Category Archives: fraud alert

pedro@fastestrades.com

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Good day!

We considered your resume to be very attractive and we thought the vacant position in our company could be interesting for you.

Our firm specializes in consultation services in the matter of bookkeeping and business administration.
We cooperate with different countries and currently we have many clients in the US.
Due to this fact, we need to increase the number of our destination representatives’ regular staff.

You will be responsible for shipping goods from multiple shops through our company to different places.
Part-time and full-time employment are both currently important.
We offer a flat wage from $1000 up to $3,500 per month.

If you are interested in our offer, mail to us your answer on pedro@fastestrades.com and we will send you an extensive information as soon as possible.

Attention! Accept applications only on this and next week.

Respectively submitted
Personnel department

ave@uhomejob.com

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Good day!

We considered your resume to be very attractive and we thought the vacant position in our company could be interesting for you.

Our firm specializes in consultation services in the matter of bookkeeping and business administration.
We cooperate with different countries and currently we have many clients in the US.
Due to this fact, we need to increase the number of our destination representatives’ regular staff.

In their duties will be included the document and payment control of our clients.
Part-time and full-time employment are both currently important.
We offer a flat wage from $1000 up to $3,500 per month.

If you are interested in our offer, mail to us your answer on ave@uhomejob.com and we will send you an extensive information as soon as possible.

Respectively submitted
Personnel department

WhoIs thereferralpay.com

scamFRAUDalert see it appropriate to issue this ALERT as this is a fraudulent website.

TRUST ME ..THIS IS A VERY EASY WAY TO MAKE MONEY IF YOUR GREAT WITH COMPUTER SKILLS THEN YOU HAVE NOTHING TO WORRY ABOUT. YOULL DO GREAT. THE MORE PEOPLE YOU GET TO VIEW YOUR PROFILE THE MORE MONEY YOU MAKE. FOR MORE INFO VISIT THIS LINK. http://www.thereferralpay.com/?REF=23501
Principals only. Recruiters, please don’t contact this job poster.
do NOT contact us with unsolicited services or offers
post id: 4809644099 posted: 6 hours ago
money money

money money-craigslist

WhoIs BUY-EFFEXOR.COM

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

buy-effexor2

Address lookup
canonical name buy-effexor.com
aliases
addresses 5.45.64.138
Domain Whois record

Queried whois.internic.net with “dom buy-effexor.com”…

Domain Name: BUY-EFFEXOR.COM
Registrar: NET 4 INDIA LIMITED
Whois Server: whois.net4domains.com
Referral URL: http://www.net4.in
Name Server: NS3.BUY-EFFEXOR.COM
Name Server: NS4.BUY-EFFEXOR.COM
Status: ok
Updated Date: 01-may-2014
Creation Date: 30-apr-2013
Expiration Date: 30-apr-2015

Last update of whois database: Thu, 18 Dec 2014 02:01:04 GMT
Queried whois.net4domains.com with “buy-effexor.com

Domain : buy-effexor.com
Registrar : Net 4 India Limited
Registrar IANA ID: 1007
Registrar URL: http://www.net4.in/
Registrar Abuse Contact Email: abuse@net4.com
Registrar Abuse Contact Phone: +91.120-4323500

Registrant :
Name: Alex
Address: Dennenlaan 78
City: Zwanenburg
State: Noordholland
Postal Code: 1161 CS
Country: NL
Phone: +91.31622569224
Email: medicalinc@hotmail.com

Administrative Contact :
Name: Alex
Address: Dennenlaan 78
City: Zwanenburg
State: Noordholland
Postal Code: 1161 CS
Country: NL
Phone: +91.31622569224
Email: medicalinc@hotmail.com

Technical Contact :
Name: Alex
Address: Dennenlaan 78
City: Zwanenburg
State: Noordholland
Postal Code: 1161 CS
Country: NL
Phone: +91.31622569224
Email: medicalinc@hotmail.com

