Canadian Pharmacy Spam – ng-systems.net

Header Analysis

The following IP addresses were extracted from your headers:

IP Address Probable Country Additional Info
68.142.207.169 United States (Sunnyvale)* Whois Google DNSStuff Urgentmessage.org
67.195.14.109 United States (Sunnyvale)* Whois Google DNSStuff Urgentmessage.org
207.115.20.132 United States (Richardson)* Whois Google DNSStuff Urgentmessage.org
75.213.113.93 United States (Los Angeles)* Whois Google DNSStuff Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:
From Robert Sexton Wed Sep 2 09:16:46 2009
X-Apparently-Wed, 02 Sep 2009 09:17:11 -0700
Return-Path:
X-YahooFilteredBulk: 67.195.14.109
X-YMailISG: TBYRKD8WLDtrypfO6NxNXGP0yDAzrz3CdYN4uNyB8zdkhJygyME2AhOzjHKhRrUpZq._NUInKsP.EyiIliCb157CnYhB0BqaezKzuUp53Qiu9w1Ljzy0zv3rJhK5JqUEngfcMKEaQiOlPYusfPPFQNkIjgjQV1yX3poFuPqlw1ZVyf0YPmnOOoAmpd5Ks8lY0n3Erej6ctnbMy1U8NtEpWaiL7oIBA5W5Q8XzWGYudFTGG5Ees2iLR9HSjvwZTwsimeHnMAI8y0e9q.BpsyFwVw0OvYAXKdqkNTqaKXEdLp8WNBeamfQbhhP2gak5mTnjKNACj0Skf1P4L9iyBIPRjskRx4Mnd78YLfNHkQL_tjdrZd4juoFvgSGlm5d9EDxq_CR3dnJlN8Q7uqANIL0zO8SZ2SC5klu.HC983GsCBDV
X-Originating-IP: [67.195.14.109]
Authentication-Results: mta124.sbc.mail.re3.yahoo.com from=ng-systems.net; domainkeys=neutral (no sig); from=ng-systems.net; dkim=neutral (no sig)
Received: from 207.115.20.132 (EHLO flpd122.prodigy.net) (207.115.20.132)
by mta124.sbc.mail.re3.yahoo.com with SMTP; Wed, 02 Sep 2009 09:17:11 -0700
X-Originating-IP: [67.195.14.109]
Received: from smtp106.sbc.mail.gq1.yahoo.com (smtp106.sbc.mail.gq1.yahoo.com [67.195.14.109])
by flpd122.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with SMTP id n82GHA2X021427
for ; Wed, 2 Sep 2009 09:17:10 -0700
Message-Id: <200909021617.n82GHA2X021427@flpd122.prodigy.net>
Received: (qmail 53401 invoked from network); 2 Sep 2009 16:17:10 -0000
Received: from unknown (HELO 13.sub-70-213-117.myvzw.com) (bob@75.213.113.93 with login)
by smtp106.sbc.mail.gq1.yahoo.com with SMTP; 2 Sep 2009 16:17:09 -0000
X-Yahoo-SMTP: 9I.gPjKswBDDpZ74lhf2pkNv37iwyZQ3CbOW
X-YMail-OSG: oUhrznUVM1m0i7c_kQUv33Cnb7rJoF.P1fFuiaoKzRi8KB0dRejSrtUR4IWuStPzGEB3UdtW6IkkTv4A9iT_8EMnu54dGGZlg38LsYrtSE7mFs.culAKmpimV3LbxXx.QLjcbmTEeZSqqqAz7DeIb9PTuMvIVAetjNSBXaQDPxqbrX4Vduu_t1LnL_tVwCoLase2jJzB53Jc7vU-
X-Yahoo-Newman-Property: ymail-3
From: “Robert Sexton” <bob@ng-systems.net>
To:
Subject: Online pharmacies (9/2/2009)
Date: Wed, 2 Sep 2009 09:16:46 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset=”utf-8″
Content-Transfer-Encoding: 8bit
Content-Length: 783

Hello,

I represent a company called SPN Solutions, a company that does what’s known as advanced search engine placement. We reach a Network of over 35 million people who are predominantly US based. Our Network is entirely opt-in, and the users on our Network allow us to present them with a preferred choice whenever they are looking for anything on the top sixteen search engines. (GOOGLE, YAHOO, MSN and thirteen others.)

I seek one source to send the users on our Network, from the major search engines, for online pharmacies in various Canadian markets.

Please contact me at your earliest convenience. I am in the office daily from 9:00 AM to 5:00 PM Pacific time.

