Spam Alert
Full Report:  /My_Canadian_Pharmacy_spam178168.html
Changed status to confirmed spam.
andtherybug.net is one of the sites for the spam operation, "MyCanadianPharmacy." This site and its spam are violating US law:
* It offers medications which may not be dispensed without a prescription, including Provigil, and sometimes Valium, Meridia, Xanax and Ambien, which are federal contolled substances, without requiring any prescription. Xanax in particular has high street value. See /My_Canadian_Pharmacy_spam114.html for example of the expanded offerings in controlled substances on this site at the time of the first SIRT report for My Canadian Pharmacy.
* Its site advertises generic versions of drugs like Viagra which are still under patent protection. Therefore, any generics are by definition counterfeit.
* Its site includes "certificates" claiming endorsement from the Better Business Bureau, Verisign, Visa, The Canadian International Pharmacy Association, and PharmacyChecker. As noted by http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy , all of these claims are outright falsehoods and violations of these agencies' trademarks. See also the BBB alert at http://www.bbbmwo.ca/commonreport.html?bid=1134034
* It is not located in Canada anywhere anyone has been able to find it, and the address it lists for itself is a strip mall with no buildings resembling the one pictured on its website. It is not connected to the actual pharmacy mycanadianpharmacy.com . See also information collected on this operation at http://www.rickconner.net/spamweb/spam_drugs.html
* There is doubt whether they actually sell anything; the website may only be collecting credit card numbers.
* It violates US law by offering drugs for sale to US residents that they may not legally import from pharmacies outside the US, and it offers them for sale without prescription. See http://www.fda.gov/oc/buyonline/faqs.html
* It offers for sale to US residents drugs that have not been approved by the FDA for sale in the US, like rimonabant.
* Its site offers for sale antiepileptic medications like Neurontin, Depakote, Lamictal, Trileptal, Keppra, and Topamax. Given the documented fact that even when spamvertised pharmacies deliver medications, they are subpotent or completely inactive about half the time, well-controlled epileptics taking these pills could have seizures while driving, causing an accident that could kill or seriously injure themselves or others, or at very least, lead to loss of their drivers' licenses.
* Its site offers for sale anticancer agents like casodex and nolvadex. Again, even when spamvertised pharmacies deliver medications, they are subpotent or completely inactive about half the time. The first indication people taking these medications would have that they are taking inactive drug would be recurrence of their cancers.
* Its site offers for sale antibiotics like Levaquin, Amoxicillin, Augmentin, Cipro, Zithromax, and Suprax. As My Canadian Pharmacy does not even claim to offer overnight delivery, the only reason to order these drugs without prescription from a pharmacy that takes weeks to deliver (if it ever delivers at all), is to keep it at home "just in case." As most people are unaware that viral illnesses do not respond to antibiotics, are not aware of which organisms are most likely to cause which infections nor which antibiotics will cover those organisms, and do not have the ability to perform culture and sensitivity testing to confirm empiric treatment, this practice is highly likely to select for drug resistant organisms like CA-MRSA (community acquired methicillin resistant staphylococcus aureus, a particularly aggressive variety of staph that causes recurrent skin boils and has a 50% mortality when it causes pneumonia). As Cipro and Levaquin also have anti-tubercular activity, their use can select for drug resistant tuberculosis. Extended drug resistant mycobacterium tuberculosis (XDR-TB) is extracting nearly 100% mortality in South Africa at present.
* Its site offers for sale Coumadin, a narrow therapeutic index drug that requires very frequent blood testing to determing the correct dose, and continued monitoring to readjust dose due to interactions with food and other medications. The consequence of too much OR too little can be stroke or death.
* Its site offers for sale major antipsychotic medications like Seroquel, Abilify, and Risperdal. In addition to the fact that inactive drug could cause a patient to relapse, leading to consequences like loss of employment, even if these pills contain real medication and the correct quantity of real medication, they are only sold by prescription because patients taking them must be monitored for possible side effects like diabetes.