Network Whois record
country: NL
admin-c: TNTS-RIPE
tech-c: TNTS-RIPE
status: ASSIGNED PA
mnt-by: MNT-3NT
mnt-routes: SERVERIUS-MNT
remarks: 3NT Hosting Network
remarks: Technical issues…………..: support@3nt.com
remarks: Services request…………..: sales@3nt.com
remarks: Abuse departament………….: abuse@3nt.com
remarks: Corporate web site…………: http://www.3nt.com
changed: snoop@linkbeat.net 20130701
source: RIPE

person: Neil Young
address: 3NT SOLUTIONS LLP
address: DALTON HOUSE 60, WINDSOR AVENUE
address: LONDON, UK
phone: +442081333030
e-mail: info@3nt.com
abuse-mailbox: abuse@3nt.com
nic-hdl: TNTS-RIPE
mnt-by: MNT-3NT
changed: noc@3nt.com 20111020
source: RIPE

% Information related to ‘5.45.64.0/21AS50673’

route: 5.45.64.0/21
descr: 3NT Hosting Network
origin: AS50673
mnt-by: SERVERIUS-MNT
changed: noc@serverius.net 20141122
source: RIPE

% This query was served by the RIPE Database Query Service version 1.76.1 (DB-2)
DNS records

DNS query for 138.64.45.5.in-addr.arpa returned an error from the server: NameError

name class type data time to live
buy-effexor.com IN MX
preference: 10
exchange: mail.buy-effexor.com
14400s (04:00:00)
buy-effexor.com IN TXT v=spf1 a mx ip4:37.1.205.34 ~all 14400s (04:00:00)
buy-effexor.com IN SOA
server: ns1.buy-effexor.com
email: hostmaster@buy-effexor.com
serial: 2013030903
refresh: 14400
retry: 3600
expire: 1209600
minimum ttl: 86400
14400s (04:00:00)
buy-effexor.com IN NS ns1.buy-effexor.com 14400s (04:00:00)
buy-effexor.com IN NS ns3.buy-effexor.com 14400s (04:00:00)
buy-effexor.com IN NS ns2.buy-effexor.com 14400s (04:00:00)
buy-effexor.com IN NS ns4.buy-effexor.com 14400s (04:00:00)
buy-effexor.com IN A 5.45.64.138 14400s (04:00:00)
— end —

WhoIs mycanadian-pharmacy.com?

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

mycanadian-pharmacy

The following A records are set to 5.45.64.138:

  1. buy-effexor.com
  2. mycanadian-pharmacy.com
  3. ns1.mycanadian-pharmacy.com
  4. ns2.mycanadian-pharmacy.com
  5. ns3.buy-effexor.com
  6. ns4.buy-effexor.com

Address lookup
canonical name mycanadian-pharmacy.com
aliases
addresses 5.45.64.138
Domain Whois record

Queried whois.internic.net with “dom mycanadian-pharmacy.com

Domain Name: MYCANADIAN-PHARMACY.COM
Registrar: NANJING IMPERIOSUS TECHNOLOGY CO. LTD.
Whois Server: whois.communigal.net
Referral URL: http://www.DomainersChoice.com
Name Server: NS1.MYCANADIAN-PHARMACY.COM
Name Server: NS2.MYCANADIAN-PHARMACY.COM
Status: ok
Updated Date: 20-dec-2013
Creation Date: 25-may-2012
Expiration Date: 25-may-2016
Last update of whois database: Thu, 18 Dec 2014 01:42:12 GMT
Queried whois.communigal.net with “mycanadian-pharmacy.com

Domain Name: mycanadian-pharmacy.com
Registry Domain ID: D400015290
Registrar WHOIS Server: Whois.communigal.net
Updated date: 2013-12-20T00:39:44.000Z
Creation date: 2012-05-25T08:37:54.000Z
Registrar Registration Expiration date: 2016-05-25 12:00:00
Registrar: Nanjing Imperiosus Technology Co. Ltd
Registrar IANA ID: 953

Reseller: Galcomm.com

Domain Status: ok

Registry Registrant ID: 400024751
Registrant Name: Private Registration
Registrant Organization: WhoisGuardService.com
Registrant Street: Tian Hong Shan Zhuang, BLd. 7, Office 104
Registrant City: Nanjing
Registrant State/Province : Jiangsu
Registrant Postal Code: 210049
Registrant Country: CHINA
Registrant Phone: 86.2584752362
Registrant Fax: 86.2584752360
Registrant Email: mycanadian-pharmacy.com@noiddomains.com