Best regards,

Robert Sexton
Dir/Business Development, SPN Solutions
Phone: 800.481.2979, ext 2001

Address lookup

canonical name myvzw.com.
aliases
addresses 207.68.174.238

Domain Whois record

Queried whois.internic.net with “dom myvzw.com“…

   Domain Name: MYVZW.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: CARKDNS.VZWDOMAIN.COM
   Name Server: NJBRDNS.VZWDOMAIN.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 21-jan-2009
   Creation Date: 31-may-2000
   Expiration Date: 31-may-2012

>>> Last update of whois database: Thu, 03 Sep 2009 02:55:26 UTC <<<

Queried whois.markmonitor.com with “myvzw.com“…

Registrant:
        Verizon Trademark Services LLC
        Verizon Trademark Services LLC
        1320 North Court House Road
         Arlington VA 22201
        US
        domainlegalcontact@verizon.com +1.7033513164 Fax: +1.7033513669

    Domain Name: myvzw.com

        Registrar Name: Markmonitor.com
        Registrar Whois: whois.markmonitor.com
        Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:
        Domain Administrator
        Verizon Trademark Services LLC
        1320 North Court House Road
         Arlington VA 22201
        US
        domainlegalcontact@verizon.com +1.7033513164 Fax: +1.7033513669
    Technical Contact, Zone Contact:
        Domain Technician
        Verizon
        1320 North Court House Road
         Arlington VA 22201
        US
        sysmgr@verizon.com +1.7033513164 Fax: +1.7033513669

    Created on..............: 2000-05-31.
    Expires on..............: 2012-05-31.
    Record last updated on..: 2009-05-30.

    Domain servers in listed order:

    njbrdns.vzwdomain.com
    carkdns.vzwdomain.com

MarkMonitor is the Global Leader in Enterprise Brand Protection.

Domain Management
MarkMonitor Brand Protection™
AntiFraud Solutions
Corporate Consulting Services

Visit MarkMonitor at www.markmonitor.com
Contact us at 1 800 745 9229
In Europe, at +44 (0) 20 7840 1300

Network Whois record

Queried whois.arin.net with “207.68.174.238“…

OrgName:    Microsoft Corp 
OrgID:      MSFT
Address:    One Microsoft Way
City:       Redmond
StateProv:  WA
PostalCode: 98052
Country:    US

NetRange:   207.68.128.0 - 207.68.207.255 
CIDR:       207.68.128.0/18, 207.68.192.0/20 
NetName:    MICROSOFT-CORP-MSN-BLK
NetHandle:  NET-207-68-128-0-1
Parent:     NET-207-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:    
RegDate:    1996-03-26
Updated:    2005-06-29

RTechHandle: ZM39-ARIN
RTechName:   Microsoft 
RTechPhone:  +1-425-882-8080
RTechEmail:  noc@microsoft.com 

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName:   Abuse 
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@hotmail.com

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName:   Hotmail Abuse 
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@hotmail.com

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName:   MSN ABUSE 
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@msn.com

OrgNOCHandle: ZM23-ARIN
OrgNOCName:   Microsoft Corporation 
OrgNOCPhone:  +1-425-882-8080
OrgNOCEmail:  noc@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC 
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  iprrms@microsoft.com

# ARIN WHOIS database, last updated 2009-09-02 20:00

DNS records

DNS query for 238.174.68.207.in-addr.arpa returned an error from the server: NameError

name class type data time to live
myvzw.com IN SOA
server: njbrnsmgr.vzwdomain.com
email: cdsdns.verizonwireless.com
serial: 2009073100
refresh: 43200
retry: 7200
expire: 1209600
minimum ttl: 10800
7200s (02:00:00)
myvzw.com IN NS njbrdns.vzwdomain.com 7200s (02:00:00)
myvzw.com IN NS carkdns.vzwdomain.com 7200s (02:00:00)
myvzw.com IN A 207.68.174.238 7200s (02:00:00)

— end —


2 thoughts on “Canadian Pharmacy Spam – ng-systems.net

  1. Ken Hillman says:

    Obviously this Robert Scott scam aligns itself with something we do…I sell diabetic products and they reference that in the email…same name, number and something to do with search engines…

  2. Steph Major says:

    I have received something from this address, though he is now calling himself Robert Scott. Phone number is same, extension number though is 2010. But me,I get something about latex fetish products, not pharmacy!
    Have written stories in the past including latex clothing, but thats my only connection to it.

    Thanks
    Steph Major

Leave A Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.