Scammers for 5/06



Barnu Rapatska / TotalPharmacy / WELCOME! Cheating House Wife Services / Date Lonely Wives
discountRxweb.com - Order Cialis Online and Save! lt;Secured Billing - Discreetly Shipped / How To Be A Red Hot Persuasion Wizard... In 20 Days Or Less!
DRUGS DIRECT: CHEAPEST DRUGS ON THE NET
Score = 87

This spammer uses web bugs and tagged URLs. Opening his spam with HTML & images enabled lets him know that your email address is valid. Following the links does too. Controls his own name servers. Sends from open proxies on trojaned computers. Changes domain name for redirecting pathes at least once a day. Fake whois data. Uses throwaway URLs that redirect to a URL tht tracks your email address and the affiliate ID then redircts to the pay off URL. 

Fake names: Mush hashor, Radbergas, Olegas, Helmut Fischer, CHAS BUSHNELL, Bob Cooper, Barnu Rapatska, zopa cathlina, Stacey Gerstien, WebLove, Vadim Gablian, HomeViz, mathew barberstantonly, base advertising jump inc, lifetime, James Sweet, vashumat, James corona, mike mC Garythomason, bishopletsy trierson

Fake emails: olegas2003@spam.lv, helfischer1975@yahoo.com, chas@blazemail.com, bcooper@allsaintsfan.com, barnu@barnurapatska.com, support@emarketingdeals.com, admin@chillblow.com, infohelpteam@yahoo.com, admin@wifesmile.com, abbie@fusemail.com, joker2newdomains@yahoo.com, nameserver2004@yahoo.com
======================
Affiliate IDs:
Badboy
got
okok
ronn
====================
Samples of how redirect works:
----
http://hulbertwe.com/Ap6G9jCsQaWeokpJBXVfDrdni/
IP: 221.11.133.51
Reporting addresses:
abuse@cnc-noc.net
- Redirects to 
http://dns-html2.com/hulbertwe.com/Ap6G9jCsQaWeokpJBXVfDrdni/
Rotating IPs
IP: 221.7.209.86 (chinanet)
IP: 221.11.133.51 (cnc-noc.net)
- Redirects to 
Tadalafil_Home
http://partied.net/cs/?Badboy
IP: 211.147.228.102
Reporting addresses:
ct-abuse@abuse.sprint.net, abuse@gzidc.com, xuxinyu@gzidc.com

==================
http://meckbachgf.com/kepFbBOc17qdmUcl9kY7sPQTI/
Rotating IPs
IP: 219.254.32.74 (hanaro.com)
IP: 222.122.65.3 (kornet.net)
- Redirects to
http://dns-html2.com/meckbachgf.com/kepFbBOc17qdmUcl9kY7sPQTI/
IP: 219.254.32.74
Reporting addresses:
abuse@hanaro.com
- Redirects to
Tadalafil_Home
http://genuinely.net/cs/
?Badboy
IP: 63.105.204.170 (mci.com)
==========
http://opikdf.com/OwvWzzMxjHbuETFKn1zc2slNB/
UoO7KGtPNk.html
IP: 221.11.133.51 (chinanet)
- Redirects to:
http://dns-html2.com/opikdf.com/OwvWzzMxjHbuETFKn1zc2slNB/
IP: 219.254.32.74
Reporting addresses:
abuse@hanaro.com
Tadalafil_Home 
IP: 219.254.32.74
http://dusked.biz/cs/?Badboy
219.254.32.74
Reporting addresses:
abuse@hanaro.com
======
DRUGS DIRECT: CHEAPEST DRUGS ON THE NET
http://hladiukds.net/IDSMmqTSngdX30JO7b6iXOxV7/
Rotating IPs:
IP: 211.143.29.222
IP: 219.254.32.74 (hanaro)
IP: 221.11.133.51 (chinanet)
- Redirects to
http://dns-html2.com/hladiukds.net/IDSMmqTSngdX30JO7b6iXOxV7/
IP: 219.254.32.74 (hanaro)
- Redirects to
http://dusked.biz/
IP: 61.232.205.187 (chinatietong)

Click to see a scam site
=================
http://venkatramanfg.com/D3P9pFi3uxt4rXn1vpaf6PM2l/
Rotating IPs: 
219.254.32.74 (hanaro)
221.11.133.11 (chinanet)
- Redirects to:
http://dns-html2.com/venkatramanfg.com/D3P9pFi3uxt4rXn1vpaf6PM2l/
Rotating IPs: 
219.254.32.74 (hanaro)
221.11.133.11 (chinanet)
IP: 221.11.133.11
- Redirects to:
Tadalafil_Home
http://www.hurtfully.com/rm/
http://hybridisms.com/cs/
http://hybridisms.com/extender/
http://visagraph.net/cs/
IP: 222.47.183.98, 222.47.183.126
Reporting addresses:
postmaster@chinatietong.com, 
crnet_mgr@chinatietong.com, 
crnet_tec@chinatietong.com
========
http://robinhoodty.com/SXKXOjQHeNYEUhUEEwWyeC0er/
Rotating IPs
IP: 211.143.29.222 
Report to: 13908491010@hnmcc.com
IP: 219.254.32.74 (hanaro) 
- Redirects to
http://dns-html2.com/robinhoodty.com/SXKXOjQHeNYEUhUEEwWyeC0er/
- Redirects to
Tadalafil_Home
http://gossipy.net/cs/
?Badboy
IP: 210.21.117.104
Reporting addresses:
abuse@chinanet.cn.net
==================
http://timhunterbv.com/TsRHFEnzxsGTlTyZAjWP1Fy9t/
- Redirects to
http://dns-html2.com/timhunterbv.com/TsRHFEnzxsGTlTyZAjWP1Fy9t/
- Redirects to
Tadalafil_Home
http://gossipy.net/cs/
?Badboy
IP: 210.21.117.104
Reporting addresses:
abuse@chinanet.cn.net
=======================
http://furbelows.net/cs/?got
http://howsoever.net/specials.php?okok
http://unpardoned.net/rm.php?got
IP: 211.147.228.102
Reporting addresses:
ct-abuse@abuse.sprint.net 
Third parties interested in reports:
abuse@gzidc.com
=============
http://confuting.com/cs/?got
http://confuting.com/spur/?ronn
IP: 211.147.228.102
Reporting addresses:
ct-abuse@abuse.sprint.net 
Third parties interested in reports:
abuse@gzidc.com
Alias:
 Jeffrey Metzinger 
 leimomi01@tom.com 
Name Servers:
 ns1.unheeded.net 
 ns2.unheeded.net
========
http://genuinely.net/extender/
http://revetments.net/cs/
IP: 210.21.117.112
Reporting addresses:
abuse@chinanet.cn.net
========
http://huichimingfd.net/vnZW...
http://dns-html2.com/huichimingfd.net/vnZW...
Rotating IPs
IP: 220.202.248.55 (cnuninet.com)
IP: 221.11.133.11 (cnc-noc.net)
=======
http://arthurpetrfdon.net/VSTT...
IP: 221.10.201.174 (chinanet)
=======
http://friggings.net/cs/
?got
http://gravesides.com/spur/
?ronn
http://provencaux.net/cs/
?got
IP: 63.105.204.170
Reporting addresses:
abuse@mci.com
============
http://renisd.com/ZdTy...
IP: 210.22.50.103
=======
http://raywilsoncv.net/o2t8...
IP: 221.10.201.174
========
http://arianeyuui.com/5Cw...
http://artmanesd.com/Mf8...
IP: 221.11.134.15 (cnc-noc.net)
======
http://kamelwe.com/zgkrYEoWHlBKiCuxgwCTCCLyi/
IP: 221.11.133.51 (cnc-noc.net)
========
http://brunierfd.net/utLq...
IP: 222.122.65.3 (kornet) 
================
http://katchemack.net/cs/
?ronn
IP: 210.21.117.113 (chinanet.cn.net)
=============
http://bulwarking.com/cs/?ronn
http://depletive.com/cs/?got
http://endosonic.com/spur/?got
http://impactions.net/cs/?ronn
http://impactions.net/rm.php?got
http://impactions.net/spur/?got
http://snorter.net/cs/?ronn
http://katchemack.net/cs/?ronn
http://zigzagging.net/cs/?okok
IP: 210.21.117.104 (chinanet)
===============
Dead on arrival
http://nanyourtds.com/this...
http://scottyoungwq.net/ALzf...
http://yarigatakeer.net/4ZSo...
=================
http://borrellyqw.net/eXxSawzbSncapRa7azUphiN4l/
IP: 221.11.133.51 (chinanet)
=========================
http://soddenness.net/cs/?got
IP: 222.47.183.99 (chinatietong)
================
http://edisonacv.net/fPQHVnUHdA7cAShpwMyknStfg/
IP:  220.202.248.55 (chinanet)
============
http://dusked.biz/cs/
http://dusked.biz/extender/
http://dusked.biz/spur/