* Its site offers for sale the fertility medication clomid which carries the risk of multiple pregnancy, visual disturbances, and ovarian tumors, especially if used in excess.
* Their spam messages violate the CAN-SPAM act because they have forged "from" and "reply to" addresses, are sent from hijacked computers without the knowledge or permission of the owners, do not include valid information identifying who has sent the spam or how to opt out, and do not honor opt-out requests on their websites. Addresses are collected by bots spidering the internet for email addresses.
* Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") utilize hijacked Unix servers using the tirqd trojan. See:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
* In each case in which this reporter was able to contact the person named in the whois information in the domain registration of one of these sites, that person denied having any knowledge of his/her personal information being used to register any domains. Some victims had already been aware of fraudulent charges on their credit cards for domain registrations. See documentation at http://spamtrackers.eu/wiki/index.php?title=Fake_yambo_whois
Online prices for warfarin 5mg x 90 tabs (generic coumadin, a blood thinner) on 4/13/08:
Rite Aid (drugstore.com): US $35
CVS US $46
My Canadian Pharmacy US $227
The only reason for someone to order warfarin via an illegal pharmacy is to avoid having to see a doctor and get blood tests done to obtain a prescription. Warfarin is derived from a natural compound and has a complex metabolism and many food/drug interactions. Not only is there a very narrow range between the dose that prevents clots and the dose that causes excessive bleeding, the dose is different from person to person and even varies at different times for the same person. There is an extremely high risk of someone having complications like bleeding or strokes if he/she is not getting regular blood tests to check whether the dosage needs to be changed.
andtherybug.net is located at IP address 210.201.138.28
but it loads images from port 8080 of up to five of the following servers:
http://58.241.87.130:8080/p/images/weship.jpg
http://79.135.167.10:8080/p/images/weship.jpg
http://84.253.77.6:8080/p/images/weship.jpg
http://194.67.66.10:8080/p/images/weship.jpg
http://212.154.24.78:8080/p/images/weship.jpg
http://212.154.24.88:8080/p/images/weship.jpg
http://212.154.24.92:8080/p/images/weship.jpg
Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") will often block traffic from IP addresses associated with legal, financial and antispam organizations as well as anyone who has visited more than one of their sites. It may be necessary to use a proxy to view the pages. In addition, nameservers will selectively refuse queries for certain domains not currently being spammed, and it is necessary to use traversal to see that the domains themselves are not suspended.
Nameservers:
Generated by www.DNSstuff.com at 18:35:30 GMT on 07 Jun 2008.
ns2.portativefih.ru [136.145.55.9]
ns1.fowimpetration.com [202.127.45.235]
Nameservers move frequently from one IP address to another, as is typical of hijacked servers. These nameservers were observed at all of the following IP addresses within recent days:
ns2.portativefih.ru A 83.15.82.74
ns2.portativefih.ru A 136.145.55.9
ns2.portativefih.ru A 201.236.86.60
ns1.fowimpetration.com A 202.127.45.235
ns1.fowimpetration.com A 210.47.0.50
Spamhaus information on these IP addresses:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL58375 for 210.201.138.28
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64775 for 136.145.55.9
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL50921 for 83.15.82.74
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL53118 for 201.236.86.60
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL46595 for 210.47.0.50
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64778 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64834 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64881 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65112 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64072 for 84.253.77.6
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63729 for 212.154.24.78
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62488 for 212.154.24.88
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62950 for 212.154.24.92
SiteAdvisor review at http://www.siteadvisor.com/sites/andtherybug.net
http://domaintools.tweak-it.net/fullreport/andtherybug.net
I called the person listed in the whois and confirmed he did not have anything to do with registering this domain. (I got his phone number from another domain registered fraudulently using his identity information and credit card.)
