Header Analysis
The following IP addresses were extracted from your headers:
| IP Address | Probable Country | Additional Info | |||
| 68.142.207.169 | United States (Sunnyvale)* | Whois | DNSStuff | Urgentmessage.org | |
| 67.195.14.109 | United States (Sunnyvale)* | Whois | DNSStuff | Urgentmessage.org | |
| 207.115.20.132 | United States (Richardson)* | Whois | DNSStuff | Urgentmessage.org | |
| 75.213.113.93 | United States (Los Angeles)* | Whois | DNSStuff | Urgentmessage.org | |
| * The last IP listed is usually the originating IP address | |||||
Here is the text you submitted, with the IP addresses highlighted:
From Robert Sexton Wed Sep 2 09:16:46 2009
X-Apparently-Wed, 02 Sep 2009 09:17:11 -0700
Return-Path:
X-YahooFilteredBulk: 67.195.14.109
X-YMailISG: TBYRKD8WLDtrypfO6NxNXGP0yDAzrz3CdYN4uNyB8zdkhJygyME2AhOzjHKhRrUpZq._NUInKsP.EyiIliCb157CnYhB0BqaezKzuUp53Qiu9w1Ljzy0zv3rJhK5JqUEngfcMKEaQiOlPYusfPPFQNkIjgjQV1yX3poFuPqlw1ZVyf0YPmnOOoAmpd5Ks8lY0n3Erej6ctnbMy1U8NtEpWaiL7oIBA5W5Q8XzWGYudFTGG5Ees2iLR9HSjvwZTwsimeHnMAI8y0e9q.BpsyFwVw0OvYAXKdqkNTqaKXEdLp8WNBeamfQbhhP2gak5mTnjKNACj0Skf1P4L9iyBIPRjskRx4Mnd78YLfNHkQL_tjdrZd4juoFvgSGlm5d9EDxq_CR3dnJlN8Q7uqANIL0zO8SZ2SC5klu.HC983GsCBDV
X-Originating-IP: [67.195.14.109]
Authentication-Results: mta124.sbc.mail.re3.yahoo.com from=ng-systems.net; domainkeys=neutral (no sig); from=ng-systems.net; dkim=neutral (no sig)
Received: from 207.115.20.132 (EHLO flpd122.prodigy.net) (207.115.20.132)
by mta124.sbc.mail.re3.yahoo.com with SMTP; Wed, 02 Sep 2009 09:17:11 -0700
X-Originating-IP: [67.195.14.109]
Received: from smtp106.sbc.mail.gq1.yahoo.com (smtp106.sbc.mail.gq1.yahoo.com [67.195.14.109])
by flpd122.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n82GHA2X021427
for ; Wed, 2 Sep 2009 09:17:10 -0700
Message-Id: <200909021617.n82GHA2X021427@flpd122.prodigy.net>
Received: (qmail 53401 invoked from network); 2 Sep 2009 16:17:10 -0000
Received: from unknown (HELO 13.sub-70-213-117.myvzw.com) (bob@75.213.113.93 with login)
by smtp106.sbc.mail.gq1.yahoo.com with SMTP; 2 Sep 2009 16:17:09 -0000
X-Yahoo-SMTP: 9I.gPjKswBDDpZ74lhf2pkNv37iwyZQ3CbOW
X-YMail-OSG: oUhrznUVM1m0i7c_kQUv33Cnb7rJoF.P1fFuiaoKzRi8KB0dRejSrtUR4IWuStPzGEB3UdtW6IkkTv4A9iT_8EMnu54dGGZlg38LsYrtSE7mFs.culAKmpimV3LbxXx.QLjcbmTEeZSqqqAz7DeIb9PTuMvIVAetjNSBXaQDPxqbrX4Vduu_t1LnL_tVwCoLase2jJzB53Jc7vU-
X-Yahoo-Newman-Property: ymail-3
From: “Robert Sexton” <bob@ng-systems.net>
To:
Subject: Online pharmacies (9/2/2009)
Date: Wed, 2 Sep 2009 09:16:46 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset=”utf-8″
Content-Transfer-Encoding: 8bit
Content-Length: 783
Hello,
I represent a company called SPN Solutions, a company that does what’s known as advanced search engine placement. We reach a Network of over 35 million people who are predominantly US based. Our Network is entirely opt-in, and the users on our Network allow us to present them with a preferred choice whenever they are looking for anything on the top sixteen search engines. (GOOGLE, YAHOO, MSN and thirteen others.)
