ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Yambo Financials

Evidence Menu:

Yambo Financials Index


Country: Ukraine
State:
Huge spamhaus tied into distribution and billing for child, animal, and incest-porn, pirated software, and pharmaceuticals. Run their own merchant services (credit-card "collection" sites) set up as a fake "bank."


Yambo Financials SBL Listings History
 Current SBL Listings
 Archived SBL Listings

MckPay.com - Main Info


Merchant services (clickthrough payment form) for much porn, including zoo, rape, and child porn, which often appears related to the usual Russian porn spam gangs.

keywords: pimpbeez, pavka/artofit, yambo, porn spam, merchant services.

[whois.joker.com]
domain: mckpay.com
status: lock
owner: Mihai Dumitru
organization: GTS Partners
email: denlooker@yahoo.com
address: 15 Calea Victoriei
city: Bucharest
postal-code: 704111
country: RO
phone: +40214103883
admin-c: denlooker@yahoo.com#0
tech-c: denlooker@yahoo.com#0
billing-c: denlooker@yahoo.com#0
nserver: gamma.mckpay.com 210.21.117.103
nserver: beta.mckpay.com 221.11.133.17
nserver: omega.mckpay.com 200.215.248.33
created: 2003-08-25 09:40:31 UTC
modified: 2005-06-25 10:28:27 UTC
expires: 2005-08-25 05:40:13 UTC
source: joker.com live whois service
query-time: 0.086435
db-updated: 2005-06-27 08:56:31



http://profiles.yahoo.com/denlooker
Last Updated: 02/15/2004 (no other info)




43 SBL listings as of 27 June 2005
____________________________________________________________
'mckpay' in subject:

200.215.248.33/32
Live easytone.com.br
SBL28363 join.mckpay.com

210.21.117.109/32
Live china-netcom.com
SBL28064 mckpay.com (determinetrith.com ; motleycrewincludes.com)

222.51.91.234/32
Removed crc.net.cn
SBL27669 pornography (mckpay.com)

222.51.91.236/32
Removed crc.net.cn
SBL26799 pornography is illegal in China (mckpay.com)

200.155.191.57/32
Query econocell.com.br
SBL26713 Oromar Mollica Jr.
join.mckpay.com

200.155.191.57/32
Removed econocell.com.br
SBL25196 Ivo Ottavio Reali Camargo
determinetrith.com ; motleycrewincludes.com (mckpay.com)

198.173.235.94/32
Removed verio.net
SBL25082 Pavka / Artofit
mckpay / pimpbeez

221.5.250.50/31
Removed cncgroup-cq
SBL25081 Pavka / Artofit
porn: concretion.09450hgre.biz / mckpay / pimpbeez

202.104.242.128/29
Removed chinanet-gd
SBL16098 Pavka / Artofit
zoolover.net ; zanza.biz ; mckpay.com ; zoo-action.com

202.133.197.19/32
Live globenet.com.ph
SBL14983 zoo-mania.biz / zanza.biz / mckpay (source)

202.104.242.0/24
Removed chinanet-gd
SBL14946 Pavka / Artofit
bruterape.biz / zanza.biz / mckpay.com / cardbillquery.com

207.44.215.82/32
Removed ev1.net
SBL14623 mckpay.com cardbillquery.com

200.232.78.0/24
Removed telefonica.com.br
SBL14544 cardbillquery.com / mckpay.com (Mollica)

207.44.215.82/32
Removed ev1.net
SBL14509 cardbillquery.com / mckpay.com



____________________________________________________________
"mckpay" in Reason:

200.215.248.33/32
Live easytone.com.br
SBL28363 join.mckpay.com

63.246.151.82/32
Live sagonet.com
SBL28223 virgysys.biz

210.21.117.109/32
Live china-netcom.com
SBL28064 mckpay.com (determinetrith.com ; motleycrewincludes.com)

221.11.133.14/31
Live cncgroup-hi
SBL27719 Leo Kuvayev / BadCow
pornography spam - italpay.com - ns{3,4}.nltzone.biz

222.51.91.234/32
Removed crc.net.cn
SBL27669 pornography (mckpay.com)

222.51.91.236/32
Removed crc.net.cn
SBL26799 pornography is illegal in China (mckpay.com)

221.208.208.73/32
Removed cncgroup-hl
SBL26746 Daniel Mankani
maxx-teens.biz no-fat-chicks.biz lindamoney.com s1gn.net

200.155.191.57/32
Query econocell.com.br
SBL26713 Oromar Mollica Jr.
join.mckpay.com

66.98.145.18/32
Removed ev1.net
SBL26384 Pavka / Artofit
TEENAGEHOME.COM

222.51.98.251/32
Removed crc.net.cn
SBL26383 Pavka / Artofit
ns3.dpazone.biz

210.21.117.110/31
Removed china-netcom.com
SBL26381 Pavka / Artofit
ns2.dpazone.biz ; cdgftdjtfktde.info

61.138.3.104/31
Removed cncgroup-hl
SBL26380 Pavka / Artofit
maxx-teens.biz (pornography is illegal in China)

200.155.191.57/32
Removed econocell.com.br
SBL25196 Ivo Ottavio Reali Camargo
determinetrith.com ; motleycrewincludes.com (mckpay.com)

198.173.235.94/32
Removed verio.net
SBL25082 Pavka / Artofit
mckpay / pimpbeez

221.5.250.50/31
Removed cncgroup-cq
SBL25081 Pavka / Artofit
porn: concretion.09450hgre.biz / mckpay / pimpbeez

