The Final Straw
The spam host's domains
The host computer is located in China. This is because is is near impossible to get Chinese ISP's to act on abuse. The IP number (a physical address) has changed since the attacks and the Red Cross spam. It may be that in this extreme case, with the terrorism connection, a Chinese administrator found the host too hot to handle. However, the spammers just set up on a different Chinese ISP.
The spammers need a number of domain names for their one host:
- so that they can change physical address without losing the benefit of all the website spamvertising
- so that they can switch to new domain names as spam filters begin to block older domain names
- so that they appear to be separate smaller short-lived operators rather than a major spam nest in for the long haul
- so that if any of the domains get suspended for abuse, they have fall-backs
- domains names in a web address give a better impression than would IP numbers (IP numbers in any case would tie their 'investment' in spam runs to a single physical address.)
The downside of the domain names for the spammers is that they open up a money trail. domains have to be paid for, and a bounced payment should result in domain suspension. The more domains that are paid for, the more the possibility of tracing them increases.
Another potential downside for the spammers is that once the connection between the domains is recognised, inspection of the domain registration details will raise questions about the validity of the contact details supplied. Valid details are a requirement of registries.
As will be seen in the individual domain listings,
- The given contact details of the registrants vary (Florida, Seattle and Toronto) even though the domains point to the same website.
- Currently the DNS servers used are for the most part within one of the set of domains.
- The names are registered through different registries. This would be the spammers avoiding having "all their eggs in one basket".
Apart from the possible money trail, the spammers are potentially exposed to the domain registries cancelling the domain because of abuse complaints. I say 'potentially' because to date, the indications are not encouraging. Despite the fact that the domains are clearly involved in systematic fraud, some registries are slow to respond and/or unwilling to act.
The list of domains below links to a page per domain. I will record my exchanges with each registry in the appropriate page.
Chasing the domains is not the main point. It's something to do while waiting for action on a particular WTC fraudster. Maybe trying to get the domains nuked is my way of dealing with the attacks - my way of actually doing something to bear witness to the short life of a little girl and to the lives of all those others.
My chasing the domains is not some crusade to fix the world. It's just a small skirmish in a little battle. There's enough people already fulminating about the big things. This is a little thing. But if society loses sight of the little things, then it's not worth much.
| Domain | Registry | Registrar |
| freewebco.net | register.com | networksolutions.com |
| freewebhostingcentral.com | worldnic.com | |
| e-webhostcentral.com | domaindirect.com | |
| online-ggii1994.com | directnic.com | |
| freehostcentral.net | opensrs.org | |
| e-freewebhosting.com |
Other Domains
I have information on other domains that were served by the spam host's own nameserver computers.
As the nameservers have been set up in order to allow the spammers hosts to quickly move IP's, any domains for which the nameservers are authorative are almost certainly involved in abuse. Their registrants will have trails to the host owner.