IP: 61.232.205.187 (chinatietong)
=============
http://katchemack.net/spur/

IP: 61.232.205.186 (chinatietong)
==================

celebsexposed.net
Host: 221.11.133.10
Name : Barnu Rapatska 
Email : webmaster@emarketingdeals.com ::Name Servers:: 
ns1.dns-passthrough.com 
ns2.dns-passthrough.com 
ns3.dns-passthrough.com 
ns4.dns-passthrough.com 

coolsites1.com
Contact:: 
Name : Barnu 
Email : barnu@barnurapatska.com 
Address : Snemovni 3 
Zipcode : 118 24 
Nation : CZ 
Tel : +420257174252 
Fax : 
::Name Servers:: 
ns1.anwoo.com 
ns1.mynameserver.ca 
ns1.bomofo.com 
ns1.epoboy.com

dns-base2.com

dns-click2.com
Name : Barnu Rapatska 
Email : support@emarketingdeals.com 
Address : Snemovni 3 
Zipcode : 118 24 
Nation : CZ 
Tel : +420257174252 
Fax : 
::Name Servers:: 
ns5.dns-setup.com 
ns6.dns-setup.com 
ns7.dns-setup.com 
ns8.dns-setup.com 

dns-html.com
Name servers

dns-html2.com
Redirecter
dns-html2.com
owner: HECTOR RUIZ 
email: hector9090@yahoo.com 
nserver: ns1.dns-html.com 222.122.65.5 
nserver: ns2.dns-html.com 219.254.32.75 
nserver: ns3.dns-html.com 202.73.247.22 
nserver: ns4.dns-html.com 202.64.76.189 

dns-passthrough.com
URL redirecter & name servers
Host: 221.11.133.10
Reporting addresses:
abuse@cnc-noc.net
owner: CHAS BUSHNELL 
organization: CHAS 
email: chas@blazemail.com
nserver: ns1.dns-passthrough.com 218.7.112.244 
nserver: ns2.dns-passthrough.com 202.73.255.22 
nserver: ns3.dns-passthrough.com 221.11.133.12 
nserver: ns4.dns-passthrough.com 221.210.2.152 

dns-passthrough2.com
owner: CHAS BUSHNELL 
email: chas@blazemail.com 
ns1.dns-passthrough.com
ns2.dns-passthrough.com
ns3.dns-passthrough.com
ns4.dns-passthrough.com

DNS-FORWARD.COM
 Name servers

dns-forward2.com
 URL redirecter

dns-redirects.com

dns-redirects2.com
URL redirecter
IP: 218.7.120.82
Reporting addresses:
abuse@chinanet.cn.net 
abuse@cnc-noc.net
Name: CHAS 
email: CHAS@blazemail.com 
Name Servers 
ns1.dns-redirects.com 
222.122.65.5 
ns2.dns-redirects.com 
221.10.254.191 
ns3.dns-redirects.com 
221.11.133.12 
ns4.dns-redirects.com
221.210.2.152 

downloaditforfree.net
Host: 221.11.133.10
Reporting addresses:
abuse@cnc-noc.net
Name : Charles Messer 
Email : messer@draac.com 
Address : 416 W 8th St 
Zipcode : 31833 
Nation : US 
Tel : +1.7066439924 
Fax : 
::Name Servers:: 
ns1.anwoo.com 
ns1.mynameserver.ca 
ns1.bomofo.com 
ns1.epoboy.com

DRUGS DIRECT: CHEAPEST DRUGS ON THE NET
http://ecomomics.net
http://liverymen.com/

emarketingdeals.com / Barnu Rapatska
210.245.151.117
Reporting addresses:
abuse@telstra.net, 
abuse@newworldtel.com

freehostedpages.net
Host: 221.11.133.11
Reporting addresses:
abuse@cnc-noc.net
Contact:: 
Name : Barnu Rapatska 
Email : webmaster@emarketingdeals.com ::Name Servers:: 
ns1.anwoo.com 
ns1.mynameserver.ca 
ns1.bomofo.com 
ns1.epoboy.com

hotcelebsnaked1.com
Host: 218.7.120.81
Reporting addresses:
abuse@chinanet.cn.net, abuse@cnc-noc.net
Name : Barnu Rapatska 
Email : support@emarketingdeals.com 
::Name Servers:: 
ns1.dns-passthrough.com 
ns2.dns-passthrough.com 
ns3.dns-passthrough.com 
ns4.dns-passthrough.com 

hotcheapsites.com
Web site host
IP: 202.73.247.20
Whois:
Name: missing
Email: missing
Phone: missing
Address: missing
Country: missing
NS1.DNS-REDIRECTS.COM 
NS2.DNS-REDIRECTS.COM
NS3.DNS-REDIRECTS.COM
NS4.DNS-REDIRECTS.COM

hotfreesites2.com
Web site host
Host: 222.122.65.3
Reporting addresses:
abuse@kornet.net
Contact: : 
Name: Barnu Rapatska 
Email: webmaster@emarketingdeals.com
Name Servers: : 
  ns1.dns-passthrough.com
  ns2.dns-passthrough.com
  ns3.dns-passthrough.com
  ns4.dns-passthrough.com

Tadalafil_Home
http://remeasures.net/cs/
210.21.119.131
Reporting addresses:
daihy@china-netcom.com, 
postmaster@china-netcom.com, 
cnc-abuse@abuse.sprint.net
Contact: 
  Fischer, Helmut
  helfischer1975@yahoo.com
NS1.SHEENIEST.COM 210.21.119.130 
NS1.IJFNDGCT.COM 222.51.98.253 
NS3.IJFNDGCT.COM 218.201.44.203 
NS1.UTILISES.NET 222.47.183.57 
NS2.UTILISES.NET 222.222.51.108
=============
http://arthurpetrfdon.net/VSTT...
IP: 221.10.201.174 (chinanet)
=======
http://genuinely.net/extender/
http://revetments.net/cs/
IP: 210.21.117.112
Reporting addresses:
abuse@chinanet.cn.net
========
Other domains
ecomomics.net
bulwarking.com
confuting.com
depletive.com
ecomomics.net
friggings.net
furbelows.net
gallanted.com
genuinely.net
gravesides.com
howsoever.net
hurtfully.com
hybridisms.com
impactions.net
katchemack.net
partied.net
provencaux.net
renisd.com
revetments.net
sheenier.net
snorter.net
unpardoned.net
untyred.net/
visagraph.net
win65.com
zigzagging.net
===============
Throwaway domains:
arianeyuui.com
artmanesd.com
brunierfd.net
nanyourtds.com
raywilsoncv.net
scottyoungwq.net
yarigatakeer.net



ES001 spammer / OEM CD / Replikabazaar / Viagra Professional Tabs / GENERIC Viagra SHOP
Uses a URL tag to identify the "affiliate" and possibly your email address and always uses a frame named "ES001". Used to be mostly warez but now is usually illegal drugs with an occasionally a bank phishing scam. Uses a diffrent fake ID to register every domain and creates at least three domains per day. Uses rotating IPs. 

