nslookup 205.162.234.92 Server: localhost Address: 127.0.0.1 Name: as-1-ppp-92.stwr.brightok.net Address: 205.162.234.92 nslookup www.rxonlinedeals.biz Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: rxonlinedeals.biz Addresses: 80.3.229.108, 205.162.234.92, 67.8.2.38, 67.75.26.238 81.220.133.244 Aliases: www.rxonlinedeals.biz show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 18 Se1/0 205.162.234.92 Fa2/1 207.46.107.40 06 0715 0747 3 Se1/0 205.162.234.92 Fa2/1 82.196.65.32 06 0050 106C 159 Se1/0 205.162.234.92 Fa2/1 82.196.65.32 06 08EF 0050 17 Se1/0 205.162.234.92 Fa2/1 82.196.65.32 06 08EE 0050 87 Se1/0 205.162.234.92 Fa2/1 206.30.97.13 06 0050 BE8D 26 show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 20 Se1/0 205.162.234.92 Fa2/1 207.46.107.40 06 0715 0747 2 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 6 Fa2/1 207.46.107.40 Se1/0 205.162.234.92 06 0747 0715 2 show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 2 Se1/0 205.162.234.92 Fa2/1 207.46.107.40 06 0715 0747 2 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 4 Run Telnet show ip cache flow | i 205.162.234.92 Fa2/1 206.30.97.13 Se1/0 205.162.234.92 06 C9B9 0050 6 Fa2/1 82.196.65.32 Se1/0 205.162.234.92 06 0050 08F2 12 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 4 Se1/0 205.162.234.92 Fa2/1 82.196.65.32 06 08F2 0050 19 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 6 Fa2/1 207.46.107.40 Se1/0 205.162.234.92 06 0747 0715 2 Wait a few seconds show ip cache flow | i 205.162.234.92 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 2 Se1/0 205.162.234.92 Fa2/1 82.196.65.32 06 08F3 270C 3 show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 8 show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 2 Se1/0 205.162.234.92 Fa2/1 207.46.107.40 06 0715 0747 2 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 6 show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 4 Se1/0 205.162.234.92 Fa2/1 207.46.107.40 06 0715 0747 1 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 4 Fa2/1 207.46.107.40 Se1/0 205.162.234.92 06 0747 0715 2 show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 8 Telnet to reverse proxy show ip cache flow | i 205.162.234.92 Fa2/1 206.30.97.13 Se1/0 205.162.234.92 06 D483 0050 8 Fa2/1 82.196.65.32 Se1/0 205.162.234.92 06 0050 08F4 12 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 5 Se1/0 205.162.234.92 Fa2/1 207.46.107.40 06 0715 0747 2 Se1/0 205.162.234.92 Fa2/1 82.196.65.32 06 08F4 0050 19 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 6 Fa2/1 207.46.107.40 Se1/0 205.162.234.92 06 0747 0715 2 Wait a few seconds show ip cache flow | i 205.162.234.92 Se1/0 205.162.234.92 Fa2/1 24.116.154.132 01 0000 0000 9 Fa2/1 24.116.154.132 Se1/0 205.162.234.92 01 0000 0800 11 telnet 82.196.65.32 80 GET http://www.rxonlinedeals.biz/aff5/?avon HTTP/1.0 IP gives the website. Perhaps another reverse proxy (2 pronged?), but may be the originating site. nslookup rxonlinedeals.biz Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: rxonlinedeals.biz Addresses: 68.186.194.54, 64.168.28.237, 68.54.174.186, 195.242.105.210 68.164.93.228 IP rotated out. 82.196.65.32 is: whois -h whois.ripe.net 82.196.65.32 % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 82.196.64.0 - 82.196.67.255 netname: ANTR-NET descr: Secure2.Net Hi-Tech Datacenter country: RU admin-c: VB788-RIPE tech-c: SNOT1-RIPE status: ASSIGNED PA notify: noc@secure2.net mnt-by: SECURE2-MNT changed: quark@comset.net 20031112 source: RIPE route: 82.196.64.0/21 descr: SECURE2 block anounced to RN origin: AS13075 mnt-by: SECURE2-MNT changed: change@this.please 20031125 source: RIPE role: SECURE2 Network Operation Team address: Secure2.Net/Internet Network Operations e-mail: noc@secure2.net trouble: Points of contact for SECURE-2-NETWORK Operations trouble: ----------------------------------------------------------- trouble: Routing and peering issues: noc@secure2.net trouble: SPAM issues: abuse@secure2.net trouble: Network security issues: network@secure2.net trouble: Mail and News issues: postmaster@secure2.net trouble: Customer support: support@secure2.net trouble: General information: info@secure2.net trouble: ----------------------------------------------------------- admin-c: VB788-RIPE tech-c: VB788-RIPE nic-hdl: SNOT1-RIPE notify: quark@comset.net changed: quark@comset.net 20031112 source: RIPE person: Vladimir Belkin address: Nekrasova st. 16 address: St. Petersburg, 19000 phone: +7 812 1185566 