Spamvert:
www.jumpchief.com => botnet
jumpchief.com Resolved to 24.38.202.179 to 59.149.198.64 to
67.213.7.209 to 68.50.244.32 to 69.86.213.81 to 69.217.48.33 to
69.245.174.253 to 70.230.156.188 to 74.128.136.74 to 76.25.184.10 to
116.121.175.71 to 123.214.247.132 to 124.80.101.135 to 125.131.0.247
to 125.215.110.61 to 210.106.5.191 to 219.240.79.58 to 219.251.130.57
to 220.94.144.187
Title: European Pharmacy (aka Canadian Pharmacy)
WEB:
Å Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
Much More info below:
==================X-SID-PRA: Robby Messer <chi...@beavercreekwest.com>
X-Message-Info: 6sSXyD95QpWXZ3+M6exFvIgXT/
KSGhfyarKOwEwIyLRtxEdVKUl1mX1QTN3NXWRTncyleor+j8hs+LQqVPIArg=Received: from tomts21-srv.bellnexxia.net ([209.226.175.183]) by bay0-
pamc1-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Fri, 4 Apr 2008 21:18:26 -0700
Received: from toip19.srvr.bell.ca ([67.69.240.21])
by toip31.srvr.bell.ca with ESMTP; 05 Apr 2008 00:18:20 -0400
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 05 Apr 2008 00:18:19 -0400
Received: (qmail 29721 invoked by uid 110); 5 Apr 2008 00:18:15 -0400
Delivered-To: [MUNGED]
Received: (qmail 28456 invoked from network); 5 Apr 2008 00:18:14
-0400
Received: from unknown (HELO ?218.76.90.22?) (218.76.90.22)
by [MUNGED] with SMTP; 5 Apr 2008 00:18:14 -0400
Message-ID: <01c89717$1efd0700$165a4cda@chino85>
From: "Robby Messer" <chi...@beavercreekwest.com>
To: <[MUNGED]>
Subject: 100mg x 90 pills $1.78 per pill price
Date: Sat, 5 Apr 2008 12:18:14 +0800
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="us-ascii";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-Spam: Not detected
Return-Path: chi...@beavercreekwest.com
X-OriginalArrivalTime: 05 Apr 2008 04:18:26.0812 (UTC)
FILETIME=[187CBBC0:01C896D4]
50mg x 60 pills $2.00 per pill
http://jumpchief.com
-- END OF SPAM --
See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search
WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
Å Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&
See:
IP 218.76.90.22
http://moensted.dk/spam/?addr=218.76.90.22
inetnum: 218.76.64.0 - 218.76.95.255
netname: CHINANET-HN-XX
country: CN
descr: CHINANET-HN Jishou node network
descr: hunan Telecom
admin-c: CHX4-AP
tech-c: CH636-AP
status: ALLOCATED NON-PORTABLE
changed: ipad...@hntelecom.net.cn
person: Yali Xiao
address: Hunan Data Communication Bureau No.9 middle wuyi road
ChangSha city,Hunan ,P.R.China 410011
country: CN
phone: +86-731-2260079
fax-no: +86-731-2265549
e-mail: li...@hnpta.net.cn
nic-hdl: YX69-AP
mnt-by: MAINT-CHINANET-HUNAN
changed: li...@hndcb.hnpta.net.cn
route: 218.76.0.0/16
descr: China Telecom hunan Province
origin: AS4134
mnt-by: MAINT-AS4134
changed: li...@ns.chinanet.cn.net
SEE Spamvert:
www.jumpchief.com => botnet
jumpchief.com Resolved to 222.121.141.143 to 24.38.202.179 to
61.58.184.213 to 67.213.7.209 to 68.50.244.32 to 69.86.213.81 to
69.217.48.33 to 69.245.174.253 to 70.230.156.188 to 74.128.136.74 to
76.25.184.10 to 116.121.175.71 to 123.214.247.132 to 124.80.101.135 to
125.131.0.247 to 125.215.110.61 to 210.106.5.191 to 219.240.79.58 to
219.251.130.57 to 220.94.144.187
ns0.axrpss.com = 116.121.175.71
ns0.lutrwpghd.com = 59.149.198.64
ns0.sjrbofa.com = 123.203.124.115
ns0.vqwgds.com = 69.245.174.253
www.jumpchief.com has no MX records -> jumpchief.com has no MX records
See IP rDNS on botnet:
222.121.141.143 no PTR at KORnet / kt.co.kr / Korea
24.38.202.179 = static-host-24-38-202-179.patmedia.net
61.58.184.213 = 61-58-184-213.nty.dynamic.lsc.net.tw
67.213.7.209 no PTR at MSTAR.net LLC / mstarmetro.net /
integratelecom.com
68.50.244.32 = c-68-50-244-32.hsd1.dc.comcast.net
69.86.213.81 = user-12ldlah.cable.mindspring.com
69.217.48.33 = ppp-69-217-48-33.dsl.applwi.ameritech.net
69.245.174.253 = c-69-245-174-253.hsd1.in.comcast.net
70.230.156.188 = adsl-70-230-156-188.dsl.stlsmo.sbcglobal.net
74.128.136.74 = 74-128-136-74.dhcp.insightbb.com
76.25.184.10 = c-76-25-184-10.hsd1.co.comcast.net
116.121.175.71 no PTR at HANARO / HANANET / Korea
123.214.247.132 no PTR at HANARO / HANANET / Korea
124.80.101.135 no PTR at GINAMHANVITNET / naver.com / tbroad.com /
Korea
125.131.0.247 no PTR at KORnet / kt.co.kr / Korea
125.215.110.61 = opt-125-215-110-61.client.pikara.ne.jp
210.106.5.191 no PTR at DREAMPLUS / hanmail.net / / nowcom.co.kr /
Korea