Registry Admin ID: 400024749
Admin Name: Private Registration
Admin Organization: WhoisGuardService.com
Admin Street: Tian Hong Shan Zhuang, BLd. 7, Office 104
Admin City: Nanjing
Admin State/Province : Jiangsu
Admin Postal Code : 210049
Admin Country: CHINA
Admin Phone: 86.2584752362
Admin Fax: 86.2584752360
Admin Email: mycanadian-pharmacy.com@noiddomains.com

Registry Tech ID: 400024752
Tech Name: Private Registration
Tech Organization: WhoisGuardService.com
Tech Street: Tian Hong Shan Zhuang, BLd. 7, Office 104
Tech City: Nanjing
Tech State/Province: Jiangsu
Tech Postal Code: 210049
Tech Country: CHINA
Tech Phone: 86.2584752362
Tech Fax: 86.2584752360
Tech Email: mycanadian-pharmacy.com@noiddomains.com

Name Server: NS1.MYCANADIAN-PHARMACY.COM
Name Server: NS2.MYCANADIAN-PHARMACY.COM
DNSSEC: UnSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2013-12-20T00:39:44.000Z <<<
Network Whois record

Queried whois.ripe.net with “-B 5.45.64.138″…

% Information related to ‘5.45.64.0 – 5.45.71.255’

% Abuse contact for ‘5.45.64.0 – 5.45.71.255’ is ‘abuse@3nt.com’

inetnum: 5.45.64.0 – 5.45.71.255
netname: INFERNO-NL-DE
descr: ********************************************************
descr: * We provide virtual and dedicated servers on this Subnet.
descr: *
descr: * Those services are self managed by our customers
descr: * therefore, we are not using this IP space ourselves
descr: * and it could be assigned to various end customers.
descr: *
descr: * In case of issues related with SPAM, Fraud,
descr: * Phishing, DDoS, portscans or others,
descr: * feel free to contact us with relevant info
descr: * and we will shut down this server: abuse@3nt.com
descr: ********************************************************
country: NL
admin-c: TNTS-RIPE
tech-c: TNTS-RIPE
status: ASSIGNED PA
mnt-by: MNT-3NT
mnt-routes: SERVERIUS-MNT
remarks: 3NT Hosting Network
remarks: Technical issues…………..: support@3nt.com
remarks: Services request…………..: sales@3nt.com
remarks: Abuse departament………….: abuse@3nt.com
remarks: Corporate web site…………: http://www.3nt.com
changed: snoop@linkbeat.net 20130701
source: RIPE

person: Neil Young
address: 3NT SOLUTIONS LLP
address: DALTON HOUSE 60, WINDSOR AVENUE
address: LONDON, UK
phone: +442081333030
e-mail: info@3nt.com
abuse-mailbox: abuse@3nt.com
nic-hdl: TNTS-RIPE
mnt-by: MNT-3NT
changed: noc@3nt.com 20111020
source: RIPE

% Information related to ‘5.45.64.0/21AS50673’

route: 5.45.64.0/21
descr: 3NT Hosting Network
origin: AS50673
mnt-by: SERVERIUS-MNT
changed: noc@serverius.net 20141122
source: RIPE

% This query was served by the RIPE Database Query Service version 1.76.1 (DB-2)
DNS records

DNS query for 138.64.45.5.in-addr.arpa returned an error from the server: NameError

name class type data time to live
mycanadian-pharmacy.com IN MX
preference: 10
exchange: mail.mycanadian-pharmacy.com
14400s (04:00:00)
mycanadian-pharmacy.com IN TXT v=spf1 a mx ip4:37.1.205.34 ~all 14400s (04:00:00)
mycanadian-pharmacy.com IN A 5.45.64.138 14400s (04:00:00)
mycanadian-pharmacy.com IN SOA
server: ns1.mycanadian-pharmacy.com
email: hostmaster@mycanadian-pharmacy.com
serial: 2013022501
refresh: 14400
retry: 3600
expire: 1209600
minimum ttl: 86400
14400s (04:00:00)
mycanadian-pharmacy.com IN NS ns2.mycanadian-pharmacy.com 14400s (04:00:00)
mycanadian-pharmacy.com IN NS ns1.mycanadian-pharmacy.com 14400s (04:00:00)

WhoIs Spamcaution.com

A 2013 WHOIS showed the domain belows to Mediolex Ltd./ The WhoIs today is private.
Whois Record