Controls these name servers:
 alladin.aicstrungcb.biz 
 ginny.aicstrungcb.biz

Fake names: Vladislav Ivanov, Jeff Westbury, James Harris, Mahmutov, Ibragim; Constance Edwards, Ivan Levco
Fake emails: vlodyslav_ivanov@yahoo.com, hostserviceuse@yahoo.com, ibragimemail@yahoo.com, leimomi01@tom.com, ibragimmahmutovv@yahoo.com, edwards@mail333.com, styka4i@altern.org
Score = 29
====================================
http://edgercc.info/ES001/
http://erxexpress.info/ES001/
http://verizemont.info/ES001/
Rotating IPs
-
IP: 221.7.209.72
Reporting addresses:
abuse@chinanet.cn.net
-
IP: 194.126.188.20 (No valid reporting address) 
Up stream provider: 217.239.39.58 
Reporting addresses: 
abuse@t-ipnet.de
===========
http://feotxiumk.com.xekzmxt8w4fctrgmbsplw.lesalive.info/
IP: 211.156.249.73
Reporting addresses:
liyang@21cn.com
Alias: 
 Ivan Levco 
 styka4i@altern.org 
Name Servers:
 GAMMA.SOLODIZEKL.COM 
 BETA.SOLODIZEKL.COM
======
http://implesa.info/ES001/
IP: 211.156.249.73
Reporting addresses:
liyang@21cn.com
Alias:
 Ivan Levco 
 styka4i@altern.org 
Name Servers:
 GAMMA.SOLODIZEKL.COM 
 BETA.SOLODIZEKL.COM
==========
http://rhythmfl.com/ES001/
IP: 194.126.190.17 (no valid reporting address)
Upstream provider: 217.239.39.58
Reporting addresses:
abuse@t-ipnet.de
=========
http://crestikson.info/ES001/ 
IP: 194.126.190.17 (no valid reporting address)
Upstream provider: 217.239.39.58
Reporting addresses:
abuse@t-ipnet.de
Alias:
 Michael Gulko 
 wexpo@altern.org 
Name Servers:
 GAMMA.SOLODIZEKL.COM 
 BETA.SOLODIZEKL.COM
========
http://hangworthyla.com/ES001/
IP: 221.7.209.72 (chinanet.cn.net)
======
http://honeyedlyfm.com/ES001/  (cnc-noc.net)
=======================
http://cdryvoc89sxo9mnju.prebendaryhh.com/uns
IP: 222.222.48.206
==============
GENERIC Viagra SHOP
http://bogtrotterik.com/ES001/ 
http://pipkingm.com/ES001/ 
http://221.7.209.72/ES001/
http://saveonpillz.info/ES001/ 
IP: 221.7.209.72 (cnc-noc.net)
==============
GENERIC Viagra SHOP
http://donmehme.com/ES001/ 
http://goodingdn.com/ES001/
http://hindererdk.com/ES001/
http://salometerkl.com/ES001/ 
http://sererih.com/ES001/ 
http://skulkered.com/ES001/
http://rxwholezale.info/ES001/ 
http://vilapirosen.info/ES001/ 
IP: 221.11.133.42 (chinanet)
===============
GENERIC Viagra SHOP
http://sererih.com/ES001/ 
IP: 222.222.48.206 (chinanet)
=================
http://haetndhaet9.com
Alias:
 Ivanov, Vladislav  
 vlodyslav_ivanov@yahoo.com 
Domain servers: 
 ALLADIN.AICSTRUNGCB.BIZ 221.11.133.42 
 GINNY.AICSTRUNGCB.BIZ 222.47.183.90
==============
http://risalafe.com/
Alias:
 Jeff Westbury 
 hostserviceuse@yahoo.com 
Name Servers: 
 ALLADIN.AICSTRUNGCB.BIZ 221.11.133.42 
 GINNY.AICSTRUNGCB.BIZ 222.51.98.245
==============
http://hitchiclah.com/ES001/
IP: 222.51.98.245 (chinatietong)
=================
http://healthe.noelhheil.com/fglkdfj?wiyuy8xpkbdcgkwjfdsklgd
IP: 222.51.98.245 (chinatietong)
Alias: 
 James Harris 
 edwards@mail333.com 
Name Servers:: 
 alladin.aicstrungcb.biz 
 ginny.aicstrungcb.biz
====================
GENERIC Viagra SHOP
http://visional72d3.com/ES001/ 
http://wjncnbfj.com/ES001/
IP: 221.11.133.42 (chinanet)
===============
Other domains: 
bogtrotterik.com
donmehme.com
edgercc.info
erxexpress.info
goodingdn.com
haetndhaet9.com
hitchiclah.com
honeyedlyfm.com
noelhheil.com
risalafe.com
salometerkl.com
saveonpillz.info
sererih.com
skulkered.com
rxwholezale.info
verizemont.info
vilapirosen.info
visional72d3.com
wjncnbfj.com

See previous pages for many more domains



60 Second Mortgage Quote Form
Fake names: Pat Lieberman, Jerry Goodman
Fake emails: patlieberman@yandex.ru, jerrygoodman@yandex.ru
Score = 26
============

==================
http://www.mortgage-ebrokers.com/2/index/bvk
IP: 194.126.188.20 (No valid reporting address)
Up stream provider: 217.239.39.58
Reporting addresses:
abuse@t-ipnet.de
===========
http://www.lending-blocksx.com/index2.php
http://www.mortgage-lowsz.net/index2.php
?refid=ph420
IP: 221.11.134.13 (cnc-noc.net)
=======
http://www.libertyeloan.com/2/index/bvk
194.126.188.1
============
http://www.morntix-star.net/index2.php
?refid=mal
IP: 221.7.209.71
==============
http://www.lendingxid.net/index2.php?refid=mal
http://www.funding-talk.com/index2.php?refid=mal
IP: 221.11.134.13 (cnc-noc.net)
===========
http://www.max-loans.com/2/index/bvk
IP: 194.126.188.20
===========
http://www.lending-tresm.com/index2.php
IP: 221.11.133.41 (cnc-noc.net)
IP: 221.7.209.71
?refid=mal
IP: 222.222.48.207 (chinanet)
============
Dead on arrival
http://www.maximum-loans.net/2/index/bvk
============
http://www.funding-internet.com/index.php
?refid=ph420
IP: 221.11.133.41
Reporting address: abuse@cnc-noc.net
=========
http://www.droppedr8z.com/x/loan2.php
IP: 222.47.183.126 (chinatietong)
IP: 61.232.205.186 (chinatietong) 
=================
60 Second Mortgage Quote Form
http://www.24x7-quotes.com/2/index/bvk
http://e-home-loanz.net/2/index/ 
http://www.instant-approval.net/2/index/bvk
IP: 65.182.143.7 (xo.com)
=========
http://premium-mort.com/
IP: 63.251.83.56
Reporting address:
abuse@internap.com
Redirects to: 
60 Second Mortgage Quote Form
http://simplified-loans.net/3/index/jer
IP: 65.182.143.7
Reporting addresses:
abuse@xo.net
=====================
60 Second Mortgage Quote Form
http://www.point-financial.com/2/index/bvk
IP: 65.182.143.7 (xo.net)
===========================
60 Second Mortgage Quote Form
http://www.mort-your.com/index2.php?refid=ph420
IP: 221.11.133.41 (chinatietong)
================================================
Other domains: 
12mtgnow.com
24x7-quotes.com
cheaplenders.net
droppedr8z.com
e-home-loanz.net
easy-lending.com
fasterdaz.com
fastlenders.net
freedom-financial.net
funding-internet.com
goodwayz.com
h0mel0an.net
instant-approval.net
jnixsa.com
kajsidd.com
kdnix.net
kenxsd.net
kniudx.net
lend-one.net
lending-blocksx.com
lending-tresm.com
lendingdsz.com
lendinxsz.net
lendisx.net
lendix.net
libertyeloan.com
m0rt1.com
max-loans.com
maximum-loans.net
me0rt.com
mort-lowsz.net
mort-your.com
mortgage-ebrokers.com
mortgage-lowsz.net
mortgage-tower.com
mortszx.com
motyd.net
mrldss.com
mrlend123.com
mrratenow.com
nidbchx.com
nowratez.com
point-financial.com
premium-mortgages.com
r8tdrop.com
r8tesdrop.com
re-finances.com
ref1nowz.net
simple-financing.net
simplified-loans.net
yourmort.com



Emerging Equity Alert
Score = 25
No URL. Pump and dump stock scam sent via open proxies on hijacked computers. Started with plain text email but now sends base 64 encoded with microscopic text that I can't read.
============
Related scams:
Eldorado Exploration
CD TRADING CARDS (CDTD)
Nomad International Inc.
Gulf Biomedical Corp
Crystal Graphite Corporation
Martin Nutraceuticals, Inc.
Northeast Development Corporation (NSC)
Eldorado Exploration Inc. (Pink Sheets: EDEX)
EXPLOSIVE PICK FOR OUR MEMBERS
The Daily Stock Barometer
Emerging Growth 0pportunity
Investor Alert Newsletter
Rx Processing Corp.
China World Trade Corporation