219.240.79.58 no PTR at HANARO / HANANET / Korea
219.251.130.57 no PTR at HANARO / HANANET / Korea
220.94.144.187 no PTR at KORnet / kt.co.kr / Korea
AND:
116.121.175.71 no PTR at HANARO / HANANET / Korea
59.149.198.64 = 059149198064.ctinets.com / ctihk.com
123.203.124.115 = 123203124115.ctinets.com / ctihk.com
69.245.174.253 = c-69-245-174-253.hsd1.in.comcast.net
Also older one's:
ns0.axrpss.com IP 92.226.140.12
ns0.axrpss.com IP 89.112.22.252
ns0.lutrwpghd.com IP 222.108.47.106
ns0.sjrbofa.com IP 59.149.48.223
ns0.vqwgds.com IP 12.21.215.23
ns0.vqwgds.com IP 58.77.110.212
ns0.axrpss.com IP 222.166.132.30
ns0.axrpss.com IP 222.167.203.112
ns0.axrpss.com IP 62.143.161.186
ns0.lutrwpghd.com = 123.202.194.61
ns0.lutrwpghd.com = 60.47.214.194
ns0.lutrwpghd.com IP 221.126.94.65
ns0.lutrwpghd.com IP 84.245.204.131
ns0.sjrbofa.com IP 202.126.117.43
ns0.sjrbofa.com = 59.149.165.117
ns0.sjrbofa.com = 124.218.67.36
ns0.vqwgds.com IP 221.127.245.4
ns0.vqwgds.com IP 79.164.123.55
ns0.vqwgds.com = 123.202.90.32
SEE ALSO:
hostnames sharing ip with a-records
*.chancetoo.com
*.head-of-epharmacy.com
*.reasontire.com
18meds.com
aamorphous.com
aangakikam.com
aasansabag.com
aassupload.com
adaev.gonebox.com
andconsider.com
atnevez.com
beklom.com
bigbonger.com
blucpan.com
bonilt.com
branchform.com
brownarrive.com
canadian-meds-world.com
carryelse.com
chancetoo.com
controlbread.com
copyarrange.com
cosamryl.com
dagespo.com
decidecompany.com
doctorpart.com
doupsto.com
drugtoplocate.com
dwointa.com
earcandlesonline.com
eggready.com
fixforall.com
friendlake.com
goneline.com
goodtimescasino.com
gotvab.com
grewthose.com
head-of-epharmacy.com
highqualitypharm.com
istupee.com
kazinr.com
laymoment.com
limits-on-freedom.com
locatecoast.com
lometr.com
lovemedssign.com
macesont.com
maianor.com
mayorder.com
medruijinhasedunkingans.com
meds5.com
micald.com
millioncover.com
miplor.com
monthfarm.com
moonbefore.com
nolidv.com
ns0.xazeyunhdefunja.com
ojefyc.reasontire.com
opicer.com
petork.com
pharmacy-saving.com
pitebl.com
pleaseselect.com
plogat.com
reasontire.com
refilp.com
rxnic.com
saderuikuntunyesdea.com
sambinos.com
sectiononce.com
sednip.com
seedbeat.com
sendwide.com
setunit.com
sevenhappy.com
shaesol.com
smeriv.com
soundgave.com
spammer.head-of-epharmacy.com
srelom.com
staget.com
static-host-24-38-202-179.patmedia.net
stonesingle.com
studydecimal.com
subtracthat.com
takinov.com
thegolffix.com
thousandseveral.com
toptall.com
toutofy.com
treehuge.com
tripheat.com
tunecvim.com
twoevery.com
typechair.com
typelook.com
unittrip.com
uz.wrongsame.com
woodsugar.com
wrongsame.com
yourfishingear.com
(only showing 100 results)
Let see whois.paycenter.com.cn:
Domain Name: jumpchief.com
Registrant:
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
550001
Administrative Contact:
SunHaiwei
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
Guiyang Guizhou 550001
CN
tel: 851 4355128
fax: 851 4355128
pengxiongjun2[]163.com
Technical Contact:
SunHaiwei
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
Guiyang Guizhou 550001
CN
tel: 4355128
fax: 4355128
pengxi...@163.com
Billing Contact:
SunHaiwei
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
Guiyang Guizhou 550001
CN
tel: 4355128
fax: 4355128
pengxi...@163.com
Registration Date: 2008-03-27
Update Date: 2008-03-31
Expiration Date: 2009-03-27
Primary DNS: ns0.sjrbofa.com 123.203.124.115
Secondary DNS: ns0.axrpss.com 116.121.175.71
More jumpchief.com sightings:
http://groups.google.com/groups/search?q=jumpchief.com+group%3A*abuse*&qt_s=Search
Also More pengxi...@163.com sightings:
http://groups.google.com/groups/search?q=pengxiongjun2%40163.com+group%3A*abuse*&qt_s=Search
More axrpss.com sightings:
http://groups.google.com/groups/search?q=axrpss.com+group%3A*abuse*&qt_s=Search
More lutrwpghd.com sightings:
http://groups.google.com/groups/search?q=lutrwpghd.com+group%3A*abuse*&qt_s=Search
More sjrbofa.com sightings:
http://groups.google.com/groups/search?q=sjrbofa.com+group%3A*abuse*&qt_s=Search
More vqwgds.com sightings:
http://groups.google.com/groups/search?q=vqwgds.com+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.email/msg/83df9a75a123645e
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/759359adfc45d074
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/49642b0bd30a4c3a
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/