IP Converted: 210.201.138.28
dword = 3536423452
hex1 = 0xd2c98a1c
hex2 = 0xd2.0xc9.0x8a.0x1c
oct = 0322.0311.0212.034
View CIDR AS7482 Report: http://www.cidr-report.org/cgi-bin/as-report?as=7482
"7482 | TW | apnic | 1997-02-17 | APOL-AS Asia Pacific On-line Service Inc."<br />
Extended information for AS7482:
State/Province:
Country: tw
Responsible Domain: apol.com.tw
Abuse Email: spam@apol.com.tw
IP Converted: 58.241.87.130
dword = 988895106
hex1 = 0x3af15782
hex2 = 0x3a.0xf1.0x57.0x82
oct = 072.0361.0127.0202
View CIDR AS4837 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4837
"4837 | CN | apnic | 2001-09-17 | CHINA169-BACKBONE CNCGROUP China169 Backbone"<br />
Extended information for AS4837:
State/Province:
Country: cn
Responsible Domain: cnc-noc.net
Abuse Email: abuse@cnc-noc.net
IP Converted: 79.135.167.10
dword = 1334290186
hex1 = 0x4f87a70a
hex2 = 0x4f.0x87.0xa7.0xa
oct = 0117.0207.0247.012
View CIDR AS9121 Report: http://www.cidr-report.org/cgi-bin/as-report?as=9121
"9121 | TR | ripencc | 1998-12-29 | TTNET TTnet Autonomous System"<br />
Extended information for AS9121:
State/Province:
Country: tr
Responsible Domain: telekom.gov.tr
Abuse Email: abuse@ttnet.net.tr
IP Converted: 84.253.77.6
dword = 1425886470
hex1 = 0x54fd4d06
hex2 = 0x54.0xfd.0x4d.0x6
oct = 0124.0375.0115.06
View CIDR AS8629 Report: http://www.cidr-report.org/cgi-bin/as-report?as=8629
"8629 | RU | ripencc | 1998-01-22 | MCNTT-AS MCNTT Autonomous System"<br />
Extended information for AS8629:
State/Province:
Country: ru
Responsible Domain: ntt.ru
Abuse Email: postmaster@ntt.ru
IP Converted: 194.67.66.10
dword = 3259187722
hex1 = 0xc243420a
hex2 = 0xc2.0x43.0x42.0xa
oct = 0302.0103.0102.012
View CIDR AS2683 Report: http://www.cidr-report.org/cgi-bin/as-report?as=2683
"2683 | EU | ripencc | 1993-09-01 | RADIO-MSU RADIO-MSU"<br />
Extended information for AS2683:
State/Province:
Country:
Responsible Domain: radio-msu.net
Abuse Email: abuse@radio-msu.net
IP Converted: 212.154.24.78
dword = 3566868558
hex1 = 0xd49a184e
hex2 = 0xd4.0x9a.0x18.0x4e
oct = 0324.0232.030.0116
IP Converted: 212.154.24.88
dword = 3566868568
hex1 = 0xd49a1858
hex2 = 0xd4.0x9a.0x18.0x58
oct = 0324.0232.030.0130
IP Converted: 212.154.24.92
dword = 3566868572
hex1 = 0xd49a185c
hex2 = 0xd4.0x9a.0x18.0x5c
oct = 0324.0232.030.0134
View CIDR AS12735 Report: http://www.cidr-report.org/cgi-bin/as-report?as=12735
"12735 | TR | ripencc | 1999-10-18 | ASNETONE Netone Bilgi Ve Iletisim Hizmetleri A.S."<br />
Extended information for AS12735:
State/Province:
Country: tr
Responsible Domain: satko.com.tr
Abuse Email: postmaster@satko.com.tr
IP Converted: 136.145.55.9
dword = 2291218185
hex1 = 0x88913709
hex2 = 0x88.0x91.0x37.0x9
oct = 0210.0221.067.011
View CIDR AS5786 Report: http://www.cidr-report.org/cgi-bin/as-report?as=5786
"5786 | PR | arin | 1995-10-24 | UPRENET - University of Puerto Rico"<br />
Extended information for AS5786:
State/Province:
Country: us
Responsible Domain: upr1.upr.clu.edu
Abuse Email: postmaster@upr1.upr.clu.edu
IP Converted: 202.127.45.235
dword = 3397332459
hex1 = 0xca7f2deb
hex2 = 0xca.0x7f.0x2d.0xeb
oct = 0312.0177.055.0353
View CIDR AS4808 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4808
"4808 | CN | apnic | 1996-01-09 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network"<br />
Extended information for AS4808:
State/Province:
Country: cn
Responsible Domain: cnc-noc.net
Abuse Email: abuse@cnc-noc.net
ISPs: Please assist your customers in identifying and disinfecting servers at the following addresses:
apol.com.tw
210.201.138.28
cnc-noc.net
58.241.87.130
202.127.45.235
ntt.ru
84.253.77.6
radio-msu.net
194.67.66.10
satko.com.tr
212.154.24.78
212.154.24.88
212.154.24.92
telekom.gov.tr
79.135.167.10
telesp.com.br
200.171.178.11
upr1.upr.clu.edu
136.145.55.9
Registrars: please suspend the following domains and nameservers. Please investigate the payment history as it was almost certainly fraudulent as well. Please forward evidence of fraudulent activity to law enforcement.