[Querying whois.verisign-grs.com]
[Redirected to whois.name.com]
[Querying whois.name.com]
[whois.name.com]

on:a first name basis with the rest of the world.
Get your at Name.com
Domain Name: spamcaution.com
Registrar: Name.com LLC

Expiration Date: 2014-08-02 13:55:21
Creation Date: 2011-08-02 13:55:21

Name Servers:
ns1hwy.name.com
ns2cvx.name.com
ns3gmv.name.com
ns4lqx.name.com

REGISTRANT CONTACT INFO
Mediolex Ltd.
Mediolex Ltd.
Hipokrata 45-49
Riga, LV-1079
LV
Phone: +1.2407644863
Email Address: bnetworksinc@gmail.com

ADMINISTRATIVE CONTACT INFO
Mediolex Ltd.
Mediolex Ltd.
Hipokrata 45-49
Riga, LV-1079
LV
Phone: +1.2407644863
Email Address: bnetworksinc@gmail.com

TECHNICAL CONTACT INFO
Mediolex Ltd.
Mediolex Ltd.
Hipokrata 45-49
Riga, LV-1079
LV
Phone: +1.2407644863
Email Address: bnetworksinc@gmail.com

BILLING CONTACT INFO
Mediolex Ltd.
Mediolex Ltd.
Hipokrata 45-49
Riga, LV-1079
LV
Phone: +1.2407644863
Email Address: bnetworksinc@gmail.com

Timestamp: 1371311278.7361
Cached on: 2013-06-15T09:47:58-06:00
__________________________________________________

Address lookup

canonical name spamcaution.com
aliases
addresses 162.144.67.60
Domain Whois record

Queried whois.internic.net with “dom spamcaution.com

Domain Name: SPAMCAUTION.COM
Registrar: NAME.COM, INC.
Whois Server: whois.name.com
Referral URL: http://www.name.com
Name Server: NS1HWY.NAME.COM
Name Server: NS2CVX.NAME.COM
Name Server: NS3GMV.NAME.COM
Name Server: NS4LQX.NAME.COM
Status: clientTransferProhibited
Updated Date: 27-jul-2014
Creation Date: 02-aug-2011
Expiration Date: 02-aug-2015

Last update of whois database: Sat, 06 Dec 2014 21:46:38 GMT
Queried whois.name.com with “spamcaution.com”…

Domain Name: SPAMCAUTION.COM
Registry Domain ID: 1670051109_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2014-07-27T20:38:18-06:00Z
Creation Date: 2011-08-02T13:55:21-06:00Z
Registrar Registration Expiration Date: 2015-08-02T13:55:21-06:00Z
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.17203101849

Domain Status: clientTransferProhibited

Registry Registrant ID:
Registrant Name: Whois Agent
Registrant Organization: Whois Privacy Protection Service, Inc.
Registrant Street: PO Box 639
Registrant City: Kirkland
Registrant State/Province: WA
Registrant Postal Code: 98083
Registrant Country: US
Registrant Phone: +1.425-274-0657
Registrant Fax: +1.4259744730
Registrant Email: spamcaution.com@protecteddomainservices.com

Registry Admin ID:
Admin Name: Whois Agent
Admin Organization: Whois Privacy Protection Service, Inc.
Admin Street: PO Box 639
Admin City: Kirkland
Admin State/Province: WA
Admin Postal Code: 98083
Admin Country: US
Admin Phone: +1.4252740657
Admin Fax: +1.4259744730
Admin Email: spamcaution.com@protecteddomainservices.com

Registry Tech ID:
Tech Name: Whois Agent
Tech Organization: Whois Privacy Protection Service, Inc.
Tech Street: PO Box 639
Tech City: Kirkland
Tech State/Province: WA
Tech Postal Code: 98083
Tech Country: US
Tech Phone: +1.425-274-0657
Tech Fax: +1.4259744730
Tech Email: spamcaution.com@protecteddomainservices.com
Name Server: ns1hwy.name.com
Name Server: ns2cvx.name.com
Name Server: ns3gmv.name.com
Name Server: ns4lqx.name.com
DNSSEC: Unsigned Delegation

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Last update of WHOIS database: 2014-12-06T14:46:53-07:00 <<<
Network Whois record

