WhoIs Lbduk.com aka macydress.com

scamFRAUDalert see it appropriate to issue this ALERT as this another of the many fraudulent sites we’ve seenscamALERT on Shopify platform.

Address lookup
canonical name: bduk.com
aliases
addresses : 23.227.38.32
Domain Whois record

screencapture-lbduk-1509824349920screencapture-google-search-1509824528156

Queried whois.internic.net with “dom lbduk.com”…

Domain Name: LBDUK.COM
Registry Domain ID: 2102910451_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2017-03-07T06:02:44Z
Creation Date: 2017-03-07T05:30:17Z
Registry Expiry Date: 2018-03-07T05:30:17Z

Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Name Server: NS-1032.AWSDNS-01.ORG
Name Server: NS-1962.AWSDNS-53.CO.UK
Name Server: NS-69.AWSDNS-08.COM
Name Server: NS-938.AWSDNS-53.NET
DNSSEC: unsigned

Last update of whois database: 2017-11-04T19:39:36Z
Queried whois.namecheap.com with “lbduk.com”…

Domain name: lbduk.com
Registry Domain ID: 2102910451_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2017-03-07T06:02:44.00Z
Creation Date: 2017-03-07T05:30:17.00Z

Registrar Registration Expiration Date: 2018-03-07T05:30:17.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited

Registry Registrant ID:
Registrant Name: le guo
Registrant Organization:
Registrant Street: #701 east fuxing road
Registrant City: shanghai
Registrant State/Province: shanghai
Registrant Postal Code: 200010
Registrant Country: CN
Registrant Phone: +86.15000661521
Registrant Fax: +1.5555555555
Registrant Email: guolesky@hotmail.com

Registry Admin ID:
Admin Name: le guo
Admin Organization:
Admin Street: #701 east fuxing road
Admin City: shanghai
Admin State/Province: shanghai
Admin Postal Code: 200010
Admin Country: CN
Admin Phone: +86.15000661521
Admin Fax: +1.5555555555
Admin Email: guolesky@hotmail.com

Registry Tech ID:
Tech Name: le guo
Tech Organization:
Tech Street: #701 east fuxing road
Tech City: shanghai
Tech State/Province: shanghai
Tech Postal Code: 200010
Tech Country: CN
Tech Phone: +86.15000661521
Tech Fax: +1.5555555555
Tech Email: guolesky@hotmail.com

Name Server: ns-69.awsdns-08.com
Name Server: ns-938.awsdns-53.net
Name Server: ns-1032.awsdns-01.org
Name Server: ns-1962.awsdns-53.co.uk
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Last update of WHOIS database: 2017-11-04T02:39:47.06Z <<<
Network Whois record

Queried whois.arin.net with "n 23.227.38.32"…

NetRange: 23.227.32.0 – 23.227.63.255
CIDR: 23.227.32.0/19
NetName: SHOPIFY-NET
NetHandle: NET-23-227-32-0-1
Parent: NET23 (NET-23-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS62679
Organization: Shopify, Inc. (SHOPI-1)
RegDate: 2013-09-19
Updated: 2013-09-19
Ref: https://whois.arin.net/rest/net/NET-23-227-32-0-1

OrgName: Shopify, Inc.
OrgId: SHOPI-1
Address: 150 Elgin Street, 8th Floor
City: Ottawa
StateProv: ON
PostalCode: K2P 1L4
Country: CA
RegDate: 2013-07-09
Updated: 2014-10-31
Ref: https://whois.arin.net/rest/org/SHOPI-1

OrgNOCHandle: SHOPI-ARIN
OrgNOCName: Shopify Operations
OrgNOCPhone: +1-888-746-7439
OrgNOCEmail: ops+arin@shopify.com
OrgNOCRef: https://whois.arin.net/rest/poc/SHOPI-ARIN

OrgAbuseHandle: SAS66-ARIN
OrgAbuseName: Shopify Abuse Support
OrgAbusePhone: +1-888-746-7439
OrgAbuseEmail: abuse@shopify.com
OrgAbuseRef: https://whois.arin.net/rest/poc/SAS66-ARIN

OrgTechHandle: SHOPI-ARIN
OrgTechName: Shopify Operations
OrgTechPhone: +1-888-746-7439
OrgTechEmail: ops+arin@shopify.com
OrgTechRef: https://whois.arin.net/rest/poc/SHOPI-ARIN

Advertisements

WhoIs med-portal.biz

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies 

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

Address lookup
canonical name med-portal.biz

aliases
addresses: 75.102.22.112
Domain Whois record

Queried whois.biz with “med-portal.biz”…

Domain Name: MED-PORTAL.BIZ
Domain ID: D57307925-BIZ

Sponsoring Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Registrar URL (registration services): http://www.publicdomainregistry.com
Domain Status: clientTransferProhibited
Registrant ID: DI_5090362
Registrant Name: Artem Burkov
Registrant Organization: n/a
Registrant Address1: privacy
Registrant City: Lipetsk
Registrant State/Province: Lipeckaya oblast
Registrant Postal Code: 398036
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +000.00000000
Registrant Email: amigoemail@gmail.com
________________________________

75.102.22.112 resolves to carmelia.marispheneshosting.net.

