[studio42@flatus counter]$ host 212.159.14.19 19.14.159.212.in-addr.arpa domain name pointer pih-relay06.plus.net. [studio42@flatus counter]$ whois 212.159.14.19@whois.ripe.net [whois.ripe.net] % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '212.159.14.0 - 212.159.14.255' inetnum: 212.159.14.0 - 212.159.14.255 netname: PLUSNET-PORTAL-SERVERS descr: Plusnet Portal Servers descr: PlusNet Technologies Ltd remarks: INFRA-AW country: GB admin-c: PLUS1-RIPE tech-c: PNET2-RIPE status: ASSIGNED PA mnt-by: MAINT-AS6871 source: RIPE # Filtered role: Plusnet Hostmaster address: PlusNet Plc address: Internet House address: 2 Tenter Street address: Sheffield address: S1 4BY address: UK phone: +44 114 2200084 remarks: trouble: abuse@plus.net remarks: ------------------------------------------------ remarks: Please do NOT e-mail abuse to the contacts given remarks: here, e-mail them to ABUSE@PLUS.NET instead. remarks: All email sent to other listed addresses will remarks: be deleted! remarks: ------------------------------------------------ remarks: Network Status and Information Page: remarks: http://status.plus.net remarks: http://monitor.plus.net remarks: http://support.plus.net remarks: ------------------------------------------------ remarks: Support 24*7 Phone: (UK) 0845 140 0200 remarks: ------------------------------------------------ admin-c: AW570-RIPE tech-c: DS3916-RIPE tech-c: RM6084-RIPE tech-c: AM10633-RIPE nic-hdl: PNET2-RIPE mnt-by: MAINT-AS6871 source: RIPE # Filtered abuse-mailbox: abuse@plus.net person: PlusNet Ripe Admin address: Plusnet plc. address: Internet House address: 2 Tenter Street address: Sheffield address: S1 4BY address: GB phone: +44 114 22 00084 nic-hdl: PLUS1-RIPE mnt-by: MAINT-AS6871 source: RIPE # Filtered % Information related to '212.159.0.0/19AS6871' route: 212.159.0.0/19 descr: PlusNet plc. origin: AS6871 mnt-by: MAINT-AS6871 source: RIPE # Filtered</PRE> Onto the scammer source: [studio42@flatus counter]$ host 68.76.93.146 146.93.76.68.in-addr.arpa domain name pointer adsl-68-76-93-146.dsl.bcvloh.ameri tech.net. [studio42@flatus counter]$ whois 68.76.93.146@whois.arin.net [whois.arin.net] AT&T Internet Services SBCIS-SIS80 (NET-68-72-0-0-1) 68.72.0.0 - 68.79.255.255 Timothy Leftridge-040723012944 SBC06807609314429040723012951 (NET-68-76-93-144-1 ) 68.76.93.144 - 68.76.93.151 # ARIN WHOIS database, last updated 2008-12-22 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. [studio42@flatus counter]$ whois NET-68-72-0-0-1@whois.arin.net [whois.arin.net] OrgName: AT&T Internet Services OrgID: SIS-80 Address: 2701 N. Central Expwy # 2205.15 City: Richardson StateProv: TX PostalCode: 75080 Country: US NetRange: 68.72.0.0 - 68.79.255.255 CIDR: 68.72.0.0/13 NetName: SBCIS-SIS80 NetHandle: NET-68-72-0-0-1 Parent: NET-68-0-0-0-0 NetType: Direct Allocation NameServer: NS1.AMERITECH.NET NameServer: NS2.AMERITECH.NET Comment: Contact IPAdmin-Ameritech@sbis.sbc.com for general IP support. Comment: Contact support@swbell.net for technical support issues. Comment: Contact abuse@ameritech.net for policy abuse issues. RegDate: 2002-10-15 Updated: 2007-05-25 RTechHandle: IPADM3-ARIN RTechName: IPAdmin-Ameritech RTechPhone: +1-800-648-1626 RTechEmail: IPAdmin-Ameritech@sbc.com OrgAbuseHandle: ABUSE6-ARIN OrgAbuseName: Abuse - Southwestern Bell Internet OrgAbusePhone: +1-800-648-1626 