See domain suspension instructions at
http://www.spamtrackers.eu/wiki/index.php?title=Registrar_Advice
Hong Kong mirror:
香港 镜象地点
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_domain
(Removal of nameservers is here:
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_name_server_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_name_server_domain )
As the domains for the Yambo family of spamvertised websites (My Canadian Pharmacy, International Legal Rx Medications, Men+ Health, US Drug, VIP Pharmacy ("Viagra + Cialis"), and Canadian Health&Care Mall are uniformly registered with information obtained by identity theft and paid with fraudulent credit/debit card information, please suspend any other sites in this family that you become aware of.
CoreNIC.org:
andtherybug.net
naunet.ru
portativefih.ru
ns2.portativefih.ru [136.145.55.9]
dns.com.cn
fowimpetration.com
ns1.fowimpetration.com [202.127.45.235]
@CoreNIC.org:
The following domains are also registered with CoreNIC by the same criminal organization, which consistently uses false whois information and payment methods in addition to the fraudulent content of the websites themselves. Please investigate and suspend these as well:
ACATCHEYND.COM
AESYLILOAD.COM
AEWOYPALASEF.COM
AGERFAXEU.NET
AILERZATEK.COM
AMPLOMATER.COM
ANDTHERYBUG.NET
ARIKAPTURLA.NET
BALLSHARPL.NET
BARRIERSHAWL.NET
BREASEKHEAR.NET
CAPALOGYE.NET
CARBILNAW.COM
CLAIMTOJASE.COM
CNORTSTARTEG.COM
COERSELGRASE.NET
CRAMIKGOODER.COM
CULMIVARTEH.COM
EFORETESY.INFO
FLACHEASET.NET
FLINGHOUTEM.COM
FLODHELLER.INFO
FLOUNDCAZZLE.COM
FREEUNDERY.COM
FREEWILEBOTE.COM
GOOVERMYMIND.COM
HORTHEBAST.COM
HROMCROW.COM
HUMOLOUSEW.COM
HYREINGERS.COM
INOXERVALY.NET
INSTIMCTAGE.NET
INYTARTOO.COM
LEPERTOKAN.COM
LOVERDSTART.INFO
MIMERONTRACK.COM
NEEDMUSCLEK.COM
ONESELFETU.COM
OPULATERD.COM
OUSEYEBALLSE.COM
PARELMATRAC.COM
PLESKMENAPR.COM
PLETERHUSL.NET
PRONIMFERTO.COM
QUILFIKATER.NET
RELIOFASEN.COM
REPELTWHAT.NET
RIMERINGLEY.NET
ROPOLOSILEG.COM
RURALANDEGS.INFO
SAFERDATAR.COM
SEALINGNOCK.INFO
SEATSCOPYRE.COM
STRAINBADLY.COM
SUPILESETICS.COM
TANDPRESENT.COM
TIFESAPPERT.COM
TRANSFIZION.COM
TRASESEARCH.COM
TROTEDCOAST.COM
TYPIFULLQES.INFO
UNGERSALIN.COM
USTOMERDEST.NET
VISEDTIMER.COM
VISIMFERBLE.COM
WAERNHERD.NET
WHOLCMORALE.NET
@apol.com.tw: The following domains were also located on 210.201.138.28 on June 7, 2008. Please investigate and shut down these fraudulent domains, which are likely hosted via a hijacked unix server. See http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
abinequial.com
ablherent.com
absedjabar.com
adoreberry.com
aftermuise.net
ailerzatek.com
amplomater.com
andtherybug.net
anexilotop.com
arikapturla.com
aseverloper.net
asewsingle.com
asingthtold.com
assureftunel.com
azoancored.com
baldaterybass.net
barriershawl.net
baseperedon.com
basinefest.net
basteldress.net
batekolery.com
bathekbare.com
birakusome.com
bladyrushe.com
blockforike.net
bonmerfiket.com
borecometin.net
burastmedit.com
buseropast.net
butchertnob.com
buttomjole.net