The following A records are set to 75.102.22.112:

  1. bio-host.biz
  2. godhe.com
  3. lotowm.info
  4. med-portal.biz
  5. ns1.bio-host.biz
  6. zell-in.com
  7. SunDrugstore.com
  8. norxmed.com
  9. 247rxshop.net
  10. ezonlinemd.com
  11. rxmdpharm.com
  12. therxopioid.net
  13. OrderTabs.com
  14. US2USPharmacy.com
  15. RX-Store.com
  16. RX-Depot.com
  17. usarxpharmacy.com

med-portal

healthcarerxusa.com

The Purpose of this post is to ALERT you that the job you are about to apply for orscamalert may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of an individual or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK  or OFFSHORE BANK ACCOUNT.

 Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained 
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

healthcareus

blog.thecrossbowstore.com

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies 

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

blog-thecrossbowstore

Address lookup
canonical name http://www.thecrossbowstore.com

aliases
addresses 209.216.123.96
Domain Whois record

Queried whois.internic.net with “dom thecrossbowstore.com

Domain Name: THECROSSBOWSTORE.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 28-may-2012
Creation Date: 23-oct-2008
Expiration Date: 23-oct-2016

>>> Last update of whois database: Sat, 26 Oct 2013 22:30:22 UTC <<<

WhoIs medsafestock.com

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies 

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

Medicine Safe StockThe following A records are set to 85.95.236.229:

  1. 1und1apotheke.com
  2. 24h-apotheke.com
  3. alledtablets.com
  4. allsecurepills.com
  5. alltabmall.com
  6. am24pm.com
  7. anzpharma.com
  8. bestcureshop.com
  9. bestgenericdrug.com
  10. bestpillonline.com
  11. besttabs4you.com
  12. besttabsonline.com
  13. buy-viagraonline.com
  14. cap-pharmacy.net
  15. cialis-daily.com
  16. clinitone.com
  17. drugscart.com
  18. farmaciaonlinestore.com
  19. greatonlinepharmacy.com
  20. helpillstore.com
  21. herbalpelletshop.com
  22. herbalsforu.com
  23. informationdrug.com
  24. irpil.com
  25. liebepillen.com
  26. myrx-pharmacy.com
  27. noprescriptionpharmacyonline.com
  28. omnicurestore.com
  29. onlineedpills.com
  30. onlinemedsmd.com
  31. original-pills.com
  32. overnightforusa.com
  33. pastiglieperamore.com
  34. pharmacy-uk.com
  35. pharmshophere.com
  36. pillathand.com
  37. pills-for-life.com
  38. pillsedonline.com
  39. pillseveryone.com
  40. pillswebstock.com
  41. purchasetablets.com
  42. requestpills.com
  43. rightchoicepills.com
  44. safecanadiandrugs.net
  45. safeyourself.com
  46. shopillicious.com
  47. toppillsstock.com
  48. toppillstoday.com
  49. toppillsvendor.com
  50. trustpillshop.com
  51. viagra4cheap.com
  52. webpharmplace.com
  53. www-viagra.com
  54. wwwpharmacycom.com

Address lookup
canonical name medsafestock.com

aliases
addresses 193.105.154.220
85.95.236.229
Domain Whois record

Queried whois.internic.net with “dom medsafestock.com”…

Domain Name: MEDSAFESTOCK.COM
Registrar: CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Name Server: NS1.NS4FREEHOST.COM
Name Server: NS2.NS4FREEHOST.COM
Name Server: NS3.SECNSSERVER.COM
Status: clientTransferProhibited
Updated Date: 20-may-2013
Creation Date: 11-jul-2012
Expiration Date: 11-jul-2014

