Part of the headers contain:
Received: from @direcmail.net [203.81.133.59] by rabelle.nt.aitcom.net
(SMTPD32-8.05) id AED92EF0088; Wed, 29 Jun 2005 01:17:13 -0400
Received: from 209.251.96.2
(SquirrelMail authenticated user info@clonedhosting.com);
by direcmail.net with HTTP id J85Gz000004902;
Wed, 29 Jun 2005 05:16:13 +0000
THERE IS NO SQUIRRELMAIL for info@clonedhosting.com --- it WAS Powermail. This is fake header info. The spam has absolutely nothing to do with me.
The Spam is spamvertising this SpamArrest Affiliate:
http://spamarrest.com/affl?3286305/affiliates/index.jsp
So the Affiliate ID is 3286305
I've removed the DNS servers for clonedhosting.com for now so that the bounces bounce. If you know who the jerk is who is sending out this spam. Let me know.
richard at lau.com
A spammer is using my personal email address (obviously) without my consent.
The spam sells product of Ezypills.com/Fidelity-Net.com. Please contact Bob at 1-800-313-9326 or support@fidelity-bill.com and submit your complaint there.
It is quite possible that Bob is the spammer, though that has not (yet) been proven.
The Spammer is advertising the domain: allyourmeds.net with a fake affiliate ID. (allyourmeds does not have an affiliate program)
The Spammer created all of the following domains on the same day (Aug 14, 2004) and all have Fake Whois Info and Joker.com as the Registrar and all are hosted on the same dns servers
(ns5.autonameservers.com and ns6.realdnssystem.com):
allyourmeds.net
123cheaprx.com
24-7-rxmeds.com
A-z-meds.com
Allyourmeds.net
Basicrxmeds.com
More4lessrx.com
Morecheaprx.com
Rx-meds-sale.com
Rx-meds-sale.net
Time4cheaprx.com
All are hosted on a webserver in China: 220.175.8.110
hostmaster@ns.chinanet.cn.net
anti-spam@ns.chinanet.cn.net
yzxu@publicf.bta.net.cn
hostmaster@apnic.net
When placing an order at allyourmeds.net you are taken to an EzyPills.com (Amory Building, Victoria Road,Basseterre, St. Kitts W.I.) page:
http://64.38.192.138/gateway/cart/cart.php
which is hosted by AdRev.com (a division of Fidelity Enterprises Inc. Suite # 3623, Armory Building, Victoria Road Basseterre, St. Kitts W.I. Ph/Fax: 1-206-984-0591)
Contact webpage for AdRev/Fidelity:
http://support.adrev.com/contactus.htm
This IP 64.38.192.138 is on cwie/cavecreek:
hostmaster@cwie.net,postmaster@cavecreek.com,abuse@level3.com,hostmaster@cavecreek.net,ianm@cwie.net,abuse@cavecreek.com,spamtool@level3.net,DNSADMIN@CWIE.NET,abuse@level3.net,postmaster@cavecreek.net,postmaster@cwie.net,webmaster@cwie.net,webmaster@cavecreek.com,webmaster@cavecreek.net,support@cavecreek.com,support@cavecreek.net,support@CWIE.NET,help@level3.net,info@level3.net,help@level3.com,info@level3.com,help@cavecreek.net,info@cavecreek.net,help@cwie.net,info@cwie.net,help@cavecreek.com,info@cavecreek.com,abuse@cavecreek.net,hostmaster@cavecreek.com,hostmaster@level3.com, hostmaster@level3.net
Contact Info for EzyPills.com (created May 21, 2004 on Joker.com dns: ns1.adrev.com):
Bob Wilson bob@fidelity-net.com 3623, The Amory Building, Victoria Rd, Basseterre, Saint Kitts and Nevis
Contact Info for Fidelity-net.com (Created March 15, 2004 on DirectNic dns: ns1.Fidelity-net.com):
Fidelity Enterprises Inc, 3623 The Amory Building Victoria Road Brasseterre, KN (206) 339-2680 bob@emailpo.com and 1-869-466-6989 Support Number: 1-800-313-9326
support@fidelity-bill.com
Bob also hosts these sites at the same IP:
www.1st-retail.com
