephost.com
admin-c:        AK5709-RIPE
tech-c:         AK5709-RIPE
nic-hdl:        SH3855-RIPE
mnt-by:         SH3855-MNT
changed:        vvs@teleportsv.net 20080421
source:         RIPE

% Information related to '91.207.4.0/22AS47142'

route:          91.207.4.0/22
descr:          SteepHost DC-UA
descr:          SteepHost.COM Datacentre Allocation
descr:          +380-67-375-27-03
descr:          +380-63-618-45-00
descr:          Please send all spam/scam/fraud abuse to abuse@steephost.com
origin:         AS47142
mnt-by:         SH3855-MNT
changed:        noc@steephost.com 20080911
source:         RIPE

DNS records

DNS query for 202.4.207.91.in-addr.arpa returned an error from the server: ServerFailure

name	class	type	data	time to live
pfizer-incorporated.com	IN	A	91.207.4.202	3600s	(01:00:00)

— end —

WhoIs 89.189.191.95 – warez-free-all

July 3, 2009Leave a comment

Consumer & Business Alert – Stolen Identity!!!!
This Is A Fraudulent Website
Phishing or Identity Theft
Do Not Conduct or Transact Business With Them

89.189.191.95

Address lookup

canonical name	gw-95.211.ru.
aliases
addresses	89.189.191.95

Domain Whois record

Queried whois.ripn.net with “211.ru“…

warez-free-all.blogspot.com/
Author : Virtualia (IP: 89.189.191.95 , gw-95.211.ru)
E-mail : virt@gmail.com

% By submitting a query to RIPN's Whois Service
% you agree to abide by the following terms of use:
% http://www.ripn.net/about/servpol.html#3.2 (in Russian)
% http://www.ripn.net/about/en/servpol.html#3.2 (in English).

domain:     211.RU
type:       CORPORATE
nserver:    ns.211.ru. 193.238.131.195
nserver:    ns2.211.ru. 89.189.191.224
state:      REGISTERED, DELEGATED
org:        Ltd. "Siberian Networks"
phone:      +7 383 2209211
phone:      +7 383 2209280
fax-no:     +7 383 2209211
e-mail:     noc@211.ru
registrar:  RUCENTER-REG-RIPN
created:    2004.06.16
paid-till:  2010.06.16
source:     TC-RIPN

Last updated on 2009.07.04 04:54:11 MSK/MSD

Network Whois record

Queried whois.ripe.net with “-B 89.189.191.95“…

% Information related to '89.189.184.0 - 89.189.191.255'

inetnum:        89.189.184.0 - 89.189.191.255
netname:        RU-ISP-SIBNET-NSK-2
descr:          Siberian Networks
country:        RU
admin-c:        SAS-RIPE
tech-c:         SAS-RIPE
status:         ASSIGNED PA
mnt-by:         CityNetLtd-MNT
changed:        rage@kuz.ru 20070301
source:         RIPE

person:         Stanislav A. Svirid
address:        Siberian Networks
address:        21/1, Dachnaya Street
address:        630082, Novosibirsk
address:        Russia
phone:          +7 383 2209280
fax-no:         +7 383 2209211
nic-hdl:        SAS-RIPE
e-mail:         count@211.ru
notify:         count@211.ru
notify:         noc@211.ru
mnt-by:         SIBNET-NSK-MNT
changed:        sva@riss-telecom.ru 20001102
changed:        frolov@riss-telecom.ru 20021218
changed:        count@211.ru 20070322
source:         RIPE

% Information related to '89.189.184.0/21AS34757'

route:          89.189.184.0/21
descr:          Siberian Networks ltd Autonomous System
origin:         AS34757
mnt-by:         CityNetLtd-MNT
changed:        rage@kuz.ru 20070322
source:         RIPE

% Information related to '89.189.176.0/20AS34757'

route:          89.189.176.0/20
descr:          Siberian Networks ltd Autonomous System
origin:         AS34757
mnt-by:         CityNetLtd-MNT
changed:        rage@kuz.ru 20080328
source:         RIPE

DNS records

name

class

type

data

time to live

gw-95.211.ru

89.189.191.95

43200s

(12:00:00)

211.ru

SOA

server:	ns2.211.ru
email:	noc.211.ru
serial:	2009063002
refresh:	43200
retry:	3600
expire:	1209600
minimum ttl:	86400

43200s

(12:00:00)

211.ru

TXT

v=spf1 ip4:193.238.128.0/22 ip4:89.189.176.0/20 ip4:80.64.168.0/21 ip4:217.106.28.136/30 mx ptr mx:193.238.131.194 ~all

43200s

(12:00:00)

211.ru

193.238.131.200

43200s

(12:00:00)

211.ru

preference:	0
exchange:	mx.211.ru

43200s

(12:00:00)

211.ru

ns.211.ru

43200s

(12:00:00)

211.ru

ns2.211.ru

43200s

(12:00:00)

95.191.189.89.in-addr.arpa

PTR

gw-95.211.ru

Canadian Pharmacy Spam – dependprefer.com

July 3, 20099 Comments

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

An Incredible Canadian Pharmacy is available at your Fingertips!
*No~Doctor~Needed*! Browse our Site Today! -> http://dependprefer.com

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
207.115.20.125	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
61.161.148.135	China (Shenyang)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Barbra Yang Wed Jul 1 18:30:12 2009
Return-Path: <b_yangcl@tacocity.com.tw>
Authentication-Results: mta130.sbc.mail.mud.yahoo.com from=tacocity.com.tw; domainkeys=neutral (no sig); from=tacocity.com.tw; dkim=neutral (no sig)
Received: from 207.115.20.125 (EHLO flpd115.prodigy.net) (207.115.20.125)
by mta130.sbc.mail.mud.yahoo.com with SMTP; Wed, 01 Jul 2009 18:32:23 -0700
Received: from 91pmey1 ([61.161.148.135])
by flpd115.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n621WIwh005457;
Wed, 1 Jul 2009 18:32:20 -0700
Message-ID: <000701c9fab4$a4f5cfc0$d828ea62@tacocity.com.tw>
Reply-To: “Barbra Yang” <b_yangcl@tacocity.com.tw>
From: “Barbra Yang” <b_yangcl@tacocity.com.tw>
To:
Subject: International Pharm get med cheaper online
Date: Wed, 01 Jul 2009 20:30:12 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 142

Address lookup

canonical name	dependprefer.com.
aliases
addresses	218.75.144.6 222.241.150.146 61.191.191.241 119.39.238.2 203.93.208.86

Domain Whois record

Queried whois.internic.net with “dom dependprefer.com“…

   Domain Name: DEPENDPREFER.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.CHARTFLAT.IN
   Name Server: NS2.CHARTFLAT.IN
   Name Server: NS3.SELLCALL.RU
   Name Server: NS4.SELLCALL.RU
   Name Server: NS5.CIRCLEFRUIT.COM
   Name Server: NS6.CIRCLEFRUIT.COM
   Status: ok
   Updated Date: 29-jun-2009
   Creation Date: 29-jun-2009
   Expiration Date: 29-jun-2010

>>> Last update of whois database: Fri, 03 Jul 2009 08:25:57 UTC <<<

Queried whois.namerich.cn with “dependprefer.com“…

This is a redirector site to the criminal fraud Canadian Pharmacy. 
The name servers that resolve access and the registrars sponsoring the crime are - 
ns1.plumpsize.in ns2.plumpsize.in - Visesh Infotecnics Ltd. (rbaweja@viseshinfo.com) 
ns3.dresshomes.ru ns4.dresshomes.ru - REGRU-REG-RIPN 
ns5.whosetangy.pl ns6.whosetangy.pl - EPAG Domainservices GmbH (support@epag.de)

Dirty NS IP addresses are 
60.191.221.117 (anti_spam@mail.jhptt.zj.cn) 
60.191.239.153 (anti_spam@mail.jhptt.zj.cn) 
61.191.191.241 (anti-spam@ns.chinanet.cn.net) 
119.39.238.2 (abuse@cnc-noc.net) 
203.93.208.86 (abuse@chinaunicom.cn) 
218.75.144.6 (abuse.szx@2118.com.cn)

 DomainName : dependprefer.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS5.CIRCLEFRUIT.COM
Name Server......................NS2.CHARTFLAT.IN
Name Server......................NS3.SELLCALL.RU
Name Server......................NS1.CHARTFLAT.IN
Name Server......................NS4.SELLCALL.RU
Name Server......................NS6.CIRCLEFRUIT.COM
Status...........................ok
Creation  Date ..................2009-06-29
Expiration Date .................2010-06-29
Last Update  Date ...............2009-06-29

Registrant ID ...................V-X-58378-14021
Registrant Name .................WANG JIE
Registrant Organization .........WANG JIE
Registrant Address ..............ZHONGYANGDADAO51
Registrant City..................HZ
Registrant Province/State .......ZJ
Registrant Country Code .........CN
Registrant Postal Code ..........313009
Registrant Phone Number .........+86.057258421551
Registrant Fax ..................+86.057258421551
Registrant Email ................ojanengzx@126.com