2005   Digital Cable Filters
Illegal cable descrambler & bodywrap scammer
Names: Ron Proctor, Antonio Cabo
Emails: inetbiz4you@yahoo.com, 1dnszone@gmail.com
Score = 22
====================================
http://click2out.com
http://click4system.info/r/
IP: 211.48.20.108 (kornet.net)
- Redirects to 
http://click2myshop.com/004/cablefilter/index.html
IP: 211.48.20.108 (kornet.net)
========
http://grouploseweight.com
IP: 222.36.41.170 (chinatietong)
Alias:
 Ron Proctor
 inetbiz4you@yahoo.com
Name Servers: 
 ns1.superdns4u.info 
 ns2.superdns4u.info
Name Servers: 
 ns1.webzconnection.info 
 ns2.webzconnection.info 
Past Name Servers: 
 dns1.name-services.com 
 dns2.name-services.com 
 dns3.name-services.com 
 dns4.name-services.com 
 dns5.name-services.com
================
http://incdropfat.com
IP: 222.110.103.94
- Redirects to
http://www.fitnessdot.com/bw/aff49/index.html
IP: 222.110.103.94
=========
http://click4planet.info
IP: 218.201.45.55 (chinamobile.com)
Whois blocked
Name Servers:
 NS1.1DNSZONE.COM 
 NS2.1DNSZONE.COM
============================
http://corporationa.com
IP: 221.11.134.18
Reporting addresses:
abuse@cnc-noc.net
- Redirects to
http://www.fitnessdot.com/bw/aff17/index.html
IP: 221.11.134.18
Reporting addresses:
abuse@cnc-noc.net
=========
http://tooldropfat.com
IP: 202.71.106.47
Reporting addresses:
m_ghaza@tm.net.my, gatekeeper@eastgate.net.my
-Redirects to
http://www.fitnessdot.com/bw/aff01/index.html
IP: 202.71.106.47
Reporting addresses:
m_ghaza@tm.net.my, gatekeeper@eastgate.net.my
=============
http://1stoptime.info
IP: 203.142.1.18
Report to: indra@webvisions.com, support@shinjiru.com
Name Servers:
 NS1.1DNSZONE.COM 
 NS2.1DNSZONE.COM 
===============
bodywrap scammer
http://dropfatnews.com
IP: 202.71.106.47
Reporting addresses:
m_ghaza@tm.net.my, 
gatekeeper@eastgate.net.my
- Redirects to: 
http://www.fitnessdot.com/bw/aff17/index.html
IP: 202.71.106.47
Reporting addresses:
m_ghaza@tm.net.my 
Alias: 
 Ron Proctor
 inetbiz4you@yahoo.com 
Name Servers: 
 ns1.webzconnection.info 
 ns2.webzconnection.info
=======
Whois webzconnection.info:
Alias: 
 Ron Proctor
 inetbiz4you@yahoo.com 
Name Servers: 
 ns1.webzconnection.info 
 ns2.webzconnection.info
================
http://1stoptown.info
IP: 202.71.106.53
- Redirects to: 
http://1stop4webstore.com/lisa_004/cablefilter/index.html
IP: 202.71.106.53
Reporting addresses:
m_ghaza@tm.net.my 
gatekeeper@eastgate.net.my
===================
http://yourhealthoffice.com
IP: 202.71.106.47
================
http://1stopcentral.info
IP: 202.71.106.53
Reporting addresses:
m_ghaza@tm.net.my, gatekeeper@eastgate.net.my

===========
Other domains:
1click4store.com
1clickagency.info
1clickadvisor.info
1click4store.com
1clickextra.info
1clickgallery.info
1clickgreat.info
1clicklimited.info
1clicksource.info
1clickspot.info
1dnszone.com
1stop4webstore.com
1stoptown.info
1stopnetz.info
1stoptime.info
1clicksystem.com
1clickcomplete.com
1stopcentral.info
click2out.com
click4planet.info
click4system.info
fitnessdot.com
grouploseweight.com
theweightlossfirm.com
tooldropfat.com
weightlossfirm.com
yourhealthoffice.com



BestWatches4U- Rolex, Tag, Louis Vuitton & More
Perfect HGH
Fake names: Mikki Red, Bill Forester, Ivan Solvok
Fake emails: maininfoset@yahoo.com, TaggsIsland@hotmail.com, ivan@mail3ms.com
Score = 19
=================
RolexReplicas4u- Rolex, Tag, Louis Vuitton & More
http://lovelywatches4u.net/
http://thewatchesoncanalstreet.net
IP: 194.126.189.1 (no reporting valid reporting address)
IP: 194.126.189.6 (no reporting valid reporting address)
Upstream provider: 217.239.39.58
Reporting addresses:
abuse@t-ipnet.de
=======
Perfect HGH
http://aabby.info/index1.html 
IP: 222.122.65.44
Reporting addresses:
abuse@kornet.net
Alias:
 Mikki Red 
 Aa,inc 
 maininfoset@yahoo.com
Name Servers:
 NS1.MAGELLAN25.COM 
 NS2.MAGELLAN25.COM 
 NS1.SAMANTHA10.COM 
 NS2.SAMANTHA10.COM
==================
BestWatches4U- Rolex, Tag, Louis Vuitton & More
http://www.chooseyourwatch4u.com
http://chooseyourwatch4u.net
http://www.chooseyourwatch4u.net
http://watchesrus4u.net
IP: 194.126.189.1
Reporting addresses:
gunduzo@kocdg.com.tr
194.126.189.1 ignores complaints
Upstream provider: 217.239.39.58
Reporting addresses:
abuse@t-ipnet.de
Real owner is known felon Bill Waggoner
IP: 59.188.3.70
Reporting addresses:
abuse@telstra.net, 
abuse@newworldtel.com
Alias: 
   Bill Forester
   TaggsIsland@hotmail.com 
Domain servers in listed order: 
   ns1.samantha10.com 
   ns1.magellan25.com 
   ns2.samantha10.com 
   ns2.magellan25.com
=================
BestWatches4U- Rolex, Tag, Louis Vuitton & More
http://www.timepiecesgalore4u.net
IP: 65.182.143.18 (xo.net)
===============
BestWatches4U- Rolex, Tag, Louis Vuitton & More
http://www.perfectwatch4u.com
IP: 219.254.32.69 (hanaro)
Alias: 
 Ivan Solvok
 ivan@mail3ms.com 
Domain servers in listed order: 
 ns1.samantha10.com 
 ns2.samantha10.com 
 ns1.magellan25.com 
 ns2.magellan25.com
===================
1stbuyrolex.com
chooseyourwatch4u.com
aabby.info
perfectwatch4u.com
replicas4me.net
swisstime4us.com
timepiecesgalore4u.net
ultimatetimepiece4u.net
watchesrus4u.net



~*Julie's Webcam*~ / ~*~ College Girl Webcams ~*~
Score = 19
===============
http://www.polarizational.com/ju18/
IP: 221.7.209.71
Reporting address: abuse@cnc-noc.net
============
http://www.marswebsite.com/ju18/
http://misterteepee.com/co25/
http://www.punanipunch.com/ju18/
IP: 221.11.134.13 (cnc-noc.net)
===========
~*~ College Girl Webcams ~*~ / ~*~ College Girl Webcams ~*~
http://www.aolkeywerdz.com/ju18/
http://correctspeling.com/co25/
http://www.fivesandpennies.com/ju29/
http://www.polarizational.com/ju18/
http://www.tatankarules.com/ju18/
IP: 221.11.133.41 (cnc-noc.net/chinanet)
===============
http://pullpushstop.com/co25/
IP: 61.183.60.27
Reporting addresses:
abuse_hb@public.wh.hb.cn, spam_hb@public.wh.hb.cn, postmaster@wh.hb.cn, zhx@jzinfo.com
IP: 221.7.209.71 (cnc-noc.net)
Alias:  
 Steve Cross 
 cross.steve@gmail.com 
Domain Name Servers: 
   NS01.LISATURTLE.COM 
   NS05.LISATURTLE.COM
=================
http://ladytoysite.info/co25/
=============
http://www.jeffersondarcy.com/ju18/
IP: 61.232.205.187
abuse@chinatietong.com
==========
~*~ College Girl Webcams ~*~
http://kellykapowski.com/co25/
IP: 61.232.205.187 (chinatietong)
Alias:  
Steve Cross 
 cross.steve@gmail.com 
Domain Name Servers: 
 NS1.FORACYNTRO34.COM 
 NS2.FORACYNTRO34.COM
====================
http://wsart.info
IP: 216.52.184.240 
Report to: abuse@internap.com
- Redirects to:
~*Julie's Webcam*~
http://buttermagma.info/ju30/index.html
61.232.211.2 (chinatietong)
Alias:
 Steve Cross 
 cross.steven@gmail.com 
Name Servers:
 NS2.NOMACITA.COM 
 NS1.NOMACITA.COM
==============
http://www.kellykapowski.com/ju18/
IP: 61.232.205.187
============================
~*~ College Girl Webcams ~*~
http://5lessthanless.com/co25/
IP: 222.222.48.202 (chinanet)
========================
Other domains:
5lessthanless.com
aolkeywerdz.com
com2morethanmore.com
correctspeling.com
famousloaves.com
finallyseven.com
fivesandpennies.com
goodagainnow.com
inallyseven.com
foursamurais.com
kellykapowski.com
tatankarules.com
ucanttouchfist.com