byrstintro.com
capalogye.net
chaderpioner.com
charedbus.com
cistomiseril.com
colertions.com
countribale.com
cranckcoilds.com
crypufullewad.com
culmivarteh.com
cultivawel.com
cursomaryl.com
dadlineart.com
dasjavert.com
dersticken.com
deskdelion.com
desmanker.com
dischopper.com
dryconsest.net
eachoseras.com
econgmisedum.com
ecrityksaler.com
edacityf.cn
elfasured.com
emperiatore.com
enciletrend.com
engineperted.com
eraxewhint.com
ernikadetlig.com
ernikadetlig.net
erperadest.net
erywithyou.com
esenefast.net
eyecalting.com
eyedballs.com
fabrickbye.com
failtdushar.com
fajotorok.com
famularutym.info
feltmyupess.net
fenybelloweg.com
filereasign.com
flightournet.com
flinghoutem.com
floundcazzle.com
folertgamps.com
freedloger.com
freewilebote.com
galowefol.com
gauserrimer.com
gefedfylok.com
ghostglide.com
giantfaithsea.com
goovermymind.com
gradmentale.com
graiterits.com
graiterits.net
guarwbench.com
haidofgano.net
haltsaugol.com
hayngmiti.net
heelkaweler.com
heleselter.com
herdboard.com
herringesy.com
honopwhat.com
horedigmer.com
howsomertyv.com
humcomiced.com
humersaxer.com
humolousew.com
huntingswell.com
hyfdanteray.net
hyreingers.com
idolhowerve.net
ielodastnor.com
ighogorne.com
igromance.com
ikerbreads.com
iloperatev.com
imerbissone.com
imolikeiky.net
imylateyno.com
inclettery.com
incomertal.com
incomplerob.com
ingerleart.com
ingermetwol.com
ingsitilad.com
inhalftoo.com
intednalsut.com
interikontakt.com
isignalbind.com
italiclopval.com
janiadyitch.com
janiarlawepo.net
jestorpunadi.com
jindolsmade.com
joeggetnop.com
knewgfader.com
landuaning.info
launtspater.com
laxeresok.com
leafedpalaw.com
lepertokan.com
loovchazer.com
loretharmle.net
maluotelyn.com
masloliner.com
mawershopler.com
maygaried.net
mikerpinkdo.com
minepcurach.com
mixwedcomp.com
miztrust.cn
mossudejerck.com
moyndtilef.net
nagekssadir.com
narrowdeer.com
needmusclek.com
negatimmuse.com
negromental.com
nohokerowl.net
nointherwine.net
obercanwet.com
ofenmorest.net
ofikalhear.com
ofisergeroy.com
ogewfropew.com
oletdaptment.net
oletoper.com
omelianhytor.com
oncederater.com
oneselfetu.com
onigorydfate.com
oradengetbel.com
oundefmode.com
ouseyeballse.info
painavard.com
paserbarrow.com
pauauretion.com
peasemunelo.com
pebblesriver.com
pelvisteps.net
penionmelow.com
perfolancer.com
plaintdyer.net
plasretgilar.com
pleterhusl.net
plitonmanur.com
plundishrag.com
pointpleset.net
polerstery.com
poundarnacy.com
preacysed.com
presergation.com
presergation.net
promobijon.info
pruffervent.com
psilofadcored.com
quilfikater.com
raisenmoxer.com
redcatition.com
redignoat.com
registrionil.com
regootnos.net
resarchuck.com
ringetdownt.net
ritickbals.com
ropolosileg.com
rosrpluck.com
runingedsiz.com
rutancomerda.com
sadegikaz.com
sasetmiclet.com
sckajatch.com
shoostcalte.com
silinewitals.com
sretlopeq.com
stroileryock.net
subltitle.com
supilesetics.com
swartbyew.info
swinghoy.cn
tandpresent.com
testartment.net
tgesalexpert.com
throghetnetal.com
toronto-rx.com
transfizion.com
trasesearch.com
treasewent.com
treasewent.net