Administrative ID ...............V-X-58378-14021
Administrative Name .............WANG JIE
Administrative Organization .....WANG JIE
Administrative Address ..........ZHONGYANGDADAO51
Administrative City..............HZ
Administrative Province/State ...ZJ
Administrative Country Code .....CN
Administrative Postal Code ......313009
Administrative Phone Number .....+86.057258421551
Administrative Fax ..............+86.057258421551
Administrative Email ............ojanengzx@126.com

Billing ID ......................V-X-58378-14021
Billing Name ....................WANG JIE
Billing Organization ............WANG JIE
Billing Address .................ZHONGYANGDADAO51
Billing City.....................HZ
Billing Province/State ..........ZJ
Billing Country Code ............CN
Billing Postal Code .............313009
Billing Phone Number ............+86.057258421551
Billing Fax .....................+86.057258421551
Billing Email ...................ojanengzx@126.com

Technical ID ....................V-X-58378-14021
Technical Name ..................WANG JIE
Technical Organization...........WANG JIE
Technical Address ...............ZHONGYANGDADAO51
Technical City...................HZ
Technical Province/State.........ZJ
Technical Country Code ..........CN
Technical Postal Code ...........313009
Technical Phone Number ..........+86.057258421551
Technical Fax ...................+86.057258421551
Technical Email .................ojanengzx@126.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “218.75.144.6“…

inetnum:      218.75.128.0 - 218.75.159.255
netname:      CHINANET-HN-CD
country:      CN
descr:        CHINANET-HN changde node network
descr:        hunan Telecom
admin-c:      CHC8-AP
tech-c:       CH636-AP
status:       ALLOCATED NON-PORTABLE
changed:      ipaddress@hntelecom.net.cn 20050823
mnt-by:       MAINT-CHINANET-HN
mnt-lower:    MAINT-CHINANET-HN-CD
source:       APNIC

role:         CHINANET HuNan ChangDe
address:      The middle of Wuling Street,Changde 415000
country:      CN
phone:        +86 736 7229427
fax-no:       +86 736 7267027
e-mail:       abuse.cd@2118.com.cn
trouble:      send spam reports to spam.cd@2118.com.cn
trouble:      and abuse reports to abuse.cd@2118.com.cn
trouble:      Please include detailed information and
trouble:      times in UTC
admin-c:      CM1092-AP
tech-c:       CM1092-AP
nic-hdl:      CHC8-AP
notify:       abuse.cd@2118.com.cn
mnt-by:       MAINT-CHINANET-HN-CD
changed:      ipaddress@hntelecom.net.cn 20050818
source:       APNIC

role:         CHINANET HUNAN
address:      No.1 TuanJie road,ChangSha,Hunan 410005
country:      CN
phone:        +86 731 4792092
fax-no:       +86 731 4792007
e-mail:       abuse.szx@2118.com.cn
trouble:      send spam reports to spam.szx@2118.com.cn
trouble:      and abuse reports to abuse.szx@2118.com.cn
trouble:      Please include detailed information and
trouble:      times in UTC
admin-c:      CH632-AP
tech-c:       CS499-AP
nic-hdl:      CH636-AP
mnt-by:       MAINT-CHINANET-HN
changed:      ipaddress@hntelecom.net.cn 20050816
source:       APNIC

DNS records

DNS query for 6.144.75.218.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
dependprefer.com	IN	A	203.93.208.86	10800s	(03:00:00)
dependprefer.com	IN	A	222.241.150.146	10800s	(03:00:00)
dependprefer.com	IN	A	61.191.191.241	10800s	(03:00:00)
dependprefer.com	IN	A	218.75.144.6	10800s	(03:00:00)
dependprefer.com	IN	A	119.39.238.2	10800s	(03:00:00)

— end —

Canadian Pharmacy Spam – visitslip.com

July 3, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
207.115.20.46	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
211.186.220.30	Korea, Republic of (Seoul)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

An Incredible Canadian Pharmacy is available at your Fingertips!
*No~Doctor~Needed*! Browse our Site Today! -> http://visitslip.com

From Kristin B. Jacobs Tue Jun 30 12:07:48 2009
Return-Path: <kristin_b.jacobsks@zip.co.nz>
Authentication-Results: mta129.sbc.mail.re3.yahoo.com from=zip.co.nz; domainkeys=neutral (no sig); from=zip.co.nz; dkim=neutral (no sig)
Received: from 207.115.20.46 (EHLO flph263.prodigy.net) (207.115.20.46)
by mta129.sbc.mail.re3.yahoo.com with SMTP; Tue, 30 Jun 2009 03:20:01 -0700
Received: from cmh7fb2 ([211.186.220.30])
by flph263.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5UAJv6O009087;
Tue, 30 Jun 2009 03:19:59 -0700
Message-ID: <000701c9f9b6$0f0093f0$ae8bf302@zip.co.nz>
Reply-To: “Kristin B. Jacobs” <kristin_b.jacobsks@zip.co.nz>
From: “Kristin B. Jacobs” <kristin_b.jacobsks@zip.co.nz>
To:
Subject: Make you wife moan in pleasure!
Date: Tue, 30 Jun 2009 15:07:48 -0400
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 139

Address lookup

canonical name	visitslip.com.
aliases
addresses	61.191.191.241 119.39.238.2 203.93.208.86 218.75.144.6 222.241.150.146

Domain Whois record

Queried whois.internic.net with “dom visitslip.com“…

   Domain Name: VISITSLIP.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.HEARTCORNER.IN
   Name Server: NS2.HEARTCORNER.IN
   Name Server: NS3.HEAVYMEEK.RU
   Name Server: NS4.HEAVYMEEK.RU
   Name Server: NS5.BLUEAWAKE.COM
   Name Server: NS6.BLUEAWAKE.COM
   Status: ok
   Updated Date: 26-jun-2009
   Creation Date: 26-jun-2009
   Expiration Date: 26-jun-2010

Last update of whois database: Fri, 03 Jul 2009 08:19:02 UTC <<<

Queried whois.namerich.cn with “visitslip.com“…

 DomainName : visitslip.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS5.BLUEAWAKE.COM
Name Server......................NS6.BLUEAWAKE.COM
Name Server......................NS3.HEAVYMEEK.RU
Name Server......................NS4.HEAVYMEEK.RU
Name Server......................NS1.HEARTCORNER.IN
Name Server......................NS2.HEARTCORNER.IN
Status...........................ok
Creation  Date ..................2009-06-26
Expiration Date .................2010-06-26
Last Update  Date ...............2009-06-26

Registrant ID ...................V-X-58203-13799
Registrant Name .................DU QIAOWEN
Registrant Organization .........DU QIAOWEN
Registrant Address ..............YIYANGLU46
Registrant City..................YY
Registrant Province/State .......HN
Registrant Country Code .........CN
Registrant Postal Code ..........413069
Registrant Phone Number .........+86.073768512419
Registrant Fax ..................+86.073768512419
Registrant Email ................soangka@163.com

Administrative ID ...............V-X-58203-13799
Administrative Name .............DU QIAOWEN
Administrative Organization .....DU QIAOWEN
Administrative Address ..........YIYANGLU46
Administrative City..............YY
Administrative Province/State ...HN
Administrative Country Code .....CN
Administrative Postal Code ......413069
Administrative Phone Number .....+86.073768512419
Administrative Fax ..............+86.073768512419
Administrative Email ............soangka@163.com

Billing ID ......................V-X-58203-13799
Billing Name ....................DU QIAOWEN
Billing Organization ............DU QIAOWEN
Billing Address .................YIYANGLU46
Billing City.....................YY
Billing Province/State ..........HN
Billing Country Code ............CN
Billing Postal Code .............413069
Billing Phone Number ............+86.073768512419
Billing Fax .....................+86.073768512419
Billing Email ...................soangka@163.com

Technical ID ....................V-X-58203-13799
Technical Name ..................DU QIAOWEN
Technical Organization...........DU QIAOWEN
Technical Address ...............YIYANGLU46
Technical City...................YY
Technical Province/State.........HN
Technical Country Code ..........CN
Technical Postal Code ...........413069
Technical Phone Number ..........+86.073768512419
Technical Fax ...................+86.073768512419
Technical Email .................soangka@163.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “61.191.191.241“…

inetnum:      61.191.0.0 - 61.191.255.255
netname:      CHINANET-AH
descr:        CHINANET Anhui province network
descr:        China Telecom
descr:        A12,Xin-Jie-Kou-Wai Street
descr:        Beijing 100088
country:      CN
admin-c:      CH93-AP
tech-c:       AT318-AP
mnt-by:       MAINT-CHINANET
mnt-lower:    MAINT-CHINANET-AH
status:       ALLOCATED NON-PORTABLE
changed:      hm-changed@apnic.net 20060314
source:       APNIC

role:         ANHUI TELECOM
address:      305 Changjiang West Road
address:      Hefei Anhui China
country:      CN
phone:        +86 0551 5185089
fax-no:       +86 0551 5185500
e-mail:       wanglinlin2@anhuitelecom.com
trouble:      send spam reports to abuse@ah163.com
trouble:      and abuse reports to abuse@ah163.com
trouble:      Please include detailed information and
trouble:      times in GMT+8:00
admin-c:      LW604-AP
tech-c:       LW604-AP
nic-hdl:      AT318-AP
remarks:      http://www.ah163.net
notify:       wanglinlin2@anhuitelecom.com
mnt-by:       MAINT-CHINANET-AH
changed:      wanglinlin2@anhuitelecom.com 20060323
source:       APNIC

person:       Chinanet Hostmaster
nic-hdl:      CH93-AP
e-mail:       anti-spam@ns.chinanet.cn.net
address:      No.31 ,jingrong street,beijing
address:      100032
phone:        +86-10-58501724
fax-no:       +86-10-58501724
country:      CN
changed:      dingsy@cndata.com 20070416
mnt-by:       MAINT-CHINANET
source:       APNIC

DNS records

DNS query for 241.191.191.61.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
visitslip.com	IN	A	119.39.238.2	10800s	(03:00:00)
visitslip.com	IN	A	203.93.208.86	10800s	(03:00:00)
visitslip.com	IN	A	222.241.150.146	10800s	(03:00:00)
visitslip.com	IN	A	61.191.191.241	10800s	(03:00:00)
visitslip.com	IN	A	218.75.144.6	10800s	(03:00:00)

— end —

Canadian Pharmacy – canadiannetmall.com

June 29, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you endanger you health by taking those dangerous counterfeit drugs.