www.Chargequery.com
www.Credit-chg.com
www.Fidelity-bill.com
www.Fidelity-net.com
www.Hpw-inc.com
www.Idbill.com
www.Pay-10dollarmovies.com
www.Pay-1st-retail.com
www.Pay-america.com
www.Pay-chargequery.com
www.Pay-credit-chg.com
www.Pay-evermeds.com
www.Pay-hpw-inc.com
www.Pay-idbill.com
www.Pay-quad.com
www.Pay-secure-i.com
www.Pay-websky2.com
www.Secure-i.com
www.Websky2.com
Contact Info for EmailPO.com (Created Jun 27, 2001 on MelbourneIT):
Madison Corp, 19 - 300 Adelaide St, Brisbane, QLD, Australia, Bruce Parker bparker@ausequity.com Clayton Russell domainadmin@vector.net.au
From this thread, EzyPills.com seems to have many spam reports:
http://groups.google.ca/groups?q=ezypills&hl=en&lr=&ie=UTF-8&selm=200408241834.i7OIYCDB020834%40NanasPost&rnum=4
Fraudulent claim of security:
Interesting to see that EzyPills.com is fraudulently stating:
"All information you enter into this form will be sent to the server through 128-bit Secure HTTP connection (SSL)."
while in fact credit card information is submitted unencrypted and insecurely to
http://64.38.192.138/gateway/cart/cart.php
---
Fraudulent THAWTE SECURITY logo "guaranteeing" the security
of one's data submission
at http://64.38.192.138/gateway/cart/gfx/thawte.gif
abuse@thawte.com,legal@thawte.com,postmaster@thawte.com, security@thawte.com
AutoNameServers.com and RealDNSSystem.com:
Contact Info from Historical Whois at whois.sc:
AutoNameServers.com created April 14, 2004 on Gandi.net
Donald Watson ghoshos@netscape.net 1933 Bender Ave Werrington Downs, Australia, +62.3382738822
RealDNSSystem.com created May 5, 2004 on Gandi.net
Robert Paulson, 1922 Barbary In, Werrington Downs, Australia,+61.622485622258, ghoshos@netscape.net, support@gandhi.net
====================
--- Below this line is a copy of the message.
Return-Path:
----9780946587554528094
*** 1 DAY ONLY sale ***
Received: (qmail 22831 invoked by uid 1004); 29 Aug 2004 22:25:30 -0000
Received: from selfcare.mantraonline.com (HELO selfcare) ([202.56.230.4]) (envelope-sender
by pop.mantraonline.com (qmail-ldap-1.03) with
SMTP
for
Received: from 202.56.230.4 (unknown [220.74.81.148])
by selfcare (Postfix) with SMTP id D6D0D45907;
Sun, 29 Aug 2004 17:36:20 -0500 (GMT)
Received: from 111.16.208.188 by 220.74.81.148; Sun, 29 Aug
2004 05:54:38 -0700
Message-ID:
From: "sting2001_aaron@yahoo.com"
Reply-To: "sting2001_aaron@yahoo.com"
To: mohyal@mantraonline.com, motorola@mantraonline.com,
nandini_ent@mantraonline.com, nct@mantraonline.com,
nupursw@mantraonline.com, paramjit_ghai@mantraonline.com,
pumpy@mantraonline.com, raju_v@mantraonline.com,
relyon@mantraonline.com, rumdhil@mantraonline.com,
sum_hos@mantraonline.com, super_akhil@mantraonline.com,
venusopti@mantraonline.com, ydeepak@mantraonline.com
Subject: 1-Day sale on all meds.
Date: Sun, 29 Aug 2004 17:53:38 +0500
X-Mailer: AOL 7.0 for Windows US sub 191
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--9780946587554528094"
X-Priority: 3
X-MSMail-Priority: Normal
X-IP:44.162.107.250
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
Order from Canada and save
- Meridia, Xanax, Valium, Cialis, and so much more...
- Our online pharmacy has over 60 products
- Meds are 75% less than regular price
- No doctor visits or hassles
** Quick Discreet delivery to your front door
http://www.allyourmeds.net/?wid=100064
Off:
http://www.allyourmeds.net/book/
----9780946587554528094--
======================