Amplifico | The Sexual Performance Solution / Tiberius Erectus
Amplifico | The Sexual Performance Solution
Score = 14
==============
Tiberius Erectus
http://gopamania.com
http://gopamegasite.com
IP: 222.122.65.23 (kornet)
=============
http://gopachat.com
IP: 222.122.65.23 (kornet)
Alias:
    jose, sd  
    rogerstevens01@netscape.net 
================
Tiberius Erectus
http://gopabuy.com

IP: 222.122.65.23 (kornet)
==================

Amplifico | The Sexual Performance Solution
http://gopacityx.com
IP: 222.122.65.23 (kornet)
=============
Other domains
gopabuy.com
gopachat.com
gopacityx.com
gopamania.com
gopamegasite.com
popkaland.com
popkasale.com
popkasite.com



Michael Lindsay / iMedia Networks / Addrive ProductTestPanel.com

6/24/05
This scam spewing asshole moved to 200.108.172.10. The listed reporting address for 200.108.172.10 is pdlweb@yahoo.com. A yahoo address is most likely the scammer himself. Traceroute shows the upstream provider to be 
IP: 64.116.36.77
Reporting addresses:
abuse@mci.com

On 5/05, MCI finally booted this scammer and he moved  to xo.com using 69.67.72.10 & 69.67.72.20
Emailed reports to whoa007@pacbell.net & abuse@xo.com are ignored
Contact XOSales
Call toll-free 1.877.932.2629 
Support 
Call toll-free 1.888.575.6398
XO quickly proved to be even worse than MCI. When phoned, they denied having any connection to this scammer even when confronted with traceroutes proving that the provide connectivity.

Score = 7
==============
http://servingmail.com/life.html
IP: 69.67.72.10
Reporting addresses:
abuse@xo.com
- Redirects to:
http://aftrk.com/c/c?b=20865&h=19541&sh=316862&bt=html
http://aftrk.com/c/c?b=20865
IP: 216.23.173.249
Reporting addresses:
abuse@intelenet.net
Whois blocked
Name servers: 
 NS3.INTELENET.NET 
 NS4.INTELENET.NET

http://aftrk.com/c/c?b=20865
- Redirects to
ETerm; life insurance: term life insurance, life insurance quote, life insurance company, term life insurance quote
http://www.eterm.com/VM/newquote.asp?publisher=Afffuel&campaign=EmailM&bannercode=316862
============

http://goldenfury.com
Reporting addresses:
abuse@mci.com
Registrant: 
Software Factory Solutions 
contact@thehottestthingaround.com 
Domain servers in listed order: 
NS1.THEHOTTESTTHINGAROUND.COM 63.82.96.35
Host: 63.82.96.35
Reporting addresses:
abuse@xo.com 
abuse@mci.com
================
Other domains

1. 0NTHEBA11S0FTWARE.COM
2. 18ANDOLDEROFFERS.COM
3. 1UXYS01UT10NS.COM
4. A11THES0FTWAREY0UNEED.COM
5. ADULTONLYOFFERS.COM
6. ADULTSUBSCRIPTIONOFFERS.COM
7. ALLAROUNDTHINGS.COM
8. ALLTHEMEDSYOUNEED.COM
9. ALWAYSIMPORTANT.COM
10. AMAZINGPHARMACYSAVINGS.COM
11. B1C0RP1US.COM
12. BACKPOST.BIZ
13. BEHINDITALLEXCHANGE.COM
14. BIGBUCKS4DRIVING.COM
15. BIGCAPABILITIES.COM
16. BIGCASH4DRIVING.COM
17. BLANKTRADE.COM
18. blastoffcom.com
19. BLAZEBOUNCE.COM
20. BREAKTHROUGHVISIONARIES.COM
21. BUCKS4DRIVING.COM
22. BUYANDSAVEONMEDS.COM
23. BUYMEDSONLINEANDSAVE.COM
24. C0MP1ETE1S01UT10NS.COM
25. C0MP1ETETARGET1NG.COM
26. CHEAPDRUGS4U.NET
27. CLICKANDSAVEONMEDS.COM
28. CREATIONPLACED.COM
29. CREATIVECRAFTANDMORE.COM
30. CREATIVEFACESMORE.COM
31. CROSSINTEREST.COM
32. CRUISECARS4CASH.COM
33. DATALINKEXCHANGE.COM
34. DEALSFOR18ANDUP.COM
35. DIGITALPROPOGANDA.COM
36. DISCOUNTEDDRUGSONLINE.NET
37. DISCOUNTEDMEDSONLINE.COM
38. DREAMCONTROLLER.COM
39. DREAMWAKING.COM
40. DRIVE4BIGBUCKS.COM
41. DRIVE4INCOME.COM
42. DRIVE4PAYCHECKS.COM
43. DRIVEMAKINGMONEY.COM
44. E11TEPR0DUCTSSPEC1A11YF0RY0U.COM
45. EARNMONEYWHILEDRIVING.COM
46. EASTCOASTLIQUIDATIONCENTER.COM
47. EASYMONEYDRIVING.COM
48. EMA11SPYPR0GRAM.COM
49. FASTCASH4DRIVING.COM
50. fastserving.com
51. FREESERVING.COM
52. GETPRESCRITIONMEDSONSALE.COM
53. GETRICHDRIVING.COM
54. GETTH1SS0FTWAREN0W.COM
55. GETYOURMEDSONLINEHERE.COM
56. GETYOURPRESCRIPTIONSONLINE.COM
57. GOLDENEXPERT.COM
58. GOLDENFURY.COM

IP: 63.82.96.35
59. GOLDENVIRTUAL.COM
60. GONEPOINTONE.COM
61. GREATDEALSONADULTSITES.COM
62. GREATPRICES4PILLS.COM
63. GROUPDRUGSONLINE.COM
64. H0TAMAZ1NGPR0GRAMS.COM
65. H0TANDNEWPR0GRAMS.COM
66. HOTADULTDEALS.COM
67. HOTMATURESITES.COM
68. IMPROMPT.COM
69. INCOME4DRIVING.COM
70. INSTALLEREXCHANGE.COM
71. INTERESTOR.COM
72. INTERESTSAVVY.COM
73. KICKHOSTING.COM
74. LARIMORECREATIVE.COM
75. lifemakings.com
76. LOCKINGPOINTONE.COM
77. M0N1T0RWHATTHEYD0.COM
78. MAK1NGTH1GSHAPPENF0RY0U.COM
79. MAKEMONEY4DRIVING.COM
80. MAKEREALCASHDRIVING.COM
81. MAKESERIOUSMONEYDRIVING.COM
82. MAKINGMORECREATIVES.COM
83. MALLPACKS.COM
84. MANDARINEFFECTS.COM
85. MATUREWEBSITEDEALS.COM
86. MIDWESTPROPOGANDA.COM
87. MIDWESTPROPOGANDALAND.COM
88. MONEYSAVINGDRUGSITE.COM
89. NAMEBRANDPILLSDISCOUNTED.COM
90. NETMANDARIN.COM
91. NETWORKVISIONARIES.COM
92. NEWEASTCOAST.COM
93. NEWEDGECORP.COM
94. NEWEDGEZONE.COM
95. NEWMEDIAEDGE.COM
96. ONLINEPHARMACYSUPERSTORE.COM
97. OPENCONTROLLER.COM
98. OPENFACES.COM
99. PAB10S0FT.NET
100. PAYCHECKFORDRIVING.COM
101. PHARMACYSAVINGS4U.COM
102. PINPOINTMONEY.COM
103. PROCONTROLLERS.COM
104. PROFITWHENDRIVING.COM
105. PROMPTHANDLINGTIPS.COM
106. PROMPTPLUS.COM
107. PROPOGANDALAB.COM
108. PURCHASEYOURPILLSONLINE.COM
109. QUICKPACED.COM
110. R1GHTMAPS.COM
111. RAPIDPROMPT.COM
112. REWARDS4DRIVING.COM
113. S0FTWAREC0MPET1T10N.COM
114. SATISFYINGFORPROFITS.COM
115. SATISFYINGRAPHICS.COM
116. SAVEONYOURPRESCRIPTIONSONLINE.COM
117. SECRET1YKN0WEVERYTH1NG.COM
118. SEEMORECREATIVE.COM
119. SERIOUSMONEYPAID2DRIVE.COM
120. SERVINGMAIL.COM
121. SERVINGONES.COM
122. SITEFARMS.COM
123. STUFFYOUACTUALLYCAREABOUT.COM
124. SUPPLYPALACE.COM
125. THEBESTS0FTWAREY0UCANBUY.COM
126. THEHOTTESTTHINGAROUND.COM
127. THENEWINNOVATIVEEDGE.COM
128. THESTOPPOINT.COM
129. THINGSAROUND.COM
130. topserving.com
131. TRADEPOINTONE.COM
132. ULTIMATEADULTOFFERS.COM
133. UN1QUE0FFERS0N11NE.COM
134. VERYSATISFYING.COM
135. VISIONARIESLEADERSHIP.COM
136. WAKINGENDS.COM
137. WAKINGS.COM
138. WESTCOASTDESICIONMAKING.COM
139. XRTHOSTING.COM
140. Y0UCANW1NW1THTH1S.COM
141. YESITALLCANBEDONE.COM
142. YOURPILLFACTORYOUTLET.COM
143. ZSXCONTROLLER.COM
144. ZXRMAIL.COM