trotedcoast.com
tunerealti.com
turbineshaw.com
ubafindamet.com
uletcrown.com
undertecktek.com
uneversadet.net
unexedproper.com
uniferdolly.net
unkersewop.com
urayroack.net
usameds-rx.us
usebandterm.com
viposadetion.com
virtylenesess.net
vitoalzane.com
vitylaetik.com
voluneting.com
walkintriod.com
wasypencil.net
weedsea.com
winhittler.com
witnesscolly.net
wolexsakch.com
wrolkengar.net
yasterxejola.com
yongduman.com
youfastpoh.com
ziladoferim.com
Consumed following related reports:
[184355] http://andtherybug.net/?page=xaxax&t=testimonials&ref=&pid=3676&cart
[184356] http://andtherybug.net/?page=xaxax&t=description&ref=&pid=3676&cart
[184357] http://andtherybug.net/?page=xaxax&ref=&pid=3676&cart
[184358] http://andtherybug.net/?page=visa&interface=no
[184359] http://andtherybug.net/?page=verisign&interface=no
[184360] http://andtherybug.net/?page=valium&t=testimonials&ref=&pid=3676&cart
[184361] http://andtherybug.net/?page=valium&t=description&ref=&pid=3676&cart
[184362] http://andtherybug.net/?page=valium&ref=&pid=3676&cart
[184363] http://andtherybug.net/?page=shipping&ref=&pid=3676&cart
[184364] http://andtherybug.net/?page=rrc&ref=&pid=3676&cart
[184365] http://andtherybug.net/?page=provigil&t=testimonials&ref=&pid=3676&cart
[184366] http://andtherybug.net/?page=provigil&t=description&ref=&pid=3676&cart
[184367] http://andtherybug.net/?page=privacy&ref=&pid=3676&cart
[184368] http://andtherybug.net/?page=phonesupport&ref=&pid=3676&cart
[184369] http://andtherybug.net/?page=pchecker&interface=no
[184370] http://andtherybug.net/?page=nolvadex&t=description&ref=&pid=3676&cart
[184371] http://andtherybug.net/?page=meridia&t=testimonials&ref=&pid=3676&cart
[184372] http://andtherybug.net/?page=meridia&t=description&ref=&pid=3676&cart
[184373] http://andtherybug.net/?page=meridia&ref=&pid=3676&cart
[184374] http://andtherybug.net/?page=licence&interface=no
[184375] http://andtherybug.net/?page=index
[184376] http://andtherybug.net/?page=howto&ref=&pid=3676&cart
[184377] http://andtherybug.net/?page=genericviagra&t=testimonials&ref=&pid=3676&cart
[184378] http://andtherybug.net/?page=genericviagra&t=description&ref=&pid=3676&cart
[184379] http://andtherybug.net/?page=genericviagra&ref=&pid=3676&cart
[184380] http://andtherybug.net/?page=cservice&ref=&pid=3676&cart
[184381] http://andtherybug.net/?page=contactus&ref=&pid=3676&cart
[184382] http://andtherybug.net/?page=contactform&ref=&pid=3676&cart
[184383] http://andtherybug.net/?page=clomid&t=testimonials&ref=&pid=3676&cart
[184384] http://andtherybug.net/?page=clomid&t=description&ref=&pid=3676&cart
[184385] http://andtherybug.net/?page=cipa&interface=no
[184386] http://andtherybug.net/?page=bbbo&interface=no
[184387] http://andtherybug.net/?page=antispam&ref=&pid=3676&cart
[184388] http://andtherybug.net/?page=ambien&t=testimonials&ref=&pid=3676&cart
[184389] http://andtherybug.net/?page=ambien&t=description&ref=&pid=3676&cart
[184390] http://andtherybug.net/?page=ambien&ref=&pid=3676&cart
