news:8xWQc.2909$923.627@bignews1.bellsouth.net...

Oh, if you're a chick, I think I'm in love... you just uncovered yet
another server of theirs (222.233.52.109). The one I was working on was
201.3.240.226. This one is hosted on HanaNet, mine is hosted on
BrasilTelecom.

Ok, here's what you do.

1) Do a DNS lookup on the domain name.
    In this case, that domain resolves to 222.233.52.109.

2) Do a lookup on WHOIS.webhosting.info:
    http://whois.webhosting.info/222.233.52.109
    This doesn't show anything right now... check back tomorrow, after the
server updates, to see if there are any new entries. It also helps to
converse with people here to get the domain names of the Russian Spam
Gang... there is strength in numbers. I'm looking for other methods of
figuring out what websites a server is hosting.

3) Take any FQDN's that you know belong to that IP address that are
registered through InterCosmos, and add /OE017/, /MC021/, /MS020/, and
/ES001/ to that:
http://www.eknmeem.info/OE017/ (pirated software)
http://www.eknmeem.info/MC021/ (penile enlargement)
http://www.eknmeem.info/MS020/ (mortgage quotes)
http://www.eknmeem.info/ES001/ (viagra)

Yep, that is definitely a Russian Spam Gang website.

Now, write up a full LART, and report it to abuse at Intercosmos.com, and
CC it to Donny at InterCosmos (I think you can figure out the email
address...). Tell Donny it's another Russian Spam Gang website. After he
visits the sites and recognizes the content, he should put them on
Registrar Hold status.

All the Russian Spam Gang spamvertised websites that I know of were
registered through either InterCosmos, or NameBay. I'm still trying to get
a contact at NameBay that will act. Once I do, I'll let everyone here know
what it is.

If anyone has a contact at NameBay, let us know, so we can get these
spammer scum shut down.