Address lookup

canonical name	canadiannetmall.com.
aliases
addresses	94.76.196.49

Domain Whois record

Queried whois.internic.net with “dom canadiannetmall.com“…

   Domain Name: CANADIANNETMALL.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com
   Name Server: NS1.CANADIANNETMALL.COM
   Name Server: NS2.CANADIANNETMALL.COM
   Status: clientTransferProhibited
   Updated Date: 23-dec-2008
   Creation Date: 03-mar-2008
   Expiration Date: 03-mar-2010

>>> Last update of whois database:

Mon, 29 Jun 2009 12:10:38 UTC <<<

Queried whois.enom.com with “canadiannetmall.com“…

Visit AboutUs.org for more information about canadiannetmall.com
<a href="http://www.aboutus.org/canadiannetmall.com">AboutUs: canadiannetmall.com</a>

Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/

Domain name: canadiannetmall.com

Registrant Contact:
   WhoisGuard
   WhoisGuard Protected ()

   Fax:
   8939 S. Sepulveda Blvd. #110 - 732
   Westchester, CA 90045
   US

Administrative Contact:
   WhoisGuard
   WhoisGuard Protected (2cff3071e8e6460a9344b23d586d00e8.protect@whoisguard.com)
   +1.6613102107
   Fax: +1.6613102107
   8939 S. Sepulveda Blvd. #110 - 732
   Westchester, CA 90045
   US

Technical Contact:
   WhoisGuard
   WhoisGuard Protected (2cff3071e8e6460a9344b23d586d00e8.protect@whoisguard.com)
   +1.6613102107
   Fax: +1.6613102107
   8939 S. Sepulveda Blvd. #110 - 732
   Westchester, CA 90045
   US

Status: Locked

Name Servers:
   ns1.canadiannetmall.com
   ns2.canadiannetmall.com

Creation date: 03 Mar 2008 14:53:00
Expiration date: 03 Mar 2010 14:53:00

Get Noticed on the Internet!  Increase visibility for this domain name by listing it at www.whoisbusinesslistings.com

Network Whois record

Queried whois.ripe.net with “-B 94.76.196.49“…

% Information related to '94.76.196.48 - 94.76.196.55'

inetnum:        94.76.196.48 - 94.76.196.55
netname:        Poundhost-3253
descr:          Poundhost customer server
remarks: ##############################################################
remarks:        Please report abuse incidents to abuse@poundhost.com.
remarks:        Messages sent to other contact addresses may not be acted upon.
remarks: ##############################################################
country:        GB
admin-c:        BLO2-RIPE
tech-c:         BLO2-RIPE
status:         ASSIGNED PA
mnt-by:         blueconnex-mnt
mnt-routes:     blueconnex-mnt
source:         RIPE
changed:        pete.bristow@bluesquaredata.com 20090114

role:           BlueConnex Ltd Operators
address:        BlueConnex Ltd
address:        BlueSquare House
address:        Priors Way
address:        Maidenhead
address:        Berkshire
address:        SL62HP
remarks:        For abuse please contact abuse@blueconnex.net
phone:          +44 (0)1628 673131
admin-c:        PETE3-RIPE
admin-c:        MM5420-RIPE
admin-c:        ROB153-RIPE
tech-c:         MM5420-RIPE
tech-c:         ROB153-RIPE
mnt-by:         blueconnex-mnt
tech-c:         PETE3-RIPE
nic-hdl:        BLO2-RIPE
changed:        support@pcs-net.com 20081012
source:         RIPE
e-mail:         abuse@blueconnex.net

% Information related to '94.76.192.0/18AS29550'

route:          94.76.192.0/18
descr:          Blueconnex Networks Ltd
origin:         AS29550
remarks:        ***********************************
remarks:        *                                 *
remarks:        * Abuse: abuse@blueconnex.net     *
remarks:        *                                 *
remarks:        * Peering: peering@blueconnex.net *
remarks:        *                                 *
remarks:        ***********************************
mnt-by:         blueconnex-mnt
source:         RIPE
changed:        pete.bristow@bluesquaredata.com 20080814

DNS records

name

class

type

data

time to live

canadiannetmall.com

preference:	10
exchange:	mail.canadiannetmall.com

14400s

(04:00:00)

canadiannetmall.com

TXT

v=spf1 a mx ip4:92.48.119.157 ~all

14400s

(04:00:00)

canadiannetmall.com

SOA

server:	ns1.canadiannetmall.com
email:	root.canadiannetmall.com
serial:	2008122300
refresh:	14400
retry:	3600
expire:	1209600
minimum ttl:	86400

14400s

(04:00:00)

canadiannetmall.com

ns2.canadiannetmall.com

14400s

(04:00:00)

canadiannetmall.com

ns1.canadiannetmall.com

14400s

(04:00:00)

canadiannetmall.com

94.76.196.49

14400s

(04:00:00)

49.196.76.94.in-addr.arpa

PTR

94-76-196-49.static.as29550.net

86400s

(1.00:00:00)

— end —

Canadian Pharmacy Spam – grewsix.com

June 28, 20091 Comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Warning

“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you endanger you health by taking those dangerous counterfeit drugs.

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
129.10.63.40	United States (Boston)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.36.121	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Terry G. Parks Fri Jun 26 10:09:27 2009
Return-Path:
Authentication-Results: mta107.sbc.mail.re3.yahoo.com from=vdc.lv; domainkeys=neutral (no sig); from=vdc.lv; dkim=neutral (no sig)
Received: from 129.10.63.40 (EHLO nlpi107.prodigy.net) (207.115.36.121)
by mta107.sbc.mail.re3.yahoo.com with SMTP; Fri, 26 Jun 2009 10:09:22 -0700
Received: from 329a0d2 ([129.10.63.40])
by nlpi107.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5QH9Euq004296;
Fri, 26 Jun 2009 12:09:21 -0500
Message-ID: <000701c9f680$dcd89cc0$4a37416a@vdc.lv>
Reply-To: “Terry G. Parks” <tg_parkszh@vdc.lv>
From: “Terry G. Parks”
To:
Subject: eye opening
Date: Fri, 26 Jun 2009 12:09:27 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 135

An Incredible Canadian Pharmacy is available at your Fingertips!
N0~Doctor~Needed! Browse our site Today! -> http://grewsix.com

Address lookup

An Incredible Canadian Pharmacy is available at your Fingertips!
NO `Doctor `Needed! Browse our site Today! -> http://camebear.com

canonical name	grewsix.com.	aliases
addresses	218.75.144.6 60.191.221.117 60.191.239.153 61.191.191.241 119.39.238.2 203.93.208.86

Domain Whois record

Queried whois.internic.net with “dom grewsix.com“…

   Domain Name: GREWSIX.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.RUNMOTHER.IN
   Name Server: NS2.RUNMOTHER.IN
   Name Server: NS3.LISTENFACE.RU
   Name Server: NS4.LISTENFACE.RU
   Name Server: NS5.WESUCH.PL
   Name Server: NS6.WESUCH.PL
   Status: ok
   Updated Date: 22-jun-2009
   Creation Date: 22-jun-2009
   Expiration Date: 22-jun-2010

>>> Last update of whois database: Sun, 28 Jun 2009 15:51:35 UTC <<<

Queried whois.namerich.cn with “grewsix.com“…

; This data is provided by China Springboard Inc.
; for information purposes, and to assist persons obtaining information
; about or related to domain name registration records.
; China Springboard Inc. does not guarantee its accuracy.
; By submitting a WHOIS query, you agree that you will use this data
; only for lawful purposes and that, under no circumstances, you will
; use this data to
; 1) allow, enable, or otherwise support the transmission of mass
; unsolicited, commercial advertising or solicitations via E-mail
; (spam); or
; 2) enable high volume, automated, electronic processes that apply
; to this WHOIS server.
; These terms may be changed without prior notice.
; By submitting this query, you agree to abide by this policy.

