Charles Morris wrote:
This is spam by the way. The url redirects to a Canadian med site. The original sender may check if he has any malware running...
Just FYI, it's not a real Canadian med site. It is high probability not even Canadian.
The site appears to be a referral round robin over many domain names, including:
- www.yourtabletrxhealth.com/ - traceroute to AS12880 "Data communication Company of Iran"
- www.superstorepills.net/ - traceroute to AS9737 TOT Public Company Limited
- www.bargainpillsstore.net - traceroute to AS4134 CHINANET-BACKBONE
- www.losspillssite.net - traceroute to AS4837 CHINA169-Backbone
etc.
The www.yourtabletrxhealth.com domain name was created April 5 of 2010 and has Russian contact address information. http://whois.domaintools.com/yourtabletrxhealth.com
Parts of the www.yourtabletrxhealth.com web pages are pulled in from all over, including AS9486, AS9737.
The "license" at the bottom is fake. The controlling professional body in Ontario is the Ontario College of Pharmacists not "College of Pharmacists of Ontario". In Ontario, the language is that Pharmacies are accredited, not licensed. Pharmacists are licensed.
The Verisign click-through is fake.
OCP has no record of this company by name, location or number. See https://members.ocpinfo.com/ocpsearch/
The CEO is claimed to be affiliated with University of Western Ontario. Can't find them.
Feel free to check out Kingston ON in Google street view for added amusement.
And its listed in spamwiki.
Regards,
Eric Carroll
Posting so many URLs which either are or should be listed in domain
block lists to a list with as many subscribers as this is probably not
wise. I'm guessing you just caused a wonderful bounce storm as the NANOG
servers attempted to send that out, depending of course on how many
people whitelist NANOG to URI filtering.
yourtabletrxhealth[dot]com - URIBL black 2010-04-22 00:07:14 GMT
superstorepills[dot]net - URLBL black 2010-04-21 20:47:31 GMT
bargainpillsstore[dot]net - URLBL black 2010-04-15 20:41:59 GMT
losspillssite[dot]net - URLBL black 2010-04-21 20:45:09 GMT
The analysis of the domain is solid though, so good work there. Perhaps
NANOG is not the correct forum though? Spam-L seems like a better fit.
....
Posting so many URLs which either are or should be listed in domain
block lists to a list with as many subscribers as this is probably not
wise. I'm guessing you just caused a wonderful bounce storm as the NANOG
servers attempted to send that out, depending of course on how many
people whitelist NANOG to URI filtering.
...
The analysis of the domain is solid though, so good work there. Perhaps
NANOG is not the correct forum though? Spam-L seems like a better fit.
Spam-watch.com is the proper place for it.
Spam-watch.com
From the website:
About Spam-watch - This list is meant as a replacement for the SPAM-L
list which was abruptly shut down in May 2009.
On the contrary - Spam-l.com continues on different hosting with
different moderators with an emphasis on collegial behaviour of
participants.
From the website:
Spam-L.com was created as a cooperative effort to replace the original
Spam-L forum which ran for a decade and a half on L-Soft servers. When
the original was abandoned on 11 May 2009, this list was set up to keep
the forum alive.
Hopefully this might now point some people in the right direction?
Fin for me.
Ted Cooper wrote:
The url redirects to a Canadian med site.
Just FYI, it's not a real Canadian med site. It is high probability
not even Canadian.Posting so many URLs which either are or should be listed in domain
block lists to a list with as many subscribers as this is probably not
wise. I'm guessing you just caused a wonderful bounce storm as the NANOG
servers attempted to send that out, depending of course on how many
people whitelist NANOG to URI filtering.
I would say one has their spamfilter configured incorrectly if such emails would be rejected and it should prompt an immediate fix.
The mailinglist should ideally be whitelisted. In addition if you use content scanning (in almost all cases a bad idea, see: BBC News - How spam filters dictated Canadian magazine's fate ) your scanners ought to be trained well enough to figure out the email is not spam.
Regards,
Jeroen