>>> Last update of whois database: Tue, 08 Oct 2013 07:07:12 UTC <<<

Whois original-pharmacy.com/

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies 

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

http://original-pharmacy.com/
http://healthy-happy.net/unapp/index-69.htm

Address lookup
canonical name original-pharmacy.com

aliases
addresses 64.191.85.108
Domain Whois record

Queried whois.internic.net with “dom original-pharmacy.com

Domain Name: ORIGINAL-PHARMACY.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS1.ORIGINAL-PHARMACY.COM
Name Server: NS2.ORIGINAL-PHARMACY.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 03-may-2013
Creation Date: 03-may-2013
Expiration Date: 03-may-2014

Last update of whois database: Sat, 05 Oct 2013 16:18:05 UTC
Queried whois.bizcn.com with “original-pharmacy.com

Domain name: original-pharmacy.com
Registrant Contact:
none
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

Administrative Contact:
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

Technical Contact:
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

Billing Contact:
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

DNS:
ns1.original-pharmacy.com
ns2.original-pharmacy.com

Created: 2013-05-03
Expires: 2014-05-03

Network Whois record

Queried rwhois.hostnoc.net with “64.191.85.108”…

%rwhois V-1.5:003fff:00 rwhois.hostnoc.net (by Network Solutions, Inc. V-1.5.9.5)
%error 230 No Objects Found

Queried whois.arin.net with “n 64.191.85.108″…

NetRange: 64.191.0.0 – 64.191.127.255
CIDR: 64.191.0.0/17
OriginAS:
NetName: HOSTNOC-3BLK
NetHandle: NET-64-191-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-05-31
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-64-191-0-0-1

OrgName: Network Operations Center Inc.
OrgId: NOC
Address: PO Box 591
City: Scranton
StateProv: PA
PostalCode: 18501-0591
Country: US
RegDate: 2001-04-04
Updated: 2011-09-24
Comment: Abuse Dept: abuse@hostnoc.net
Ref: http://whois.arin.net/rest/org/NOC

ReferralServer: rwhois://rwhois.hostnoc.net:4321

OrgTechHandle: SMA4-ARIN
OrgTechName: Arcus, S. Matthew
OrgTechPhone: +1-570-343-2200
OrgTechEmail: nic@hostnoc.net
OrgTechRef: http://whois.arin.net/rest/poc/SMA4-ARIN

OrgAbuseHandle: SMA4-ARIN
OrgAbuseName: Arcus, S. Matthew
OrgAbusePhone: +1-570-343-2200
OrgAbuseEmail: nic@hostnoc.net
OrgAbuseRef: http://whois.arin.net/rest/poc/SMA4-ARIN

RTechHandle: SMA4-ARIN
RTechName: Arcus, S. Matthew
RTechPhone: +1-570-343-2200
RTechEmail: nic@hostnoc.net
RTechRef: http://whois.arin.net/rest/poc/SMA4-ARIN

DNS records
name class type data time to live
original-pharmacy.com IN A 64.191.85.108 900s (00:15:00)
original-pharmacy.com IN SOA
server: ns1.original-pharmacy.com
email: admin@mail.original-pharmacy.com
serial: 2011081710
refresh: 86400
retry: 7200
expire: 2592000
minimum ttl: 345600
900s (00:15:00)
original-pharmacy.com IN NS ns2.original-pharmacy.com 900s (00:15:00)
original-pharmacy.com IN NS ns1.original-pharmacy.com 900s (00:15:00)
108.85.191.64.in-addr.arpa IN PTR 64-191-85-108.static.hostnoc.net 86400s (1.00:00:00)
85.191.64.in-addr.arpa IN SOA
server: dns.burst.net
email: root@dns.burst.net
serial: 2013092027
refresh: 28800
retry: 7200
expire: 3600000
minimum ttl: 86400
86400s (1.00:00:00)
85.191.64.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2013-10-15 12:03:24Z
signature inception: 2013-10-05 12:03:24Z
key tag: 21392
signer’s name: 64.in-addr.arpa
signature:
(1024 bits)

4027B30E8592EAF86697D3BE266C0B20
D05986ABA2CEC0E4F019FF6080A65F68
968DDFFD9AF8A3F86311B2AC054B0F96
4FB2236F006BE79EF2D4D6F8B03A971A
17B1218D7017D4F0E66D9DD2CC7BDD00
C2F4C58A0EF6D247970F7230165BD5E2
783D99CCBF12F750DEC7053B13FC220B
D7B24E3638F90FBB296B4FED9CEDF099

10800s (03:00:00)
85.191.64.in-addr.arpa IN NSEC
next domain name: 86.191.64.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
85.191.64.in-addr.arpa IN NS ns1.hostnoc.net 86400s (1.00:00:00)
85.191.64.in-addr.arpa IN NS dns.burst.net 86400s (1.00:00:00)
85.191.64.in-addr.arpa IN NS ns2.hostnoc.net 86400s (1.00:00:00)
85.191.64.in-addr.arpa IN NS dns1.burst.net 86400s (1.00:00:00)

— end —

Insight Way Solutions Inc

The Purpose of this post is to ALERT you that the job you are about to apply for orscamalert may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of an individual or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK  or OFFSHORE BANK ACCOUNT.

 Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained 
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Address: Office Suites
106 Apple Blossom Drive Camden
Wyoming DE 19934-1900 USA
Fax: 1-585-410-6033
Tel: 1-302-538-9601

Address lookup canonical name insight-way-solution.org

aliases
addresses 190.120.238.153
Domain Whois record

Queried whois.publicinterestregistry.net with “insight-way-solution.org”…

Domain ID:D169783292-LROR
Domain Name:INSIGHT-WAY-SOLUTION.ORG
Created On:25-Sep-2013 15:26:33 UTC

Expiration Date:25-Sep-2014 15:26:33 UTC
Sponsoring Registrar:Paknic (Private) Limited (R1605-LROR)

Status:TRANSFER PROHIBITED
Status:ADDPERIOD

Registrant ID:PAK13092543448-1
Registrant Name:Patricia Lavergne
Registrant Organization:Patricia Lavergne
Registrant Street1:606 Post Street
Registrant City:San Francisco
Registrant State/Province:CA
Registrant Postal Code:94109
Registrant Country:US
Registrant Phone:+1.415931710
Registrant FAX:+1.415931710
Registrant Email:macy@insight-way-solution.org

Admin ID:PAK13092543448-2
Admin Name:Patricia Lavergne
Admin Organization:Patricia Lavergne
Admin Street1:606 Post Street
Admin City:San Francisco
Admin State/Province:CA
Admin Postal Code:94109
Admin Country:US
Admin Phone:+1.415931710
Admin Phone Ext.:
Admin FAX:+1.415931710
Admin Email:macy@insight-way-solution.org

Tech ID:PAK13092543448-3
Tech Name:Patricia Lavergne
Tech Organization:Patricia Lavergne
Tech Street1:606 Post Street
Tech City:San Francisco
Tech State/Province:CA
Tech Postal Code:94109
Tech Country:US
Tech Phone:+1.415-931-710
Tech FAX:+1.415-931710
Tech Email:macy@insight-way-solution.org

Name Server:NS1.MAYLONS.CC
Name Server:NS2.REGREG.CC
Name Server:NS3.STENS.SU

DNSSEC:Unsigned
Network Whois record
Queried whois.lacnic.net with “190.120.238.153”…

inetnum: 190.120.232/21
status: reallocated
owner: Infolink Panama Corp.
ownerid: PA-IPCO3-LACNIC
responsible: Miguel Abood
address: APDO 0832-2745, –, Suite 152, World Trade C
address: 0832-2745 – Panama – PA
country: PA
phone: +507 3176046 []
owner-c: MIA17
tech-c: MIA17
abuse-c: MIA17
created: 20120321
changed: 20120321
inetnum-up: 190.120.224/20

nic-hdl: MIA17
person: Miguel Abood
e-mail: noc@INFOLINKCO.COM
address: PCRC Switching Station, Corozal Oeste, 1, 0
address: 00000 – Panama – PA
country: PA
phone: +507 3176046 []
created: 20120221
changed: 20130830

whois.lacnic.net accepts only direct match queries.
Types of queries are: POCs, ownerid, CIDR blocks, IP
and AS numbers.

DNS records

DNS query for 153.238.120.190.in-addr.arpa returned an error from the server: NameError
name class type data time to live
insight-way-solution.org IN SOA
server: ns1.insight-way-solution.org
email: hostmaster@insight-way-solution.org
serial: 103
refresh: 300
retry: 120
expire: 86400
minimum ttl: 60
120s (00:02:00)
insight-way-solution.org IN TXT v=spf1 a mx ip4:55.11.65.20/2 ip4:90.2.123.112/2 ip4:176.33.87.19/2 ip4:212.63.89.33/2 ?all 120s (00:02:00)
insight-way-solution.org IN NS ns3.stens.su 120s (00:02:00)
insight-way-solution.org IN MX
preference: 10
exchange: mx.insight-way-solution.org
120s (00:02:00)
insight-way-solution.org IN A 190.120.238.153 120s (00:02:00)
insight-way-solution.org IN NS ns1.maylons.cc 120s (00:02:00)
insight-way-solution.org IN NS ns2.regreg.cc 120s (00:02:00)

— end —