I seek one source to send the users on our Network, from the major search engines, for online pharmacies in various Canadian markets.
Please contact me at your earliest convenience. I am in the office daily from 9:00 AM to 5:00 PM Pacific time.
Best regards,
Robert Sexton
Dir/Business Development, SPN Solutions
Phone: 800.481.2979, ext 2001
Address lookup
| canonical name | myvzw.com. |
| aliases | |
| addresses | 207.68.174.238 |
Domain Whois record
Queried whois.internic.net with “dom myvzw.com“…
Domain Name: MYVZW.COM Registrar: MARKMONITOR INC. Whois Server: whois.markmonitor.com Referral URL: http://www.markmonitor.com Name Server: CARKDNS.VZWDOMAIN.COM Name Server: NJBRDNS.VZWDOMAIN.COM Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 21-jan-2009 Creation Date: 31-may-2000 Expiration Date: 31-may-2012 >>> Last update of whois database: Thu, 03 Sep 2009 02:55:26 UTC <<<
Queried whois.markmonitor.com with “myvzw.com“…
Registrant:
Verizon Trademark Services LLC
Verizon Trademark Services LLC
1320 North Court House Road
Arlington VA 22201
US
domainlegalcontact@verizon.com +1.7033513164 Fax: +1.7033513669
Domain Name: myvzw.com
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com
Administrative Contact:
Domain Administrator
Verizon Trademark Services LLC
1320 North Court House Road
Arlington VA 22201
US
domainlegalcontact@verizon.com +1.7033513164 Fax: +1.7033513669
Technical Contact, Zone Contact:
Domain Technician
Verizon
1320 North Court House Road
Arlington VA 22201
US
sysmgr@verizon.com +1.7033513164 Fax: +1.7033513669
Created on..............: 2000-05-31.
Expires on..............: 2012-05-31.
Record last updated on..: 2009-05-30.
Domain servers in listed order:
njbrdns.vzwdomain.com
carkdns.vzwdomain.com
MarkMonitor is the Global Leader in Enterprise Brand Protection.
Domain Management
MarkMonitor Brand Protection™
AntiFraud Solutions
Corporate Consulting Services
Visit MarkMonitor at www.markmonitor.com
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300
Network Whois record
Queried whois.arin.net with “207.68.174.238“…
OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 207.68.128.0 - 207.68.207.255 CIDR: 207.68.128.0/18, 207.68.192.0/20 NetName: MICROSOFT-CORP-MSN-BLK NetHandle: NET-207-68-128-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Allocation NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate: 1996-03-26 Updated: 2005-06-29 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: noc@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@hotmail.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: noc@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: iprrms@microsoft.com # ARIN WHOIS database, last updated 2009-09-02 20:00
DNS records
DNS query for 238.174.68.207.in-addr.arpa returned an error from the server: NameError
| name | class | type | data | time to live | |||||||||||||||
| myvzw.com | IN | SOA |
|
7200s | (02:00:00) | ||||||||||||||
| myvzw.com | IN | NS | njbrdns.vzwdomain.com | 7200s | (02:00:00) | ||||||||||||||
| myvzw.com | IN | NS | carkdns.vzwdomain.com | 7200s | (02:00:00) | ||||||||||||||
| myvzw.com | IN | A | 207.68.174.238 | 7200s | (02:00:00) | ||||||||||||||
— end —
scamFRAUDalert™ Report 
Obviously this Robert Scott scam aligns itself with something we do…I sell diabetic products and they reference that in the email…same name, number and something to do with search engines…
I have received something from this address, though he is now calling himself Robert Scott. Phone number is same, extension number though is 2010. But me,I get something about latex fetish products, not pharmacy!
Have written stories in the past including latex clothing, but thats my only connection to it.
Thanks
Steph Major