OrgAbuseEmail: abuse@sbcglobal.net OrgNOCHandle: SUPPO-ARIN OrgNOCName: Support - Southwestern Bell Internet Services OrgNOCPhone: 800-648-1626 OrgNOCEmail: ipadmin@att.com OrgTechHandle: IPADM2-ARIN OrgTechName: IPAdmin-SBIS OrgTechPhone: 800-648-1626 OrgTechEmail: ipadmin@att.com # ARIN WHOIS database, last updated 2008-12-22 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. And the willing web hosting: [studio42@flatus counter]$ host www.formbuddy.com www.formbuddy.com is an alias for formbuddy.com. formbuddy.com has address 67.222.1.10 [studio42@flatus counter]$ whois 67.222.1.10@whois.arin.net [whois.arin.net] OrgName: PrivateSystems Networks OrgID: KNOWN-1 Address: PO Box 292 City: Royal Oak StateProv: MD PostalCode: 21662 Country: US NetRange: 67.222.0.0 - 67.222.31.255 CIDR: 67.222.0.0/19 OriginAS: AS27645, AS30496 NetName: PRIVATE-1 NetHandle: NET-67-222-0-0-1 Parent: NET-67-0-0-0-0 NetType: Direct Allocation NameServer: NS1.PRIVATESYSTEMS.NET NameServer: NS2.PRIVATESYSTEMS.NET Comment: RegDate: 2008-01-29 Updated: 2008-09-29 RAbuseHandle: NOC2915-ARIN RAbuseName: Network Operations Center RAbusePhone: +1-866-332-9894 RAbuseEmail: noc@privatesystems.net RNOCHandle: NOC2915-ARIN RNOCName: Network Operations Center RNOCPhone: +1-866-332-9894 RNOCEmail: noc@privatesystems.net RTechHandle: NOC2915-ARIN RTechName: Network Operations Center RTechPhone: +1-866-332-9894 RTechEmail: noc@privatesystems.net OrgAbuseHandle: NOC2915-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-866-332-9894 OrgAbuseEmail: noc@privatesystems.net OrgNOCHandle: NOC2915-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-866-332-9894 OrgNOCEmail: noc@privatesystems.net OrgTechHandle: NOC2915-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-866-332-9894 OrgTechEmail: noc@privatesystems.net # ARIN WHOIS database, last updated 2008-12-22 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. [studio42@flatus counter]$ whois formbuddy.com [whois.crsnic.net] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: FORMBUDDY.COM Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: NS1.FORMBUDDYDNS.COM Name Server: NS2.FORMBUDDYDNS.COM Status: ok Updated Date: 05-apr-2008 Creation Date: 11-apr-2000 Expiration Date: 11-apr-2009 >>> Last update of whois database: Tue, 23 Dec 2008 20:19:50 EST <<< NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. [whois.enom.com] =-=-=-= Registration Service Provided By: Enom, Inc Contact: CustomerSupport@enom.com Visit: www.enom.com Domain name: formbuddy.com Registrant Contact: Amudha R Amudha R () Fax: 14 (old number : 50), Third Street, Abhi Chennai, Tamil Nadu 600018 IN Administrative Contact: FormBuddy.com Ajay R (ajay@cyberwaveindia.com) 91-044-4995694 Fax: new no:14,3rd Street Abhiramapuram Chennai, Tamil Nadu 600018 IN Technical Contact: FormBuddy.com Ajay R (ajay@cyberwaveindia.com) 91-044-4995694 Fax: new no:14,3rd Street Abhiramapuram Chennai, Tamil Nadu 600018 IN Status: Active Name Servers: ns1.formbuddydns.com ns2.formbuddydns.com Creation date: 11 Apr 2000 12:30:06 Expiration date: 11 Apr 2009 12:30:00 Get Noticed on the Internet! Increase visibility for this domain name by listin g it at www.whoisbusinesslistings.com =-=-=-= The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is," and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. Version 6.3 4/3/2002