The above domain names are just redirects for various "affiliate programs" such as WebRewardsCentral.com, Addrive and ProductTestPanel.com

WebRewardsCentral.com
http://www2.webrewardscentral.com
RegistrantContact: 
  MarketLabs.net Inc
 admin@marketlabs.net 
Domain servers in listed order: 
 NS2.MARKETLABS.NET 66.33.254.12 
 NS1.MARKETLABS.NET 66.33.254.11 

Addrive
http://www.addrive.com 
http://jp1.sb01.com/index.php 
IP: 208.38.131.24
Report to: abuse@esnet.com
Whois: 
 Yacoubian, Dikran   
 subscriberbaseholdings@yahoo.com 
 3830 Forest Drive 
 Suite 207 
 Columbia, SC 29204 
 US 
 803-790-8381 
Domain servers in listed order: 
 DNS101.SB01.COM 204.74.66.252 
 DNS102.SB01.COM 204.74.67.252
From web page: 
 Nancy Margaret Jones
 nancymargaret@addrive.com

ProductTestPanel.com
http://producttestpanel.com
IP: 208.38.131.22
Report to: abuse@esnet.com
Whois:
 Dikran Yacoubian:  subscriberbaseholdings@yahoo.com 
 SubscriberBASE Holdings, Inc 
 3830 Forest Drive 
 Columbia, South Caro 29204 
 US 
 Phone- 803-790-8381 
Domain servers in listed order: 
 DNS101.SB01.COM 204.74.66.252 
 DNS102.SB01.COM 204.74.67.252 

IPs this scammer uses to send from
69.67.72.10, 69.67.72.20
Reporting addresses: abuse@xo.com
This info from a IP whois looks like it is real. If you are looking to sue this spammer, start with this asshole. Even if he is not the one sending the spam, he is well aware that his network is being used by the spammer because he is profitting from it ad ignoring all complaints.
CustName: Roger Graves 
Address: 301 W. Capital Exp. 
City: San Jose 
StateProv: CA 
PostalCode: 95136 
Country: US 
NetRange:   69.67.72.0 - 69.67.72.255 
NetName:    DATAMONITOR-BUSSINESS-INFORMATION 
OrgTechHandle: NOC1264-ARIN 
OrgTechName:   Network Operations Center 
OrgTechPhone:  +1-408-268-4526 
OrgTechEmail:  whoa007@pacbell.net



Malena Management spam gang
Fake Names: Alejandro Quesada, EDWIN VILLAPANDO
Fake Emails: Alex913@indiatimes.com, malena525@indiatimes.com
Score = 6
===================
Free Foreign Currency Exchange Information Request
http://akeeuncle.info/astral/lord/ 
http://bulgursquid.net/astral/cooright/
200.108.172.5 (No valid reporting address)
Upstream provider: 64.116.160.18
Reporting addresses:
abuse@mci.com
==========
Get a FREE Mortgage Quote TODAY!
http://otisactive.info/astral/cooright/
IP: 200.108.172.5
Report to: fwdctrl@yahoo.com
fwdctrl@yahoo.com bounces
fwdctrl@yahoo.com known spammer
Upstream provider: 64.116.160.18
Reporting addresses:
abuse@mci.com
===========
Get a FREE Mortgage Quote TODAY!
http://lipariscurry.biz/astral/accescom/ 
IP: 69.67.72.118 (xo)
Malena Spam Gang
Alias: 
 Alejandro Quesada 
 Alex913@indiatimes.com 
Name Servers: 
 NS1.DMITRIQUICK.BIZ 
 NS2.DMITRIQUICK.BIZ
========
crapbroth.com
hyaenastir.com
psophiastable.net
steeringgiblet.com
tongancrunchies.info
tortricidpeel.net



The Mortgage Source
Sent via open proxy on a trojaned computer. Web site hosted on criminal  tolerant ISP in China. Just the kind of people you want to give your money to.
Score = 4
===================
The Mortgage Source
http://ahnhgh.com/
IP: 211.144.147.131
Report to: 
llz@srit.com.cn, abuse@srit.com.cn, shenzhi@cnnic.cn
===============
The Mortgage Source
http://ez-rate.info
IP: 221.209.18.3
IP: 219.147.197.196
Whois blocked by ProtectFly.com 
Tech Email:15663638.fly@spamfly.com 
Name Servers:
 NS1.ANZWERSNET.BIZ 
 NS2.ANZWERSNET.BIZ
Contact in spam:
 (800) 513-3855 
 Laura Wayne
 domele@glasgow.cx 

==========
Other domains:
ez-rate.info



Score = 2
http://healup.info
http://medkit.info
213.135.64.93
Reporting addresses:
abuse@telecore.net.ru



Internet Laboratories Corp.
Success! / Bodycare
They're baaack! I had hoped this one got busted after he disappeared from my mailbox months ago. Fake whois. Illegal drugs (if there are real). Hosted by rogue ISPs in China. Domain name morpher. This asshole does it all.
Score = 3
http://freenewiteminfo.com/mp/
http://freenewiteminfo.com/lj/
http://prideknowledgeline.com/lj/
http://prideknowledgeline.com/mp/
http://realpowersecret.com/mp/ 
http://realpowersecret.com/lj/
IP: 61.234.143.139, 61.234.143.140 (chinatetong)
Alias: 
 Haiyi Ling Haiyi Ling 
 dlanor_yong_buga@yahoo.com 
Nameserver Information: 
 ns3.todayisp.com 
 ns4.todayisp.com



http://angeletcb.com
http://visional72d3.com/
Score = 2
Dead on arrival
Alias: 
 Zhamelgo, Alexandr 
 aazhago@yahoo.com 
Domain servers: 
 DOG.CCPATONCEJK.BIZ 202.99.172.145    
 TSURT.CCPATONCEJK.BIZ 200.149.11.62



Penis Growth Patch Rx...
Score = 1
http://www.jnaz.net/ 
IP: 217.20.209.147
Reporting addresses:
s_mal@informtelecom.ru



MegaPowerPills.com
Score = 2
MegaPowerPills.com
http://222.47.183.84/ 
http://tuecustodygood.com
IP: 222.47.183.84 (chinatietong)
============
http://timecreasewind.com/ 
IP: 222.47.62.179 (chinatietong)
=======================
timecreasewind.com
tuecustodygood.com