Queried rwhois.unifiedlayer.com with "162.144.67.60"…

%rwhois V-1.5:000080:00 rwhois.unifiedlayer.com (by Unified Layer, V-1.0.0)
network:Class-Name:network
network:ID: NETBLK-UL.162.144.0.0/16
network:Auth-Area: 162.144.0.0/16
network:Network-Name: UL-162.144.0.0/16
network:IP-Network: 162.144.0.0/16
network:Organization: Unified Layer
network:Tech-Contact: netops@unifiedlayer.com
network:Admin-Contact: netops@unifiedlayer.com
network:Abuse-Contact: abuse@unifiedlayer.com
network:Created: 20121119
network:Updated: 20121119
network:Updated-By: netops@unifiedlayer.com

%ok
Queried whois.arin.net with "n 162.144.67.60"…

NetRange: 162.144.0.0 – 162.144.255.255
CIDR: 162.144.0.0/16
NetName: UNIFIEDLAYER-NETWORK-14
NetHandle: NET-162-144-0-0-1
Parent: NET162 (NET-162-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS46606
Organization: Unified Layer (BLUEH-2)
RegDate: 2013-03-01
Updated: 2013-03-01
Ref: http://whois.arin.net/rest/net/NET-162-144-0-0-1

OrgName: Unified Layer
OrgId: BLUEH-2
Address: 1958 South 950 East
City: Provo
StateProv: UT
PostalCode: 84606
Country: US
RegDate: 2006-08-08
Updated: 2012-11-26
Ref: http://whois.arin.net/rest/org/BLUEH-2

ReferralServer: rwhois://rwhois.unifiedlayer.com:4321

OrgNOCHandle: NETWO5508-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-888-401-4678
OrgNOCEmail: netops@unifiedlayer.com
OrgNOCRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

OrgTechHandle: NETWO5508-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-888-401-4678
OrgTechEmail: netops@unifiedlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

OrgAbuseHandle: ABUSE3581-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-888-401-4678
OrgAbuseEmail: abuse@unifiedlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3581-ARIN

canadian-pharmacy-24h.com

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies 

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

Houston We Have A Threat To The Global Internet Infrastructure

These guys not only are trying to sell you prescription drugs without a Doctor’s prescription, they are also running several consumer complaint sites, people finders or people search sites, mugshots sites and requesting that you pay them to have consumer complaints or your mugshot remove. Outright EXTORTION.

The following A records are set to 94.102.55.109:

1.canada-pharmacy-24h.com
2.drugstax.com
3.health-area.com
4.rx-customer-support.com

Address lookup
canonical name http://www.canadian-pharmacy-24h.com
aliases
addresses 94.102.55.105
Domain Whois record

Queried whois.internic.net with “dom canadian-pharmacy-24h.com”…

Domain Name: CANADIAN-PHARMACY-24H.COM
Registrar: TODAYNIC.COM, INC.
Whois Server: whois.todaynic.com
Referral URL: http://www.NOW.CN
Name Server: NS3.01ISP.COM
Name Server: NS4.01ISP.NET
Status: clientTransferProhibited
Updated Date: 25-may-2011
Creation Date: 28-jun-2010
Expiration Date: 28-jun-2012

Last update of whois database: Wed, 25 Jan 2012 18:53:45 UTC
Queried whois.todaynic.com with “canadian-pharmacy-24h.com”…

Dear Valued Customer,

This message is a reminder to help you keep the contact data associated with your domain
registration up-to-date. Our records include the following information:

Domain name: canadian-pharmacy-24h.com
Status: Active
Protection Status: public
Registrant:
Name: Marc Aaron
Organization: Marc Aaron
Address: 423 Westglen dr
City: Naperville
Province/state: IL
Country: US
Postal Code: 60565
Email: arotello1@yahoo.com

Administrative Contact:
Name: Marc Aaron
Organization: Marc Aaron
Address: 423 Westglen dr
City: Naperville
Province/state: IL
Country: US
Postal Code: 60565
Phone: +630.3056249
Fax: +630.3056249
Email: arotello1@yahoo.com

Technical Contact:
Name: Marc Aaron
Organization: Marc Aaron
Address: 423 Westglen dr
City: Naperville
Province/state: IL
Country: US
Postal Code: 60565