 DomainName : grewsix.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS4.LISTENFACE.RU
Name Server......................NS2.RUNMOTHER.IN
Name Server......................NS6.WESUCH.PL
Name Server......................NS1.RUNMOTHER.IN
Name Server......................NS5.WESUCH.PL
Name Server......................NS3.LISTENFACE.RU
Status...........................ok
Creation  Date ..................2009-06-22
Expiration Date .................2010-06-22
Last Update  Date ...............2009-06-22

Registrant ID ...................V-X-57955-13465
Registrant Name .................ZHAO LET
Registrant Organization .........ZHAO LEI
Registrant Address ..............JIEFANGLU19
Registrant City..................DL
Registrant Province/State .......LN
Registrant Country Code .........CN
Registrant Postal Code ..........116019
Registrant Phone Number .........+86.04112880527
Registrant Fax ..................+86.04112880527
Registrant Email ................mklao9he@126.com

Administrative ID ...............V-X-57955-13465
Administrative Name .............ZHAO LET
Administrative Organization .....ZHAO LEI
Administrative Address ..........JIEFANGLU19
Administrative City..............DL
Administrative Province/State ...LN
Administrative Country Code .....CN
Administrative Postal Code ......116019
Administrative Phone Number .....+86.04112880527
Administrative Fax ..............+86.04112880527
Administrative Email ............mklao9he@126.com

Billing ID ......................V-X-57955-13465
Billing Name ....................ZHAO LET
Billing Organization ............ZHAO LEI
Billing Address .................JIEFANGLU19
Billing City.....................DL
Billing Province/State ..........LN
Billing Country Code ............CN
Billing Postal Code .............116019
Billing Phone Number ............+86.04112880527
Billing Fax .....................+86.04112880527
Billing Email ...................mklao9he@126.com

Technical ID ....................V-X-57955-13465
Technical Name ..................ZHAO LET
Technical Organization...........ZHAO LEI
Technical Address ...............JIEFANGLU19
Technical City...................DL
Technical Province/State.........LN
Technical Country Code ..........CN
Technical Postal Code ...........116019
Technical Phone Number ..........+86.04112880527
Technical Fax ...................+86.04112880527
Technical Email .................mklao9he@126.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “218.75.144.6“…

inetnum:      218.75.128.0 - 218.75.159.255
netname:      CHINANET-HN-CD
country:      CN
descr:        CHINANET-HN changde node network
descr:        hunan Telecom
admin-c:      CHC8-AP
tech-c:       CH636-AP
status:       ALLOCATED NON-PORTABLE
changed:      ipaddress@hntelecom.net.cn 20050823
mnt-by:       MAINT-CHINANET-HN
mnt-lower:    MAINT-CHINANET-HN-CD
source:       APNIC

role:         CHINANET HuNan ChangDe
address:      The middle of Wuling Street,Changde 415000
country:      CN
phone:        +86 736 7229427
fax-no:       +86 736 7267027
e-mail:       abuse.cd@2118.com.cn
trouble:      send spam reports to spam.cd@2118.com.cn
trouble:      and abuse reports to abuse.cd@2118.com.cn
trouble:      Please include detailed information and
trouble:      times in UTC
admin-c:      CM1092-AP
tech-c:       CM1092-AP
nic-hdl:      CHC8-AP
notify:       abuse.cd@2118.com.cn
mnt-by:       MAINT-CHINANET-HN-CD
changed:      ipaddress@hntelecom.net.cn 20050818
source:       APNIC

role:         CHINANET HUNAN
address:      No.1 TuanJie road,ChangSha,Hunan 410005
country:      CN
phone:        +86 731 4792092
fax-no:       +86 731 4792007
e-mail:       abuse.szx@2118.com.cn
trouble:      send spam reports to spam.szx@2118.com.cn
trouble:      and abuse reports to abuse.szx@2118.com.cn
trouble:      Please include detailed information and
trouble:      times in UTC
admin-c:      CH632-AP
tech-c:       CS499-AP
nic-hdl:      CH636-AP
mnt-by:       MAINT-CHINANET-HN
changed:      ipaddress@hntelecom.net.cn 20050816
source:       APNIC

DNS records

DNS query for 6.144.75.218.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
grewsix.com	IN	A	203.93.208.86	10800s	(03:00:00)
grewsix.com	IN	A	60.191.221.117	10800s	(03:00:00)
grewsix.com	IN	A	60.191.239.153	10800s	(03:00:00)
grewsix.com	IN	A	61.191.191.241	10800s	(03:00:00)
grewsix.com	IN	A	218.75.144.6	10800s	(03:00:00)
grewsix.com	IN	A	119.39.238.2	10800s	(03:00:00)

xxxxxxxxxx

Legal Rx Drugs – www.legalrxdrugs.com

June 25, 2009Leave a comment

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

National Association of Boards of Pharmacy (NABP)

Address lookup

canonical name	www.legalrxdrugs.com.
aliases
addresses	85.17.189.163

Domain Whois record

Queried whois.internic.net with “dom legalrxdrugs.com“…

   Domain Name: LEGALRXDRUGS.COM
   Registrar: MONIKER ONLINE SERVICES, INC.
   Whois Server: whois.moniker.com
   Referral URL: http://www.moniker.com/whois.html
   Name Server: NS1.SPECIALHOSTING.INFO
   Name Server: NS2.SPECIALHOSTING.INFO
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 26-dec-2008
   Creation Date: 27-nov-2006
   Expiration Date: 27-nov-2009

>>> Last update of whois database: Thu, 25 Jun 2009 13:57:35 UTC <<<

Queried whois.moniker.com with “legalrxdrugs.com“…

Domain Name: LEGALRXDRUGS.COM

Registrant [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US

Administrative Contact [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Billing Contact [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Technical Contact [1666466]:
        Moniker, Privacy Services LEGALRXDRUGS.COM@domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Domain servers in listed order:

        NS1.SPECIALHOSTING.INFO
        NS2.SPECIALHOSTING.INFO

        Record created on:        2006-11-27 18:22:00.0
        Database last updated on: 2008-12-26 06:35:00.293
        Domain Expires on:        2009-11-27 18:22:00.0

Network Whois record

Queried whois.ripe.net with “-B 85.17.189.163“…

% Information related to '85.17.189.0 - 85.17.189.255'

inetnum:        85.17.189.0 - 85.17.189.255
netname:        LEASEWEB
descr:          LeaseWeb
descr:          P.O. Box 93054
descr:          1090BB AMSTERDAM
descr:          Netherlands
descr:          www.leaseweb.com
remarks:        Please send email to "abuse@leaseweb.com" for complaints
remarks:        regarding portscans, DoS attacks and spam.
remarks:        INFRA-AW
country:        NL
admin-c:        LSW1-RIPE
tech-c:         LSW1-RIPE
status:         ASSIGNED PA
mnt-by:         OCOM-MNT
changed:        ripe@leaseweb.com 20070809
source:         RIPE

person:         RIP Mean
address:        P.O. Box 93054
address:        1090BB AMSTERDAM
address:        Netherlands
phone:          +31 20 3162880
fax-no:         +31 20 3162890
abuse-mailbox:  abuse@leaseweb.com
e-mail:         ripe@leaseweb.com
nic-hdl:        LSW1-RIPE
notify:         ripe@leaseweb.com
mnt-by:         OCOM-MNT
changed:        ripe@ocom.com 20050607
changed:        ripe@ocom.com 20060215
changed:        ripe@ocom.com 20060608
changed:        ripe@ocom.com 20080603
source:         RIPE

% Information related to '85.17.0.0/16AS16265'

route:          85.17.0.0/16
descr:          LEASEWEB
origin:         AS16265
remarks:        LeaseWeb
mnt-by:         OCOM-MNT
changed:        ripe@ocom.com 20050311
changed:        ripe@ocom.com 20070610
source:         RIPE

DNS records

name

class

type

data

time to live

http://www.legalrxdrugs.com

85.17.189.163

14400s

(04:00:00)

legalrxdrugs.com

preference:	10
exchange:	mail.legalrxdrugs.com

14400s

(04:00:00)

legalrxdrugs.com

TXT

v=spf1 a mx ip4:85.17.189.163 ?all

14400s

(04:00:00)

legalrxdrugs.com

85.17.189.163

14400s

(04:00:00)

legalrxdrugs.com

SOA

server:	ns1.specialhosting.info
email:	root.legalrxdrugs.com
serial:	2008040600
refresh:	14400
retry:	3600
expire:	1209600
minimum ttl:	86400

14400s

(04:00:00)

legalrxdrugs.com

ns2.specialhosting.info

14400s

(04:00:00)

legalrxdrugs.com

ns1.specialhosting.info

14400s

(04:00:00)

163.189.17.85.in-addr.arpa

PTR

hosted-by.leaseweb.com

86400s

(1.00:00:00)

