WhoIs s-u.me

What we are seeing majority of PHARMACY SPAM sites being REDIRECTED from the s-u.me domain.

Address lookup
canonical name s-u.me
scamalert
aliases
addresses 50.87.145.166
Domain Whois record

Queried whois.nic.me with “s-u.me

Domain ID:D10067444-ME
Domain Name:S-U.ME

Domain Create Date:28-Oct-2013 19:12:09 UTC
Domain Last Updated Date:28-Oct-2013 19:14:55 UTC
Domain Expiration Date:28-Oct-2014 19:12:09 UTC

Last Transferred Date:
Sponsoring Registrar:GoDaddy.com, LLC R41-ME
Created by:GoDaddy.com, LLC R41-ME
Last Updated by Registrar:GoDaddy.com, LLC R41-ME

Domain Status:CLIENT DELETE PROHIBITED
Domain Status:CLIENT RENEW PROHIBITED
Domain Status:CLIENT TRANSFER PROHIBITED
Domain Status:CLIENT UPDATE PROHIBITED
Domain Status:TRANSFER PROHIBITED

Registrant ID:CR153564119
Registrant Name:cantar marian
Registrant Organization:
Registrant Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Registrant City:drobeta turnu severin
Registrant State/Province:mehedinti
Registrant Country/Economy:RO
Registrant Postal Code:220077
Registrant Phone:+40.0040740204010
Registrant E-mail:admin@salonauto.ro

Admin ID:CR153564121
Admin Name:cantar marian
Admin Organization:
Admin Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Admin City:drobeta turnu severin
Admin State/Province:mehedinti
Admin Country/Economy:RO
Admin Postal Code:220077
Admin Phone:+40.0040740204010
Admin E-mail:admin@salonauto.ro

Tech ID:CR153564120
Tech Name:cantar marian
Tech Organization:
Tech Address:str. danubius, nr.3, bl.xf8, sc.3, ap.8
Tech City:drobeta turnu severin
Tech State/Province:mehedinti
Tech Country/Economy:RO
Tech Postal Code:220077
Tech Phone:+40.0040740204010
Tech E-mail:admin@salonauto.ro

Nameservers:NS4023.HOSTGATOR.COM
Nameservers:NS4024.HOSTGATOR.COM

DNSSEC:Unsigned

Network Whois record

Queried rwhois.unifiedlayer.com with “50.87.145.166”…

%rwhois V-1.5:000080:00 rwhois.unifiedlayer.com (by Unified Layer, V-1.0.0)
network:Class-Name:network
network:ID: NETBLK-UL.50.87.144.0/21
network:Auth-Area: 50.87.144.0/21
network:Network-Name: UL-50.87.144.0/21
network:IP-Network: 50.87.144.0/21
network:Organization: websitewelcome.com
network:Tech-Contact: abuse@websitewelcome.com
network:Admin-Contact: abuse@websitewelcome.com
network:Abuse-Contact: abuse@websitewelcome.com
network:Created: 20130103
network:Updated: 20130103
network:Updated-By: abuse@websitewelcome.com

%ok

Queried whois.arin.net with “n 50.87.145.166″…

NetRange: 50.87.0.0 – 50.87.255.255
CIDR: 50.87.0.0/16
OriginAS: AS46606
NetName: UNIFIEDLAYER-NETWORK-9
NetHandle: NET-50-87-0-0-1
Parent: NET-50-0-0-0-0
NetType: Direct Allocation
RegDate: 2011-01-24
Updated: 2012-11-14
Ref: http://whois.arin.net/rest/net/NET-50-87-0-0-1

OrgName: Unified Layer
OrgId: BLUEH-2
Address: 1958 South 950 East
City: Provo
StateProv: UT
PostalCode: 84606
Country: US
RegDate: 2006-08-08
Updated: 2012-11-26
Ref: http://whois.arin.net/rest/org/BLUEH-2

ReferralServer: rwhois://rwhois.unifiedlayer.com:4321

OrgAbuseHandle: ABUSE3581-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-888-401-4678
OrgAbuseEmail: abuse@unifiedlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3581-ARIN

OrgNOCHandle: NETWO5508-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-888-401-4678
OrgNOCEmail: netops@unifiedlayer.com
OrgNOCRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

OrgTechHandle: NETWO5508-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-888-401-4678
OrgTechEmail: netops@unifiedlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

DNS records
name class type data time to live
s-u.me IN TXT v=spf1 a mx include:websitewelcome.com ~all 14400s (04:00:00)
s-u.me IN MX
preference: 0
exchange: s-u.me
14400s (04:00:00)
s-u.me IN SOA
server: ns4023.hostgator.com
email: root@gator2012.hostgator.com
serial: 2013102802
refresh: 86400
retry: 7200
expire: 3600000
minimum ttl: 86400
86400s (1.00:00:00)
s-u.me IN NS ns4024.hostgator.com 86400s (1.00:00:00)
s-u.me IN NS ns4023.hostgator.com 86400s (1.00:00:00)
s-u.me IN A 50.87.145.166 14400s (04:00:00)
166.145.87.50.in-addr.arpa IN PTR 50-87-145-166.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN NS ns2.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN NS ns1.unifiedlayer.com 86400s (1.00:00:00)
145.87.50.in-addr.arpa IN SOA
server: ns1.unifiedlayer.com
email: abuse@unifiedlayer.com
serial: 2011012701
refresh: 28800
retry: 14400
expire: 3600000
minimum ttl: 300
86400s (1.00:00:00)

— end —

Advertisements

Leave A Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s