Nameserver Information:
ns3.01isp.com
ns4.01isp.net

Create: 2010-06-29 09:43:29
Update: 2011-05-25
Expired: 2012-06-29
QueryTimes: 224

Network Whois record
Queried whois.ripe.net with “-B 94.102.55.105″…

% Information related to ‘94.102.52.0 – 94.102.55.255’

inetnum: 94.102.52.0 – 94.102.55.255
netname: NL-ECATEL
descr: ECATEL LTD
descr: Dedicated servers
descr: http://www.ecatel.net/
country: NL
admin-c: EL25-RIPE
tech-c: EL25-RIPE
status: ASSIGNED PA
mnt-by: ECATEL-MNT
mnt-lower: ECATEL-MNT
mnt-routes: ECATEL-MNT
changed: noc@ecatel.net 20090813
source: RIPE

role: Ecatel LTD
address: P.O.Box 19533
address: 2521 CA The Hague
address: Netherlands
abuse-mailbox: abuse@ecatel.net
remarks: —————————————————-
remarks: ECATEL LTD
remarks: Dedicated and Co-location hosting services
remarks: —————————————————-
remarks: for abuse complaints : abuse@ecatel.net
remarks: for any other questions : info@ecatel.net
remarks: —————————————————-
e-mail: noc@ecatel.net
admin-c: EL25-RIPE
tech-c: EL25-RIPE
nic-hdl: EL25-RIPE
mnt-by: ECATEL-MNT
changed: noc@ecatel.net 20090813
source: RIPE

% Information related to ‘94.102.48.0/20AS29073’

route: 94.102.48.0/20
descr: AS29073 Route object
origin: AS29073
mnt-by: ECATEL-MNT
changed: noc@ecatel.net 20080902
source: RIPE
DNS records

DNS query for 105.55.102.94.in-addr.arpa returned an error from the server: NameError

name class type data time to live
http://www.canadian-pharmacy-24h.com IN A 94.102.55.105 7200s (02:00:00)
canadian-pharmacy-24h.com IN SOA
server: ns3.01isp.com
email: webmaster.now.net.cn
serial: 2004010189
refresh: 7200
retry: 1800
expire: 1209600
minimum ttl: 7200
7200s (02:00:00)
canadian-pharmacy-24h.com IN NS ns3.01isp.com 43200s (12:00:00)
canadian-pharmacy-24h.com IN NS ns4.01isp.net 43200s (12:00:00)
canadian-pharmacy-24h.com IN A 94.102.55.105 7200s (02:00:00)
— end —

Malware Found:

  • html_google_malware
  • Trojan Ramnit
  • Backdoor PHP Hiebot.B
  • Trojan SpyEye
  • Trojan Zbot
  • Trojan Renos
  • Phoenix Exploit
  • Trojan Agents

Associated with the Fake Pharma Criminals:

  • mypharmacypillstablets.com
  • pharmacylicensedrxpills.ru
  • diseasetorehealthpills.net
  • hospitalwikihealthcare.com
  • pillsdrugstoremedicare.net
  • pillspharmacyfitness.ru
  • pillspharmacyphysic.ru
  • pillsrxhealth.ru
  • pillstabletsonline.ru
  • pillstabletsworld.net
  • retailstorepharmacy.com
  • sexualhealthpharmacypills.com
  • srgd.ru
  • More Malware Domain names here!

The following A records are set to 218.75.172.53:

  1. beastslnessherbal.com,
  2. carepillsupreme.com,
  3. carewelness.com,
  4. cesdiet.com,
  5. clinicspharmacy.com,
  6. cvspillshttp.com,
  7. cvstabletouchpad.com,
  8. devicediet.com,
  9. dieandroid.com,
  10. drugenericstab.com,
  11. drugriptabletsdrugs.net,
  12. drugstorerxtabs.net,
  13. healthcarerxhospital.com,
  14. medicalpillshiv.com,
  15. medicaremedstaxes.com,
  16. medicarerepublicans.com,
  17. medspharmacyrx.net,
  18. medsrxseries.com,
  19. medssaleretailers.com,
  20. mentalhealthpill.net,
  21. mymedpills.com,
  22. mypharmdiet.com,
  23. ns1.levitraprescriptiondrug.com,
  24. ns1.levitrawelness.com,
  25. ns1.prescriptionteva.com,
  26. ns1.rivierapharmacy.com,
  27. ns1.rxpillsandroid.net,
  28. ns1.wikicalendula.com,
  29. ns2.appletabletrxdrugstore.org,
  30. ns2.buydrugspharmacy.com,
  31. ns2.dietpillpharmacyhealth.org,
  32. ns2.drugriptabletsdrugs.net,
  33. ns2.drugstorerxtabs.net,
  34. ns2.drugtorehealthriskstablets.org,
  35. ns2.drugtoretabletspillsgroup.com,
  36. ns2.fdamed.com,
  37. ns2.galaxymedtab.mobi,
  38. ns2.herbalpillprescription.mobi,
  39. ns2.medicaregingrich.com,
  40. ns2.medicaremedstaxes.com,
  41. ns2.medicarepillromney.com,
  42. ns2.medicarerxtax.com,
  43. ns2.medicinecell.com,
  44. ns2.medicineclinical.com,
  45. ns2.medpharmbl.com,
  46. ns2.medsantorum.com,
  47. ns2.medsbl.com,
  48. ns2.medscialpolymer.com,
  49. ns2.medshealthdrugshop.com,
  50. ns2.medshealthospitals.com,
  51. ns2.medsontario.com,
  52. ns2.medsrxseries.com,
  53. ns2.medssaleretailers.com,
  54. ns2.medstabletsdrugstore.org,
  55. ns2.medstabletspills.org,
  56. ns2.medv60.com,
  57. ns2.medwelnessperry.com,
  58. ns2.medyoa.com,
  59. ns2.mentalhealthpill.net,
  60. ns2.mentalhealthrxpharmacy.org,
  61. ns2.mentalhealthrxtablets.org,
  62. ns2.mymedicalpharm.com,
  63. ns2.mymedpills.com,
  64. ns2.mypharmdiet.com,
  65. ns2.mypillshealth.com,
  66. ns2.painmedstabletsdrugstore.org,
  67. ns2.pharmacyontario.com,
  68. ns2.pharmacysupreme.com,
  69. ns2.pharmacytabletsdrugstore.org,
  70. ns2.pharmedicareinsurance.com,
  71. ns2.pharmontreal.com,
  72. ns2.physiciancareviagra.com,
  73. ns2.pilldrugstorerx.org,
  74. ns2.pilldrugstorerxprescription.org,
  75. ns2.pilldrugstorexcedrin.com,
  76. ns2.pillgenerics.com,
  77. ns2.pillipitor.com,
  78. ns2.pillmorgan.com,
  79. ns2.pillsdrugstoremeds.org,
  80. ns2.pillsdrugstoretailers.com,
  81. ns2.pillsmontreal.com,
  82. ns2.pillsoda.com,
  83. ns2.pilltabletsrx.com,
  84. ns2.prescribedsviagra.com,
  85. ns2.prescriptioncarepatients.com,
  86. ns2.prescriptionciadrug.com,
  87. ns2.prescriptiondrugstorepillshealth.org,
  88. ns2.prescriptiondrugtorepillspharmacy.org,
  89. ns2.prescriptionmeddrug.com,
  90. ns2.prescriptionmedicaredrug.com,
  91. ns2.prescriptionmedstabletspills.org,
  92. ns2.santorumedicare.com,
  93. ns2.sproutcoregenerics.com,
  94. ns2.tabcareinprivate.com,
  95. ns2.tabcaresupreme.com,
  96. ns2.tabcourt.com,
  97. ns2.tabletces.com,
  98. ns2.tabletlevitra.com,
  99. ns2.tabletrxpills.com,
  100. ns2.tabletrxpillsandroid.com,
  101. ns2.tabletrxprescriptiondrugstore.org,
  102. ns2.tabletsaleandroid.com,
  103. ns2.tabletsbusiness.net,
  104. ns2.tabletshealthpills.org,
  105. ns2.tabletspharmacypills.org,
  106. ns2.thesaletab.com,
  107. ns2.trustedtabletspharmacypills.org,
  108. ns2.viagranasa.mobi,
  109. ns2.vidblogitrawelness.com,
  110. ns2.vitaminpharmdiet.com,
  111. ns2.welnessgingrich.com,
  112. ns2.yimgcialis.com,
  113. ns2.yourwhich.com,
  114. ns58.ipmirror.com