Domain
mobitube.org
phoneporn.org
dietdeals.net
gmgint.net
hotdrugs.net
myphentermine.net
paintabs.net
sleeptabs.net
yourphentermine.net
masterfibre.net
meds-easy.net
specialhosting.info
drugslive.com
germanycars-direct.com
legalrxdrugs.com
medicationstocks.com
trustpharm.com
unfairclients.com
veritypharma.com
replok.com
online-meds-order.com
acompliaweb.com
medical-and-pharmacy.com
webxanax.com
viagradirectonline.com
medmarketer.com
alpram.com
ruagra.com
meds-trade.com
meds-easy.com
buywmz.com
acompliageneric.com
ozernoe.com
meds-buy.com
sfordela.com

Canadian Pharmacy – www.firmvictor.com

June 25, 2009Leave a comment

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
151.95.186.133	Italy (Pignone)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.20.195	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Lorena N. Livingston Mon Jun 22 17:26:07 2009
Return-Path: <llivingston_wt@avantgarde.de>
Authentication-Results: mta112.sbc.mail.gq1.yahoo.com from=avantgarde.de; domainkeys=neutral (no sig); from=avantgarde.de; dkim=neutral (no sig)
Received: from 151.95.186.133 (EHLO flpi193.prodigy.net) (207.115.20.195)
by mta112.sbc.mail.gq1.yahoo.com with SMTP; Tue, 23 Jun 2009 04:14:27 -0700
Received: from lqdbnh2 ([151.95.186.133])
by flpi193.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5NBDbs2029631;
Tue, 23 Jun 2009 04:14:25 -0700
Message-ID: <000701c9f399$334e5fd0$627e2c7a@avantgarde.de>
Reply-To: “Lorena N. Livingston”
From: “Lorena N. Livingston” <llivingston_wt@avantgarde.de>
To: ScamFraudAlert
Subject: Stay Hard and Last Longer in Bed!
Date: Mon, 22 Jun 2009 17:26:07 -0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″
reply-type=original
Content-Transfer-Encoding: 7bit
Content-Length: 126

From: Lorena N. Livingston <llivingston_wt@avantgarde.de>
To: ScamFraudAlert.com
Sent: Monday, June 22, 2009 5:26:07 PM
Subject: Stay Hard and Last Longer in Bed!

An Incredible Canadian Pharmacy is available at your Fingertips!
No_Doctor_Needed! Click Here -> http://firmvictor.com

This spam brand has the dubious distinction of being the most heavily spammed domain our staff receives.

The “Canadian Pharmacy” titled sites are the most common. They may also be labeled “European Pharmacy” for visitors from IP addresses located outside North America.

Other sites include “PharmSite” and “best online PHARMACY.” They are riddled with identical fraudulent claims.

For simplicity, this entry refers by default to Canadian Pharmacy, but the false claims apply equally to all of these.

The copyright statement in the trailers for “PharmSite” and “best online PHARMACY” actually contains the words Copyright Canadian Pharmacy.

Visitors to these sites are cautioned against placing an unsecure order for any of the products advertised. With so much obvious fraud in the set up of the web site, any reasonable person would be justified in having doubts about passing identity and credit card details to such blatant criminals.

See Spamtracker.eu – Canadian Pharmacy

Address lookup

canonical name	firmvictor.com.
aliases
addresses	119.39.238.2 203.93.208.86 218.75.144.6 60.191.221.117 60.191.239.153 61.191.191.241

Domain Whois record

Queried whois.internic.net with “dom firmvictor.com“…

   Domain Name: FIRMVICTOR.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.SOUNDPRIZE.IN
   Name Server: NS2.SOUNDPRIZE.IN
   Name Server: NS3.GROUNDBED.COM
   Name Server: NS4.GROUNDBED.COM
   Name Server: NS5.CHANGESTORY.PL
   Name Server: NS6.CHANGESTORY.PL
   Status: ok
   Updated Date: 18-jun-2009
   Creation Date: 18-jun-2009
   Expiration Date: 18-jun-2010

>>> Last update of whois database: Thu, 25 Jun 2009 07:36:37 UTC <<<

Queried whois.namerich.cn with “firmvictor.com“…

; This data is provided by China Springboard Inc.
; for information purposes, and to assist persons obtaining information
; about or related to domain name registration records.
; China Springboard Inc. does not guarantee its accuracy.
; By submitting a WHOIS query, you agree that you will use this data
; only for lawful purposes and that, under no circumstances, you will
; use this data to
; 1) allow, enable, or otherwise support the transmission of mass
; unsolicited, commercial advertising or solicitations via E-mail
; (spam); or
; 2) enable high volume, automated, electronic processes that apply
; to this WHOIS server.
; These terms may be changed without prior notice.
; By submitting this query, you agree to abide by this policy.

 DomainName : firmvictor.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS2.SOUNDPRIZE.IN
Name Server......................NS6.CHANGESTORY.PL
Name Server......................NS4.GROUNDBED.COM
Name Server......................NS5.CHANGESTORY.PL
Name Server......................NS1.SOUNDPRIZE.IN
Name Server......................NS3.GROUNDBED.COM
Status...........................ok
Creation  Date ..................2009-06-18
Expiration Date .................2010-06-18
Last Update  Date ...............2009-06-18

Registrant ID ...................V-X-57697-13132
Registrant Name .................GU FEI
Registrant Organization .........GU FEI
Registrant Address ..............FUZHOUGUANGCHANG29
Registrant City..................FZ
Registrant Province/State .......FJ
Registrant Country Code .........CN
Registrant Postal Code ..........350019
Registrant Phone Number .........+86.059175695124
Registrant Fax ..................+86.059175695124
Registrant Email ................baijakdfe@yeah.net

Administrative ID ...............V-X-57697-13132
Administrative Name .............GU FEI
Administrative Organization .....GU FEI
Administrative Address ..........FUZHOUGUANGCHANG29
Administrative City..............FZ
Administrative Province/State ...FJ
Administrative Country Code .....CN
Administrative Postal Code ......350019
Administrative Phone Number .....+86.059175695124
Administrative Fax ..............+86.059175695124
Administrative Email ............baijakdfe@yeah.net

Billing ID ......................V-X-57697-13132
Billing Name ....................GU FEI
Billing Organization ............GU FEI
Billing Address .................FUZHOUGUANGCHANG29
Billing City.....................FZ
Billing Province/State ..........FJ
Billing Country Code ............CN
Billing Postal Code .............350019
Billing Phone Number ............+86.059175695124
Billing Fax .....................+86.059175695124
Billing Email ...................baijakdfe@yeah.net

Technical ID ....................V-X-57697-13132
Technical Name ..................GU FEI
Technical Organization...........GU FEI
Technical Address ...............FUZHOUGUANGCHANG29
Technical City...................FZ
Technical Province/State.........FJ
Technical Country Code ..........CN
Technical Postal Code ...........350019
Technical Phone Number ..........+86.059175695124
Technical Fax ...................+86.059175695124
Technical Email .................baijakdfe@yeah.net

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “119.39.238.2“…

inetnum:      119.39.232.0 - 119.39.239.255
netname:      yueyang
country:      CN
descr:        CNC Group HuNan YueYang network
descr:        SanHui building ,WuLiPai Street,
descr:        YueYang 411104
admin-c:      CH444-AP
tech-c:       CH444-AP
status:       ASSIGNED NON-PORTABLE
changed:      zoulei@chinaunicom.cn 20081215
mnt-by:       MAINT-CNCGROUP-HN
source:       APNIC

route:        119.39.0.0/16
descr:        CNC Group CHINA169 Hunan Province Network
country:      CN
origin:       AS4837
mnt-by:       MAINT-CNCGROUP-RR
changed:      abuse@cnc-noc.net 20080102
source:       APNIC

person:       CNCGroup Hostmaster
nic-hdl:      CH444-AP
e-mail:       abuse@cnc-noc.net
address:      No.156,Fu-Xing-Men-Nei Street,
address:      Beijing,100031,P.R.China
phone:        +86-10-82993155
fax-no:       +86-10-82993144
country:      CN
changed:      abuse@cnc-noc.net 20041220
mnt-by:       MAINT-CNCGROUP
source:       APNIC

DNS records

DNS query for 2.238.39.119.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
firmvictor.com	IN	A	218.75.144.6	10800s	(03:00:00)
firmvictor.com	IN	A	119.39.238.2	10800s	(03:00:00)
firmvictor.com	IN	A	203.93.208.86	10800s	(03:00:00)
firmvictor.com	IN	A	60.191.221.117	10800s	(03:00:00)
firmvictor.com	IN	A	60.191.239.153	10800s	(03:00:00)
firmvictor.com	IN	A	61.191.191.241	10800s	(03:00:00)

Crime Servers – Canadian Pharmacy Spam

June 18, 2009Leave a comment

Canadian Pharmacy Spam Servers

SmartFilter Category:

Malicious Sites
Make Category Suggestions

Namerservers on IP:

dns1.carryfit.com
dns1.deepworthy.com
dns1.drivefabled.com
dns1.duckspruce.com
dns1.fireideal.com
dns1.flipdollar.com
dns1.fullrail.com
dns1.grewmile.com
dns1.leadspitch.com
dns1.littletrue.com
dns1.luckyoxygen.com
dns1.nationreap.com
dns1.noseaglow.com
dns1.orclock.com
dns1.pamperextra.com
dns1.personsuffix.com
dns1.pleaseself.com
dns1.relaxrange.com
dns1.replyvoice.com
dns1.ropebird.com
dns1.saidplan.com
dns1.thingspend.com
dns1.towardhardy.com
dns1.trendylost.com
dns1.trendysit.com
dns1.varystart.com
dns1.vippast.com
dns1.wentcrisp.com
dns1.wheelfinish.com
dns1.whiteaware.com
dns1.winnertrue.com
dns1.wishlate.com
dns2.aftermulti.com
dns2.agreecrop.com
dns2.angerboat.com
dns2.boughtcreate.com
dns2.carryfit.com
dns2.createwere.com
dns2.dadfour.com
dns2.deepworthy.com
dns2.dreamylot.com
dns2.drivefabled.com
dns2.fireideal.com
dns2.greatyule.com
dns2.hasfeet.com
dns2.headraise.com
dns2.huntbring.com
dns2.leadspitch.com
dns2.littletrue.com
dns2.nationdimple.com
dns2.nationreap.com
dns2.noseaglow.com
dns2.orclock.com
dns2.pleaseself.com
dns2.pridenature.com
dns2.replyvoice.com
dns2.ropebird.com
dns2.saidplan.com
dns2.shallcoat.com
dns2.spotseason.com
dns2.tangyprime.com
dns2.towardhardy.com
dns2.trendysit.com
dns2.varystart.com
dns2.vippast.com
dns2.weekplease.com
dns3.aftermulti.com
dns3.agreecrop.com
dns3.andside.com
dns3.aromaeager.com
dns3.beginwisdom.com
dns3.buyvalued.com
dns3.caringmodest.com
dns3.coldfull.com
dns3.createwere.com
dns3.dadwrote.com
dns3.dealusual.com
dns3.decenton.com
dns3.decidesmile.com
dns3.deepworthy.com
dns3.dependchoice.com
dns3.dressadd.com
dns3.drivefabled.com
dns3.duckspruce.com
dns3.eachmean.com
dns3.elsehear.com
dns3.enginemost.com
dns3.fireideal.com
dns3.flipdollar.com
dns3.fullrail.com
dns3.geniusyet.com
dns3.getensure.com
dns3.giftedproper.com
dns3.growverb.com
dns3.hasfeet.com
dns3.headraise.com
dns3.heldforce.com
dns3.inchkept.com
dns3.leadspitch.com
dns3.leveldepend.com

Crime – Canadian Pharmacy Spam Servers

June 18, 2009Leave a comment

Canadian Pharmacy Spam Servers

SmartFilter Category:	Spam URLs Make Category Suggestions
Namerservers on IP:	ns1.7594.org ns1.9307.org ns1.9736.org ns1.bedplain.com ns2.11121.org ns2.12332.org ns2.13231.org ns2.7594.org ns3.9736.org ns3.quietfree.ru ns4.13123.org ns4.7594.org ns4.9736.org ns4.quietfree.ru ns4.truereap.ru

Crime – Canadian Pharmacy Spam Servers

June 18, 2009Leave a comment

Canadian Pharmacy Spam Servers

SmartFilter Category:

Spam URLs
Make Category Suggestions

Namerservers on IP:

deleteddns.suitmotion.com
dns1.agreecrop.com
dns1.andside.com
dns1.aromaeager.com
dns1.beginwisdom.com
dns1.belldeep.com
dns1.birdwinner.com
dns1.boughtcreate.com
dns1.buyvalued.com
dns1.camediffer.com
dns1.carryfit.com
dns1.coldfull.com
dns1.coursethey.com
dns1.createshore.com
dns1.createwere.com
dns1.dadfour.com
dns1.dadserve.com
dns1.dadwrote.com
dns1.dealusual.com
dns1.decenton.com
dns1.decidesmile.com
dns1.deepworthy.com
dns1.dependchoice.com
dns1.dreamylot.com
dns1.dressadd.com
dns1.duckspruce.com
dns1.eachmean.com
dns1.elsehear.com
dns1.enginemost.com
dns1.fireideal.com
dns1.flipdollar.com
dns1.fromvital.com
dns1.fullrail.com
dns1.getensure.com
dns1.giftedproper.com
dns1.grewmile.com
dns1.growverb.com
dns1.hasfeet.com
dns1.huntbring.com
dns1.inchkept.com
dns1.leadspitch.com
dns1.leveldepend.com
dns1.lightleave.com
dns1.littletrue.com
dns1.loyalgreat.com
dns1.luckyoxygen.com
dns1.magnetsent.com
dns1.nationdimple.com
dns1.nationreap.com
dns1.nightmodest.com
dns1.noticematch.com
dns1.nounstudy.com
dns1.orclock.com
dns1.overbehind.com
dns1.pamperextra.com
dns1.pasttalk.com
dns1.pathwhen.com
dns1.peoplewind.com
dns1.personsuffix.com
dns1.planjust.com
dns1.pleaseself.com
dns1.proudliquid.com
dns1.quartmover.com
dns1.regionthe.com
dns1.renownstreet.com
dns1.replyvoice.com
dns1.ridebought.com
dns1.ropebird.com
dns1.saidplan.com
dns1.sawzeal.com
dns1.sereneread.com
dns1.sexyclock.com
dns1.shallcoat.com
dns1.sliporgan.com
dns1.smilefollow.com
dns1.smoothchoose.com
dns1.someown.com
dns1.spotseason.com
dns1.swimstand.com
dns1.tangyprime.com
dns1.teachwing.com
dns1.thanksent.com
dns1.thingspend.com
dns1.trendylost.com
dns1.twentyterm.com
dns1.varystart.com
dns1.vippast.com
dns1.weekplease.com
dns1.wentcrisp.com
dns1.wheelfinish.com
dns1.whiteaware.com
dns1.wishlate.com
dns1.witfun.com
dns1.zoomknew.com
dnsdeleted.carrytake.com
ns1.7594.org
ns1.9307.org
ns1.9736.org
ns1.agogalore.com
ns1.alertwow.com

Crime Canadian Pharmacy Spam Servers

June 18, 2009Leave a comment

SmartFilter Category:	Not Categorized Make Category Suggestions
IPs:	58.17.3.41 60.191.221.123 60.191.239.166 61.191.191.241 203.93.208.86

SmartFilter Category: Malicious Sites
Make Category Suggestions

Namerservers on IP: dns1.carryfit.com
dns1.deepworthy.com
dns1.drivefabled.com
dns1.duckspruce.com
dns1.fireideal.com
dns1.flipdollar.com
dns1.fullrail.com
dns1.grewmile.com
dns1.leadspitch.com
dns1.littletrue.com
dns1.luckyoxygen.com
dns1.nationreap.com
dns1.noseaglow.com
dns1.orclock.com
dns1.pamperextra.com
dns1.personsuffix.com
dns1.pleaseself.com
dns1.relaxrange.com
dns1.replyvoice.com
dns1.ropebird.com
dns1.saidplan.com
dns1.thingspend.com
dns1.towardhardy.com
dns1.trendylost.com
dns1.trendysit.com
dns1.varystart.com
dns1.vippast.com
dns1.wentcrisp.com
dns1.wheelfinish.com
dns1.whiteaware.com
dns1.winnertrue.com
dns1.wishlate.com
dns2.aftermulti.com
dns2.agreecrop.com
dns2.boughtcreate.com
dns2.carryfit.com
dns2.createwere.com
dns2.dadfour.com
dns2.deepworthy.com
dns2.dreamylot.com
dns2.drivefabled.com
dns2.fireideal.com
dns2.greatyule.com
dns2.hasfeet.com
dns2.headraise.com
dns2.huntbring.com
dns2.leadspitch.com
dns2.littletrue.com
dns2.nationdimple.com
dns2.nationreap.com
dns2.noseaglow.com
dns2.orclock.com
dns2.pleaseself.com
dns2.replyvoice.com
dns2.ropebird.com
dns2.saidplan.com
dns2.shallcoat.com
dns2.spotseason.com
dns2.tangyprime.com
dns2.towardhardy.com
dns2.trendysit.com
dns2.varystart.com
dns2.vippast.com
dns2.weekplease.com
dns3.agreecrop.com
dns3.deepworthy.com
dns3.drivefabled.com
dns3.fireideal.com
dns3.fullrail.com
dns3.headraise.com
dns3.leadspitch.com
dns3.littletrue.com
dns3.nationdimple.com
dns3.nationreap.com
dns3.noseaglow.com
dns3.noticematch.com
dns3.nounstudy.com
dns3.personsuffix.com
dns3.pleaseself.com
dns3.relaxrange.com
dns3.renownstreet.com
dns3.replyvoice.com
dns3.ropebird.com
dns3.saidplan.com
dns3.shallcoat.com
dns3.tangyprime.com
dns3.towardhardy.com
dns3.trendylost.com
dns3.trendysit.com
dns3.varystart.com
dns3.vippast.com
dns3.weekplease.com
dns4.agreecrop.com
dns4.buyvalued.com
dns4.camediffer.com
dns4.coursethey.com
dns4.createwere.com
dns4.dadfour.com
dns4.decidesmile.com
dns4.deepworthy.com

Canadian Pharmacy Spam Domains

June 18, 2009Leave a comment

WARNING: The following links may contain malware, spyware, browser exploits, or other harmful code which can damage your system. URIBL strongly advises against clicking any links and/or accessing any of the sites included in these lists. URIBL.COM is not an ISP, web host, or domain registrar. We do not have any control over what is found on any of the sites linked from this page. This information is made available to the public so action can be taken by the responsible party. If you do not know how to properly put this information to good use, you should not be here. Complaints regarding information found on this page will go unanswered.