Health Suite, Popularsoftware, Software Now, CDCheap, Online Pharmacy, "Carol Brisbine", Pharma Shop, / Max Length 3 / WECHEAPHOSTING.COM / THATSCHEAPHOSTING.COM / CaesarBucks
Fake names: Marjorie Lobos, Vicky Ralph, Steve Cross, Kim Young; Roger Stevens, Jonathan Roving, Xiaoyu ZHU, OKA DOKEN, Chengzhong XU, Eva Paterson, Tom Rogers, Stevens Media
Fake mails: marjorielobos@argentina.com, RALPHDOMAIN@YAHOO.COM, cross.steven@gmail.com, KimYoung188@lycos.com, rogerstevens0@netscape.net, jonathanroving16@netscape.net, GREG12023@YAHOO.COM, r3gyg3l@hotmail.com, kenokado@yahoo.com, dabteae@hotmail.com, jackson_kriner@yahoo.com, vortexmedia@hotmail.com
Score = 7
===============
Software Now
http://bigaaron.info/ 
IP: 211.147.228.99 (ct-abuse@sprint.net)
IP: 222.47.183.151 (chinatietong)
=======
Dead on arrival
http://www.seemsfine.info
Alas:
 Vicky Ralph 
 RALPHDOMAIN@YAHOO.COM 
Name Servers:
 NS1.DNS4U.BIZ 
 NS2.DNS4U.BIZ
========
Pharma Shop
http://drivena.info
IP: 210.21.110.247 chinanet)
Alias:
 Vicky Ralph 
 RALPHDOMAIN@YAHOO.COM 
Name Servers:
 NS1.DNSANDHOSTING.INFO 
 NS2.DNSANDHOSTING.INFO
http://drivena.info/?d3783f75ec70ddc01cbgb5717b45aae2
- Redirects to
SoftShop
http://drivena.info/shop.php
Front for:
Software Now
http://www.youbuysoft.info/
IP: 210.21.110.251
Reporting addresses:
abuse@chinanet.cn.net
Alias
 Eva Paterson 
 GREG12023@YAHOO.COM 
Name Servers:
 NS1.DNSANDHOSTING.INFO 
 NS2.DNSANDHOSTING.INFO
==================
Software Now
http://210.21.110.245/ 
http://www.zazxux.info
IP: 210.21.110.245 (chinanet)
Alias:
 Name:Vicky Ralph 
 Email: RALPHDOMAIN@YAHOO.COM 
Name Servers: 
 NS1.DNSANDHOSTING.BIZ 
 NS2.DNSANDHOSTING.BIZ
==============
ax Length 3
http://babamoviesong.com
http://popkatown.com
IP: 222.122.65.23 (kornet)
====================
CaesarBucks
http://babaganoushx.com

IP: 202.73.247.13
--
=========
Whois: THATSCHEAPHOSTING.COM 
Thats Cheap Hosting 
 42 siempre ojos 
 san jose 1000 
 CR 
danielthurgood0@netscape.net 42 
 Domain servers in listed order: 
 NS2.THATSCHEAPHOSTING.COM 61.137.52.53 
 NS7.THATSCHEAPHOSTING.COM 61.137.52.37 
 NS05.THATSCHEAPHOSTING.COM 202.73.247.14 
 NS5.THATSCHEAPHOSTING.COM 218.7.112.233 
==============
Other domains:
baba-rajni.com
baba-song.com
babababedesidesi.com
babamoviesong.com
bigaaron.info
bigtimemango.com
bobzqz.info
bringmoretolife.com 
bubxtx.info
md20.com
popkatown.com
securequickmeds.com



Score = 7
Sent via open proxies
http://www.allsportsnutrition.com
http://anabolicreview.com
http://www.steroid.com
IP: 70.85.164.2, 70.85.164.5
Report to: abuse@theplanet.com
Alias:
 Clapp, Brian
 steroid@steroid.com 
Domain servers in listed order: 
A.NS.ALLSPORTSNUTRITION.COM (70.85.164.2)
B.NS.ALLSPORTSNUTRITION.COM (67.18.108.244)
Report to: abuse@theplanet.com



Homelandliberty Online Rx
Score = 2
Homelandliberty Online Rx
http://ljwekrlwenmaahj.info/d/
IP: 221.11.133.41 (chinanet)
====================
Homelandliberty Online Rx
http://www.hjfjkaelhkjzhkljh.info/d/
Rotating IPs:
IP: 222.51.98.244 (chinatietong.com)
IP: 221.11.133.41 (cnc-noc.net/chinanet)
==============
Other domains: 
hjfjkaelhkjzhkljh.info
homelandliberty.com
ljwekrlwenmaahj.info



abbywinters.com
http://www.abbywinters.com
IP: 66.240.207.164
Alias:
 Garion Hall 
 G Media 
 garion@istos.com.au 
Name servers:
 nserver: ns1.aspadmin.com 
 nserver: ns2.aspadmin.com 
 nserver: ns3.aspadmin.com



Planon Handheld Scanner - DocuPen
Scor = 2
http://66.199.161.243/ 
http://www.planon.com
IP: 66.199.161.243
Reporting addresses: abuse@peer1.net



Score = 3
Dead on arrival
http://www.nate.com/r/p6817888/rzx.recorcompani.com/
IP: 203.226.255.16
==========
http://www.nate.com/r/h53413/jceve.providicellul.com/
IP: 203.226.255.16 (sknetworks)



..:ENORMAX:.. / annblue.com
Fake names: Jessie Skaggs, Stephen Frazier, larry davis
Fake emails: jessiekgs@cliffhanger.com, larrydavis232323@yahoo.com, stephenfrzr@consultant.com
Score = 3
===================
.:ENORMAX:.
http://mothersnaturesbest.info
IP: 221.5.250.119 (chinanet)
==========
.:ENORMAX:.
http://antigoods.com
http://goodslook.com/gh
IP: 61.232.205.187 (chinatietong)
============
Name Servers:
 NS2.NOMACITA.COM 
 NS1.NOMACITA.COM
Name Servers:   
 NS.DOEENTERTAINMENT.COM 
 NS1.DOEENTERTAINMENT.COM
/home/site1/index.php
==================
Other domains:
capitalgainsprivately.info
herbangiuos.com
mail4bux.biz
makehersayouch.info



The American Refinancing Specialists - The American Refinance Mortgage Specialist
Fake names: jeff jackson, Keith Pearce  
Fake emails: feffjackson12345@yahoo.com, kpearce37@yahoo.com
Score = 1
================
The American Refinancing Specialists
http://www.tra1ns.com/housing.asp
IP: 202.71.106.49
===================
The American Refinance Mortgage Specialist
http://www.c0meh3re.com
http://www.cr3at3.net 
http://dr3am1er.com
http://www.h1gher.net
IP: 221.208.208.4, 221.208.208.7
=================
Other domains:
1-m-n.com
1ndeed.com
c0meh3re.com
cr3at3.net
dr3am1er.com
h1gher.net
mort-today.net 
now-and-forever.net
ok-mrg-now.net
tra1ns.com



Home 
http://www.simplesolutions-online.co.uk/
IP: 212.84.175.70
Report to: 
james@skymarket.co.uk, ripe@skymarket.co.uk



Score = 3
http://nolightswerehome.com/p.php
IP: 61.232.205.187 (chinatietong.com)
Alias:
 Joa all
 joaallens@hotmail.com
Name Servers: 
 ns1.llamarada2006.com 
 ns2.llamarada2006.com
- Redirects to: 
PornDVDDirect - Adult Content Warning!
http://www.porndvddirect.com/
IP: 66.235.134.139 
Reporting addresses:
abuse@focal.com



Welcome to Online Replica Store.....
Simply Rx
Fake names: Roelf Van der Brug, Richard Graham
Emails: admin@taiwanmedialtd.com, domainalias@yahoo.com
Score = 2
=====================
http://qualitymba.info/fgh.php
Alias:
 Andres Gonzalez 
 arteur@uzhe.net 
Name Servers:
 NS1.DNSANDHOSTING.INFO 
 NS2.DNSANDHOSTING.INFO
=================
http://www.vf9.net/rx/barbara/
http://www.mq5.net/fgh.php
http://www.mq5.net
- Redirects to:
Welcome to Online Replica Store.....
http://www.online-replica-store.com/ 
IP: 221.11.133.64 (chinanet)
- Or redirects to:
http://www.simple-meds.com/affiliate/?id=&url=
IP: 200.215.248.7
Reporting addresses:
postmaster@cert.br, 
mail-abuse@nic.br
====================
Other domains: 
0rdernow.com
h67.net
hycod.com/
ibtz.com
iknd.com
jaqo.com
lekl.com
medforutoday.com
medicateu.net
medrxcheap.net
medsforunow.net
mq5.net
mustbegood.info
nf0.net
oi6.net
online-replica-store.com
p1k.net
phents.com
qwild.com
r0lex.net
rrox.com
simple-meds.com
simply-rx.net
t0w.net
tlme.net
vaigra.net
vf9.net
xenl.com
y73.net



Quick App Loans
http://www.happyhomesite.com
IP: 204.17.89.6
Reporting addresses:
postmaster@conversent.com, abuse@conversent.com
Alias: 
 Ray, Brown 
 cmgceo@gmail.com 
po box 9801 
chesapeake, Virginia 23321 
United States 
(757) 627-5433 
Domain servers: 
 NS1.HN.ORG 
 AUX1.HN.ORG



dead on arrival
http://happyoem.com/
Alias: 
 ANTHONY CRIPPEN 
 xmasta@gmail.com 
Name Servers: none



Online cassino scam
1-877-800-5085 ext:315 
Score = 2
Online cassino scam. Sent from open proxy.