fax-no: +7 812 1185566 e-mail: admin@secure2.net nic-hdl: VB788-RIPE notify: quark@comset.net changed: quark@comset.net 20031112 source: RIPE Original report follows: Received: from mx1.spamcop.net (mx1.spamcop.net [216.127.55.202]) by boomer.brightok.net (8.12.10/8.12.10) with ESMTP id hAQEfiaK003519 for ; Wed, 26 Nov 2003 08:41:45 -0600 (CST) Received: from unknown (HELO spamcop.net) (192.168.0.1) by mx1.spamcop.net with SMTP; 26 Nov 2003 07:44:48 +0000 Received: from [63.231.128.154] by spamcop.net with HTTP; Wed, 26 Nov 2003 14:41:44 GMT From: 504008481@reports.spamcop.net To: abuse@brightok.net Subject: [SpamCop (http://www.rxonlinedeals.biz/aff5/?sent) id:504008481]Fast & easy way to get your medication today!stellar Precedence: list Message-ID: Date: Tue, 25 Nov 2003 19:44:46 -0600 (CST) X-SpamCop-sourceip: 160.94.119.142 X-Mailer: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/103u (KHTML, like Gecko) Safari/100.1 via http://www.spamcop.net/ v1.3.4 [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. Spamvertised website: http://www.rxonlinedeals.biz/aff5/?sent Additional links on www.rxonlinedeals.biz: http://www.rxonlinedeals.biz/aff5/?coffin http://www.rxonlinedeals.biz/aff5/?mastermind http://www.rxonlinedeals.biz/aff5/?pencil http://www.rxonlinedeals.biz/aff5/?marionette http://www.rxonlinedeals.biz/aff5/?dirichlet http://www.rxonlinedeals.biz/aff5/?mesopotamia http://www.rxonlinedeals.biz/aff5/?sent http://www.rxonlinedeals.biz/byebye.php http://www.rxonlinedeals.biz/aff5/?colicky http://www.rxonlinedeals.biz/aff5/?avon http://www.rxonlinedeals.biz/aff5/?grill http://www.rxonlinedeals.biz/aff5/?indignity http://www.rxonlinedeals.biz/aff5/?sent is 205.162.234.92; Wed, 26 Nov 2003 14:39:28 GMT http://www.spamcop.net/w3m?i=z504008481zcf28ab7c3656068cb2add97dccec527bz [ Offending message ] "From qsqb45s@myfastmail.com Tue Nov 25 19:44:46 2003 " Return-Path: Received: from mhub-m5.tc.bla.email (mhub-m5.tc.bla.email [160.94.23.35]) by diamond.tc.bla.email with ESMTP for x; Tue, 25 Nov 2003 19:44:46 -0600 (CST) X-Umn-Remote-Mta: [N] mhub-m5.tc.bla.email #+LO+NM Received: from student01svr.csom.bla.email (notes2.csom.bla.email [160.94.119.142] (may be forged)) by mhub-m5.tc.bla.email with ESMTP for x; Tue, 25 Nov 2003 19:44:46 -0600 (CST) X-Umn-Remote-Mta: [N] notes2.csom.bla.email #+HF+LO+UF+CL+OF (L,-) X-Umn-Report-As-Spam: Received: from computer.cpe.jspr.al.charter.com ([67.97.194.180]) by student01svr.csom.bla.email (Lotus Domino Release 6.0.3) with SMTP id 2003112519495361-45 ; Tue, 25 Nov 2003 19:49:53 -0600 Received: from [196.80.57.95] by computer.cpe.jspr.al.charter.com with SMTP; Wed, 26 Nov 2003 06:41:24 +0500 Message-ID: From: "Lloyd Purvis" Reply-To: "Lloyd Purvis" To: x Subject: Fast & easy way to get your medication today!stellar Date: Wed, 26 Nov 2003 06:41:24 GMT X-Mailer: lukewarm they liquidate9835 MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-MIMETrack: Itemize by SMTP Server on Student01SVR/Student/CarlsonSchool(Release 6.0.3|September 26, 2003) at 11/25/2003 07:49:54 PM, Serialize by Router on Student01SVR/Student/CarlsonSchool(Release 6.0.3|September 26, 2003) at 11/25/2003 07:50:01 PM, Serialize complete at 11/25/2003 07:50:01 PM Content-Type: multipart/alternative; boundary="8A80_1EF0_" --8A80_1EF0_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; ghhgfhffsshhsg
Prescription Dr= ugs Shipped Overnight to Your Door!
Visit Our Online D= rugstore Now & SAVE!

Free Prescriptions by Licensed US Doctors!
Trim your waistline with: Phentermine, Bontril, Didrex & more... Starting at Only $79!
= silty
Eliminate arthritic pain with: = Fioricet, Vioxx, Tramadol & more..<= /a> Starting at Only $99!
= motorola
Relax all your muscles with: Soma, Flexeril, Skelaxin & more... Starting at Only $99!
= custody
Improve your vitality with: = Viagrra, Valtrex, Acyclovir & more... Starting at Only $79!
= = tribute
Eliminate your depression with:= Paxil, Prozac, Zoloft & more... Starting at Only $115!
= eisner
WOMEN - Birth Control, Skin Care, Enhancements & more.... Starting at Only $49!
= iliac
MEN - <= b> Quit Smoking, Prevent Hair Losss, Impotence & more.. Starting at Only $79!
= yell
FOR EVERYONE - Sleeping Aids, Allergy Protection, Heartburn R= elief and MORE...!
Prescription Dr= ugs Shipped Overnight to Your Door!
Visit Our Online D= rugstore Now & SAVE!

Free Prescriptions by Licensed US Doctors!

xeddh ncf wm

-Delete my email from = your mailing list-

--8A80_1EF0_--