The Final Straw
The spam host's domains
The host computer is located in China. This is because is is near impossible to get Chinese ISP's to act on abuse. The IP number (a physical address) has changed since the attacks and the Red Cross spam. It may be that in this extreme case, with the terrorism connection, a Chinese administrator found the host too hot to handle. However, the spammers just set up on a different Chinese ISP.
The spammers need a number of domain names for their one host:
The downside of the domain names for the spammers is that they open up a money trail. domains have to be paid for, and a bounced payment should result in domain suspension. The more domains that are paid for, the more the possibility of tracing them increases.
Another potential downside for the spammers is that once the connection between the domains is recognised, inspection of the domain registration details will raise questions about the validity of the contact details supplied. Valid details are a requirement of registries.
As will be seen in the individual domain listings,
Apart from the possible money trail, the spammers are potentially exposed to the domain registries cancelling the domain because of abuse complaints. I say 'potentially' because to date, the indications are not encouraging. Despite the fact that the domains are clearly involved in systematic fraud, some registries are slow to respond and/or unwilling to act.
The list of domains below links to a page per domain. I will record my exchanges with each registry in the appropriate page.
Chasing the domains is not the main point. It's something to do while waiting for action on a particular WTC fraudster. Maybe trying to get the domains nuked is my way of dealing with the attacks - my way of actually doing something to bear witness to the short life of a little girl and to the lives of all those others.
I have information on other domains that were served by the spam host's own nameserver computers.