Dead on arrival
http://eacdgkl.doctoradvise.info/?bfhijmgklxwwvyezgvacd
IP: 222.47.183.81
Report to: 
wangpei@crc.net.cn, ipas@cnnic.net.cn, crnet_tec@chinatietong.com
Alias:
 Daniel Richtas 
 jck_bernard@yahoo.com 
Name Servers:
 NS1.DOCTORADVISE.INFO 
 NS2.DOCTORADVISE.INFO 
 NS3.DOCTORADVISE.INFO



*** MAGNUM EURO TUNINGSHOP, Exhaust Specialist - Performance air filter, Performance part ***
http://ljwekrlwenmaahj.info/ 
IP: 221.11.133.41
Reporting addresses: abuse@cnc-noc.net, abuse@chinanet.cn.net
- Redirects to
http://www.magnumtuning.com"> 
IP: 195.228.254.138
Reporting addresses:
irina@axelero.hu, 
andras@tudos.hu, 
zotya@axelero.hu



DNSANDHOSTING.INFO
Corrupt name server connected to various scams
Alias:
 Andrey Gukevic 
 skimmer@fromru.com



Your Mortgage Refinance Quote
http://www.fastrefi.biz/
?r=ae864age
IP: 202.73.247.254
Reporting address: abuse@hkabc.net



NameBrandRx.com - Discreet, Private, and Confidential Online Store
Score = 2
=======
http://ewaypharmacy.com/ 
http://namebrandrx.com/
http://warehousewebelong.net/ 
IP: 200.186.235.20
Report To: 
postmaster@cert.br, mail-abuse@nic.br
Alias:
 John C. Roberts 
 rxdomains@indiatimes.com 
Name Servers:: 
 ns1.namebrandrx.biz 
 ns2.namebrandrx.net 200.186.235.202 
 ns3.namebrandrx.biz
===========================
ns1.namebrandrx.biz
NS1.NAMEBRANDRX.BIZ
Alias:
 Rxdomains 
 Ghandi Raja 
 rxdomains@indiatimes.com 
Name Servers:
 NS1.NAMEBRANDRX.BIZ 
 NS3.NAMEBRANDRX.BIZ 
 NS2.NAMEBRANDRX.NET



419 scammer:
braindave99@walla.com
Reporting addresses:
postmaster@walla.net.il, abuse@walla.net.il



Online Pharmacy - findbestpicks.com
http://findbestpicks.com
IP: 222.80.184.29
Reporting addresses:
anti-spam@chinanet.cn.net, ct-abuse@abuse.sprint.net



http://www.elsoldelaflorida.com/ebooks/html/index.html
IP: 216.97.79.160
Report to: abuse@supportteam.net



http://www2.female-o-secrets.com
IP: 202.73.247.131
Listed reporting address:
ah05ah05@hotmail.com
ah05ah05@hotmail.com looks like it is the spammer
Upstream provider
IP: 202.64.60.180
Reporting addresses:
abuse@pacific.net.hk



Emerald Passport
Fake names: Andrew Murray, brane kisic, George Ballard
Fake emails: webmaster@wealth-ambition.com,  snlbra@sbcglobal.net, george@cash-hq.com
Joining Emerald Passport? Fast Startup with A++ Training, Mentoring, and Free Leads
http://www.cashhereonline.com/
IP: 64.202.163.182
Domain servers:
 WSC1.JOMAX.NET 
 WSC2.JOMAX.NET
======
http://www.wealth-ambition.com/ep/
IP: 64.239.158.147
Alias: 
 Murray, Andrew 
 webmaster@wealth-ambition.com 
Domain servers:
 NS1.THIRDSPHEREHOSTING.COM 
 NS2.THIRDSPHEREHOSTING.COM
==========
www.joinemeraldpassport.us
http://joinemeraldpassport.us/
IP: 64.202.167.129
Alias: 
 brane kisic 
 snlbra@sbcglobal.net 
Name Servers: 
 PARK3.SECURESERVER.NET 
 PARK4.SECURESERVER.NET
===========
EPI Secrets - All About Emerald Passport - The Majestic Home-Based Business!
http://www.episecrets.com/
IP: 216.235.153.3
Alias: 
 Ballard, George
 george@cash-hq.com 
Domain servers:
 NS.BONA.US 
 NS2.BONA.US 
 NS5.BONA.US



CATV Filters - Buy 2 Get Shipping Free!!
http://ez-shoppin.net/
IP: 222.208.168.126
Reporting addresses:
postmaster@mail.sc.cninfo.net, anti-spam@mail.sc.cninfo.net, ct-abuse@abuse.sprint.net, postmaster@sc.cninfo.net



Online casino scam
1-877-806-6810 extention 57



Fat Burner Extreme! Big Discounts on The Best Weight loss Diet Pills
http://slimfat.info
IP: 69.25.142.3
Reporting addresses:
abuse@internap.com
For http://slimfat.info
frame src="http://www.coastalpromo.net/xfb
http://www.coastalpromo.net/xfb
IP: 205.178.145.65
Reporting addresses:
mark.salerno@inquent.com
Domain servers in listed order: 
 NS33.WORLDNIC.COM 216.168.228.19 
 NS34.WORLDNIC.COM 216.168.225.164
For 216.168.228.19
Reporting addresses: abuse@netsol.com
======
http://s-t-o-p.info
IP: 64.74.96.243
Reporting addresses:
abuse@internap.com
frame src="http://coastalpromo.net/remove/"
IP: 205.178.145.65
Reporting addresses:
mark.salerno@inquent.com
======
Name Servers for slimfat.info & s-t-o-p.info
DNS1.NAME-SERVICES.COM 
DNS2.NAME-SERVICES.COM 
DNS3.NAME-SERVICES.COM 
DNS4.NAME-SERVICES.COM 
DNS5.NAME-SERVICES.COM
IP: 212.118.243.118
Reporting addresses:
abuse@internap.com



http://prefered-loans.net/rem.php
IP: 194.126.188.1 (no reporting valid reporting address)
Upstream provider: 217.239.39.58
Reporting addresses:
abuse@t-ipnet.de
Alias: 
 Hentington, Ronald 
 americanfinancial2005@yahoo.co.uk 
Domain servers in listed order: 
 NS1.XZMAK.COM 66.249.21.139 
 NS2.XZMAK.COM 66.249.21.139 
 NS3.XZMAK.COM 66.249.21.139 
 NS4.XZMAK.COM 66.249.21.139 
 NS5.XZMAK.COM 66.249.21.139 
 NS6.XZMAK.COM 65.182.143.7



Arizona Resort A Arizona Scottsdale Resort Luxury CopperWynd Resort& Club, AAA Four Diamond Arizona resort
http://www.copperwynd.com/sum2005/eb050628flashentry.htm
IP: 64.141.100.42
Report to
postmaster@bigpipeinc.com, abuse@bigpipeinc.com



:: dotLOANZ :: The Best Way to Get a Loan
http://ldlfjd.info
IP: 201.8.172.39



Rxdrugdeals.com
http://www.rxpharmaplus.com
IP: 69.25.142.3
Alias:
 RxPharma Plus   
 support@rxpharmaplus.com
Name Servers: 
 dns1.name-services.com 
 dns2.name-services.com 
 dns3.name-services.com 
 dns4.name-services.com 
 dns5.name-services.com

2/05
3/05
4/05
5/05
6/05
7/05
8/05
9/05
9/10