[184391] http://andtherybug.net/?page=allproducts&type=women_s_health&ref=&pid=3676&cart
[184392] http://andtherybug.net/?page=allproducts&type=weight_loss&ref=&pid=3676&cart
[184393] http://andtherybug.net/?page=allproducts&type=pain_relief&ref=&pid=3676&cart
[184394] http://andtherybug.net/?page=allproducts&type=men_s_health&ref=&pid=3676&cart
[184395] http://andtherybug.net/?page=allproducts&type=general_health&ref=&pid=3676&cart
[184396] http://andtherybug.net/?page=allproducts&type=blood_pressure_cholesterol&ref=&pid=3676&cart
[184397] http://andtherybug.net/?page=allproducts&type=anti_herpes&ref=&pid=3676&cart
[184398] http://andtherybug.net/?page=allproducts&type=anti_diabetic&ref=&pid=3676&cart
[184399] http://andtherybug.net/?page=allproducts&type=anti_depressants&ref=&pid=3676&cart
[184400] http://andtherybug.net/?page=allproducts&type=anti_biotics&ref=&pid=3676&cart
[184401] http://andtherybug.net/?page=allproducts&type=anti_allergic_asthma&ref=&pid=3676&cart
[184402] http://andtherybug.net/?page=allproducts&type=anti_acidity&ref=&pid=3676&cart
[184403] http://andtherybug.net/?page=allproducts&ref=&pid=3676&cart
[184404] http://andtherybug.net/?page=afficon&ref=&pid=3676&cart
[184405] http://andtherybug.net/?page=acomplia&t=order&ref=&pid=3676&cart
[184406] http://andtherybug.net/?page=acomplia&t=description&ref=&pid=3676&cart
[184407] http://andtherybug.net/?page=aboutus&ref=&pid=3676&cart
@OVH
aplicanroked.net was registered with OVH with fraudulent whois information, using the name of the same innocent party. It was reported to you March 7, 2008. The domain is still active and the whois still is displaying the same registrant information, in violation of this person's privacy. Please suspend this domain and remove his personal information from the whois.
@CoreNIC:
sealingnock.info was registered with CoreNIC with fraudulent whois information, using the name of the same innocent party. It was reported to you Dec. 14, 2007 and Feb. 27, 2008. A SIRT report like this one was completed Nov. 18, 2007 and sent to you. The domain is still active and the whois still is displaying the same registrant information, in violation of this person's privacy. Please suspend this domain and remove his personal information from the whois.
@Xin Net
Nameserver ns2.polacrepox.com, which previously served aplicanroked.net and sealingnock.info, has been successfully shut down by being blackholed to 0.0.0.0. Thank you!
@apol.com.tw
The server at 210.201.138.28 has been compromised since at least September, 2007. See the previous SIRT reports in which this server was found to be serving as a hijacked host:
/My_Canadian_Pharmacy_spam18893.html
/My_Canadian_Pharmacy_spam27138.html
/My_Canadian_Pharmacy_spam1341.html
/My_Canadian_Pharmacy_spam1365.html
/My_Canadian_Pharmacy_spam1534.html
/My_Canadian_Pharmacy_spam1546.html
/My_Canadian_Pharmacy_spam1606.html
/My_Canadian_Pharmacy_spam121400.html
| Quote: | | http://andtherybug.net |
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