#	Domain	Date/Time Added
#1	holeabove.com	Thu, 18 Jun 2009 07:51:12 +0000
#2	trialtrials.com	Thu, 18 Jun 2009 06:17:30 +0000
#3	settlenoon.com	Thu, 18 Jun 2009 06:14:25 +0000
#4	nightbye.com	Thu, 18 Jun 2009 04:01:06 +0000
#5	keptuntil.com	Thu, 18 Jun 2009 03:59:17 +0000
#6	fewhair.com	Thu, 18 Jun 2009 03:21:17 +0000
#7	spacemonth.com	Thu, 18 Jun 2009 02:01:02 +0000
#8	thinggrow.com	Thu, 18 Jun 2009 01:57:52 +0000
#9	prefercoat.com	Thu, 18 Jun 2009 01:54:46 +0000
#10	rosyhat.com	Thu, 18 Jun 2009 00:02:24 +0000
#11	poemread.com	Wed, 17 Jun 2009 20:58:03 +0000
#12	toolwhere.com	Wed, 17 Jun 2009 20:48:50 +0000
#13	northunique.com	Wed, 17 Jun 2009 18:10:12 +0000
#14	eecam.com	Wed, 17 Jun 2009 16:51:42 +0000
#15	titsss.com	Wed, 17 Jun 2009 16:51:40 +0000
#16	hrnygirl.com	Wed, 17 Jun 2009 16:51:36 +0000
#17	slutyy.com	Wed, 17 Jun 2009 16:51:34 +0000
#18	basepast.com	Wed, 17 Jun 2009 15:26:09 +0000
#19	fourmighty.com	Wed, 17 Jun 2009 15:24:28 +0000
#20	casedreamy.com	Wed, 17 Jun 2009 15:21:35 +0000
#21	massideal.com	Wed, 17 Jun 2009 15:11:21 +0000
#22	slipmine.com	Wed, 17 Jun 2009 15:06:55 +0000
#23	daringbring.com	Wed, 17 Jun 2009 15:06:14 +0000
#24	ninacams.com	Wed, 17 Jun 2009 14:02:09 +0000
#25	putbits.com	Wed, 17 Jun 2009 06:09:01 +0000
#26	burntold.com	Wed, 17 Jun 2009 04:43:19 +0000
#27	leaddoes.com	Wed, 17 Jun 2009 04:11:23 +0000
#28	foundtiny.com	Wed, 17 Jun 2009 03:34:17 +0000
#29	voiceflip.com	Wed, 17 Jun 2009 03:08:42 +0000
#30	washrace.com	Wed, 17 Jun 2009 02:45:01 +0000
#31	hisfly.com	Wed, 17 Jun 2009 02:26:06 +0000
#32	extolact.com	Wed, 17 Jun 2009 02:02:16 +0000
#33	qosogcim.com	Tue, 16 Jun 2009 21:37:38 +0000
#34	zezozvaz.com	Tue, 16 Jun 2009 21:27:57 +0000
#35	triallenght.com	Tue, 16 Jun 2009 20:49:52 +0000
#36	trialextra.com	Tue, 16 Jun 2009 19:37:09 +0000
#37	keptmarket.com	Tue, 16 Jun 2009 16:39:17 +0000
#38	wokofmum.com	Tue, 16 Jun 2009 15:46:16 +0000
#39	ciluhgis.com	Tue, 16 Jun 2009 15:42:06 +0000
#40	wejezhux.com	Tue, 16 Jun 2009 15:29:26 +0000
#41	jonoklem.com	Tue, 16 Jun 2009 15:20:17 +0000
#42	supidxew.com	Tue, 16 Jun 2009 15:15:38 +0000
#43	mumuvhej.com	Tue, 16 Jun 2009 15:07:49 +0000
#44	gluekewl.com	Tue, 16 Jun 2009 14:31:00 +0000
#45	hollycams.com	Tue, 16 Jun 2009 08:03:57 +0000
#46	gigicams.com	Tue, 16 Jun 2009 08:03:49 +0000
#47	tiffcams.com	Tue, 16 Jun 2009 08:03:45 +0000
#48	summrcams.com	Tue, 16 Jun 2009 07:28:17 +0000
#49	wendicams.com	Tue, 16 Jun 2009 07:16:45 +0000
#50	h0tcams.com	Tue, 16 Jun 2009 07:16:42 +0000
#51	mandicams.com	Tue, 16 Jun 2009 07:06:10 +0000
#52	jenncams.com	Tue, 16 Jun 2009 06:57:40 +0000
#53	quarttan.com	Tue, 16 Jun 2009 06:00:55 +0000
#54	saidapple.com	Tue, 16 Jun 2009 05:23:25 +0000
#55	treatdry.com	Tue, 16 Jun 2009 04:43:14 +0000
#56	happenmelody.com	Tue, 16 Jun 2009 04:15:48 +0000
#57	groundfeel.com	Tue, 16 Jun 2009 04:10:31 +0000
#58	scoreseither.com	Tue, 16 Jun 2009 03:21:55 +0000
#59	coatbits.com	Tue, 16 Jun 2009 02:34:51 +0000
#60	abcscript5.com	Tue, 16 Jun 2009 01:36:26 +0000
#61	sidehalf.com	Mon, 15 Jun 2009 22:08:45 +0000
#62	excitefind.com	Mon, 15 Jun 2009 22:01:05 +0000
#63	grewjoin.com	Mon, 15 Jun 2009 21:43:45 +0000
#64	foundreply.com	Mon, 15 Jun 2009 21:38:04 +0000
#65	chiefpound.com	Mon, 15 Jun 2009 21:34:29 +0000
#66	humormunchy.com	Mon, 15 Jun 2009 21:06:41 +0000
#67	widerenown.com	Mon, 15 Jun 2009 20:42:11 +0000
#68	cellrest.com	Mon, 15 Jun 2009 16:30:24 +0000
#69	roundleft.com	Mon, 15 Jun 2009 16:23:10 +0000
#70	beganpretty.com	Mon, 15 Jun 2009 16:20:32 +0000
#71	livebut.com	Mon, 15 Jun 2009 16:19:05 +0000
#72	monthred.com	Mon, 15 Jun 2009 10:22:05 +0000
#73	monthawe.com	Mon, 15 Jun 2009 09:19:22 +0000
#74	monthblack.com	Mon, 15 Jun 2009 06:21:27 +0000
#75	familylevel.com	Mon, 15 Jun 2009 05:12:06 +0000
#76	singboard.com	Mon, 15 Jun 2009 05:08:19 +0000
#77	abcscript6.com	Mon, 15 Jun 2009 04:01:44 +0000
#78	speedwonder.com	Mon, 15 Jun 2009 03:56:19 +0000
#79	warmproper.com	Mon, 15 Jun 2009 02:37:46 +0000
#80	tryneck.com	Mon, 15 Jun 2009 01:42:35 +0000
#81	stribethree.com	Sun, 14 Jun 2009 19:49:26 +0000
#82	drysexy.com	Sun, 14 Jun 2009 09:57:01 +0000
#83	monthtwo.com	Sun, 14 Jun 2009 07:28:13 +0000
#84	greathumble.com	Sun, 14 Jun 2009 06:56:53 +0000
#85	tiemodel.com	Sun, 14 Jun 2009 05:58:57 +0000
#86	suffixwonder.com	Sun, 14 Jun 2009 04:34:32 +0000
#87	wemaxi.com	Sun, 14 Jun 2009 04:16:49 +0000
#88	homevaried.com	Sun, 14 Jun 2009 02:48:04 +0000
#89	swelltrue.com	Sun, 14 Jun 2009 02:27:00 +0000
#90	thinmeet.com	Sun, 14 Jun 2009 02:23:47 +0000
#91	cuddlysuffix.com	Sun, 14 Jun 2009 02:22:31 +0000
#92	monthblue.com	Sat, 13 Jun 2009 13:49:44 +0000

Source: http://rss.uribl.com/nic/CHINA_SPRINGBOARD_INC_.html

Canadian Pharmacy Spam – spendzap.com

June 18, 2009Leave a comment

Header Analysis

The following IP addresses were extracted from your headers:

IP Address	Probable Country	Additional Info
72.165.59.77	United States (Denver)*	Whois	Google	DNSStuff	Urgentmessage.org
207.115.20.125	United States (Richardson)*	Whois	Google	DNSStuff	Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Elsie Sheridan Wed Jun 17 09:42:42 2009
Return-Path: sheridan_ns@chuv.hospvd.ch
Authentication-Results: mta122.sbc.mail.re2.yahoo.com from=chuv.hospvd.ch; domainkeys=neutral (no sig); from=chuv.hospvd.ch; dkim=neutral (no sig)
Received: from 72.165.59.77 (EHLO flpd115.prodigy.net) (207.115.20.125)
by mta122.sbc.mail.re2.yahoo.com with SMTP; Wed, 17 Jun 2009 09:42:33 -0700
Received: from 09lgny3 (72-165-59-77.dia.static.qwest.net [72.165.59.77])
by flpd115.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n5HGgJ8Q013396;
Wed, 17 Jun 2009 09:42:31 -0700
Message-ID: <000701c9ef6a$a263c870$431333e2@chuv.hospvd.ch
Reply-To: “Elsie Sheridan” sheridan_ns@chuv.hospvd.ch
From: “Elsie Sheridan” sheridan_ns@chuv.hospvd.ch
To:ScamFraidAlert
Subject: The widest collection of finest medications online
Date: Wed, 17 Jun 2009 11:42:42 -0500

An Incredible Canadian Pharmacy is available at your Fingertips!
No Doctor Needed! Click Here! -> http://spendzap.com

Address lookup

canonical name	spendzap.com.
aliases
addresses	203.93.208.86 58.17.3.41 60.191.221.123 60.191.239.166 61.191.191.241

Domain Whois record

Queried whois.internic.net with “dom spendzap.com“…

   Domain Name: SPENDZAP.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.VITALMOVER.IN
   Name Server: NS2.VITALMOVER.IN
   Name Server: NS3.CREATETAKE.COM
   Name Server: NS4.CREATETAKE.COM
   Name Server: NS5.MOTIONSEEKER.PL
   Name Server: NS6.MOTIONSEEKER.PL
   Status: ok
   Updated Date: 15-jun-2009
   Creation Date: 15-jun-2009
   Expiration Date: 15-jun-2010

Last update of whois database: Thu, 18 Jun 2009 08:05:22 UTC <<<

Queried whois.namerich.cn with “spendzap.com“…

 DomainName : spendzap.com
RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS5.MOTIONSEEKER.PL
Name Server......................NS6.MOTIONSEEKER.PL
Name Server......................NS3.CREATETAKE.COM
Name Server......................NS2.VITALMOVER.IN
Name Server......................NS4.CREATETAKE.COM
Name Server......................NS1.VITALMOVER.IN
Status...........................ok
Creation  Date ..................2009-06-15
Expiration Date .................2010-06-15
Last Update  Date ...............2009-06-15

Registrant ID ...................V-X-57513-12920
Registrant Name .................ZHAO GUANG
Registrant Organization .........ZHAO GUANG
Registrant Address ..............HUANHUXILU413
Registrant City..................SJZ
Registrant Province/State .......HB
Registrant Country Code .........CN
Registrant Postal Code ..........050037
Registrant Phone Number .........+86.031158541214
Registrant Fax ..................+86.031158541214
Registrant Email ................nmaiucope@163.com

Administrative ID ...............V-X-57513-12920
Administrative Name .............ZHAO GUANG
Administrative Organization .....ZHAO GUANG
Administrative Address ..........HUANHUXILU413
Administrative City..............SJZ
Administrative Province/State ...HB
Administrative Country Code .....CN
Administrative Postal Code ......050037
Administrative Phone Number .....+86.031158541214
Administrative Fax ..............+86.031158541214
Administrative Email ............nmaiucope@163.com

Billing ID ......................V-X-57513-12920
Billing Name ....................ZHAO GUANG
Billing Organization ............ZHAO GUANG
Billing Address .................HUANHUXILU413
Billing City.....................SJZ
Billing Province/State ..........HB
Billing Country Code ............CN
Billing Postal Code .............050037
Billing Phone Number ............+86.031158541214
Billing Fax .....................+86.031158541214
Billing Email ...................nmaiucope@163.com

Technical ID ....................V-X-57513-12920
Technical Name ..................ZHAO GUANG
Technical Organization...........ZHAO GUANG
Technical Address ...............HUANHUXILU413
Technical City...................SJZ
Technical Province/State.........HB
Technical Country Code ..........CN
Technical Postal Code ...........050037
Technical Phone Number ..........+86.031158541214
Technical Fax ...................+86.031158541214
Technical Email .................nmaiucope@163.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “203.93.208.86“…

inetnum:      203.93.0.0 - 203.93.255.255
netname:      UNICOM-CN
descr:        China Unicom IP network
descr:        China Unicom
country:      CN
admin-c:      CH1302-AP
tech-c:       CH1302-AP
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP
mnt-routes:   MAINT-CNCGROUP-RR
status:       ALLOCATED PORTABLE
changed:      hm-changed@apnic.net 20040116
changed:      hm-changed@apnic.net 20060124
changed:      hm-changed@apnic.net 20090507
changed:      hm-changed@apnic.net 20090508
source:       APNIC

person:       ChinaUnicom Hostmaster
nic-hdl:      CH1302-AP
e-mail:       abuse@chinaunicom.cn
address:      No.21,Jin-Rong Street
address:      Beijing,100140
address:      P.R.China
phone:        +86-10-82993155
fax-no:       +86-10-82993144
country:      CN
changed:      abuse@chinaunicom.cn 20090408
mnt-by:       MAINT-CNCGROUP
source:       APNIC

DNS records

DNS query for 86.208.93.203.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
spendzap.com	IN	A	203.93.208.86	3600s	(01:00:00)
spendzap.com	IN	A	58.17.3.41	3600s	(01:00:00)
spendzap.com	IN	A	60.191.239.166	3600s	(01:00:00)
spendzap.com	IN	A	60.191.221.123	3600s	(01:00:00)
spendzap.com	IN	A	61.191.191.241	3600s	(01:00:00)

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Header Analysis

SmartFilter Category: Not Categorized Make Category Suggestions IP: 60.12.166.154 Nameservers: ns1.cheaprxpharmonline.comns2.cheaprxpharmonline.com ns3.cheaprxpharmonline.com ns4.cheaprxpharmonline.com

nameservers missing in zone hot1gaming.com X X ns1.bd4ns.com X X ns1.cheaprxpharmonline.com X X ns2.cheaprxpharmonline.com X X ns2.ef2ns.com X X ns3.br4ns.com X X ns3.cheaprxpharmonline.com X X ns4.cheaprxpharmonline.com X X sdavaiteres.com

hostnames sharing ip with a-records *.sdavaiteres.com hot1gaming.com ns1.listendns.com ns1.sdavaiteres.com ns2.sdavaiteres.com ns3.fa6ns.com ns3.sdavaiteres.com ns4.sdavaiteres.com sdavaiteres.com www.softokors.com

Address lookup

Domain Whois record

Network Whois record

DNS records

Service scan

Jonathan Owens

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Header Analysis

Address lookup

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Header Analysis

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Address lookup

Domain Whois record

Network Whois record

DNS records

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Domains on Nameserver ns2.growfour.com

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Address lookup

Domain Whois record

Network Whois record

DNS records

Consumer & Business Alert – Stolen Identity!!!! This Is A Fraudulent Website Phishing or Identity Theft Do Not Conduct or Transact Business With Them

Address lookup

Domain Whois record

Network Whois record

DNS records

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Header Analysis

Address lookup

Domain Whois record

Network Whois record

DNS records

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Header Analysis

Address lookup

Domain Whois record

Network Whois record

DNS records

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Address lookup

Domain Whois record

Network Whois record

DNS records

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Warning

Header Analysis

Address lookup

Domain Whois record

Network Whois record

DNS records

Buying Precription Drugs Online May Be Dangerous – Consumer Alert – Drug Enforcement Administration Says

Address lookup

Domain Whois record

Network Whois record

DNS records

Header Analysis

Address lookup

Domain Whois record

Network Whois record

DNS records

Canadian Pharmacy Spam Servers

Canadian Pharmacy Spam Servers

Canadian Pharmacy Spam Servers

Header Analysis

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

SmartFilter Category: Not Categorized
Make Category Suggestions

IP: 60.12.166.154

Nameservers: ns1.cheaprxpharmonline.com ns2.cheaprxpharmonline.com

ns3.cheaprxpharmonline.com

ns4.cheaprxpharmonline.com

nameservers missing in zone

hot1gaming.com X X

ns1.bd4ns.com X X

ns1.cheaprxpharmonline.com

X X

ns2.cheaprxpharmonline.com

X X

ns2.ef2ns.com X X

ns3.br4ns.com X X

ns3.cheaprxpharmonline.com

X X

ns4.cheaprxpharmonline.com

X X

sdavaiteres.com

hostnames sharing ip with a-records

*.sdavaiteres.com

hot1gaming.com

ns1.listendns.com

ns1.sdavaiteres.com

ns2.sdavaiteres.com

ns3.fa6ns.com

ns3.sdavaiteres.com

ns4.sdavaiteres.com

sdavaiteres.com

www.softokors.com

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Consumer & Business Alert – Stolen Identity!!!!
This Is A Fraudulent Website
Phishing or Identity Theft
Do Not Conduct or Transact Business With Them

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says