219.153.14.136/32
Removed chinanet-cq
SBL24553 Robert Soloway - Newport Internet Marketing
galasite.biz porn site

219.148.3.140/32
Removed chinanet-he
SBL24070 Pavka / Artofit
Spammer clustering : "Pimpbeez" BP hosting / Robert Soloway

219.148.3.141/32
Removed chinanet-he
SBL23782 Robert Soloway - Newport Internet Marketing
broadcastemail.us



202.107.250.166/32
Removed chinanet-zj
SBL23173 Pavka / Artofit
workeverytime.com porn site/ns1.us2k.net

218.30.24.0/24
Live chinanet-sn
SBL23079 Home to dozens of spammers

83.69.190.60/31
Live tautel.ru
SBL21295 Pavka / Artofit
cardbillquery.com ; dpazone.biz

218.30.21.232/30
Removed chinanet-sn
SBL21252 Pavka / Artofit
little-bitch.biz ; ns555.biz ; cardbillquery.com dpazone.biz

218.30.20.0/22
Removed chinanet-sn
SBL21243 Yambo Financials
cardbillquery.com ; dpazone.biz

61.141.32.165/32
Removed chinanet-gd
SBL20037 cardbillquery.com

66.98.172.54/32
Removed ev1.net
SBL18328 Pavka / Artofit
obill.biz, zbill.biz, omegabill.com

202.104.242.154/31
Removed chinanet-gd
SBL18110 Pavka / Artofit
bphost4you.biz ; habahaba.biz ; lu4shiy.biz

202.104.242.152/31
Removed chinanet-gd
SBL18082 Pavka / Artofit
bphost4you.biz ; habahaba.biz ; lu4shiy.biz ; obill.biz

202.104.0.0/16
Removed chinanet-gd
SBL18039 bphost4you.biz bulletproof spammer hosting

202.104.242.128/29
Removed chinanet-gd
SBL16098 Pavka / Artofit
zoolover.net ; zanza.biz ; mckpay.com ; zoo-action.com

202.133.197.19/32
Live globenet.com.ph
SBL14983 zoo-mania.biz / zanza.biz / mckpay (source)

202.104.242.0/24
Removed chinanet-gd
SBL14946 Pavka / Artofit
bruterape.biz / zanza.biz / mckpay.com / cardbillquery.com

218.104.163.169/32
Removed china-netcom.com
SBL14729 www.cardbillquery.com

207.44.215.82/32
Removed ev1.net
SBL14623 mckpay.com cardbillquery.com

202.124.192.0/20
Removed go.net.pk
SBL14575 offshore1serverbp.com

200.232.78.0/24
Removed telefonica.com.br
SBL14544 cardbillquery.com / mckpay.com (Mollica)

207.44.215.82/32
Removed ev1.net
SBL14509 cardbillquery.com / mckpay.com






URL: http://www.mckpay.com

Server IP address is 200.215.248.33

HTTP/1.1 200 OK
Connection: close
Date: Mon, 27 Jun 2005 05:__:__ GMT
Via: 1.1 www.mckpay.com
Accept-Ranges: bytes
ETag: "b058d-1e53-41f8ecb7"
Server: Apache/1.3.33 (Unix) PHP/4.3.11 mod_ssl/2.8.22 OpenSSL/0.9.7g
Content-Length: 7763
Content-Type: text/html
Last-Modified: Thu, 27 Jan 2005 13:29:27 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>MCKPAY - Support Center</title>




rendered page text:

MCKPAY.COM

If you have any questions or suggestions or if you experience difficulties which you cant solve by means of this site, please feel free to e-mail us.

Please make sure that you provided us with the correct e-mail so that we could answer you or address you to get more information. In turn we assure you that all your contact information you provide us will never and under no circumstances be given to some third party or be included in lists for further mailings.

You can address us by filling out the request form below.

Please inform our Abuse Department in case of spam.

Please fill the form below and click on SEND button:
Please make sure that you provided us with the correct e-mail.

Your Name:
Your exact e-mail address:
Department:

Your message?


Remember Password
Cancel Membership
Search Transaction

Copyright  2002, MCKPAY. All right reserved



____________________________________________________________
earliest sighting of "GTS Partners":

From: "Jos Geluk" <jgeluk_no_spam@casema.net.invalid>
Newsgroups: nl.internet.misbruik.spam-signalering
Subject: [e-mail] Fw: Win 8508550$ in GRE/\T 0n-Iine C/\SlN0, xxxxx! xUdAA P aKcD mI
Followup-To: nl.internet.misbruik
Date: Sun, 14 Sep 2003 21:26:43 +0200
Organization: EuroNet Internet
Lines: 98
Approved: nl-internet-misbruik-spam-signalering-moderator@rz.xs4all.nl
Message-ID: <3f64c0fb$0$28896$1b62eedf@news.euronet.nl>
NNTP-Posting-Host: eroticon-six.local
X-Trace: rz.nl.eu.org 1063567635 15132 10.0.0.2 (14 Sep 2003 19:27:15 GMT)
X-Complaints-To: abuse@rz.nl.eu.org
NNTP-Posting-Date: Sun, 14 Sep 2003 19:27:15 +0000 (UTC)
X-Preserved-Headers: Control, Message-Id, Date, From, Reply-To, Subject, References, Organization, User-Agent, X-Priority, X-MSMail-Priority, X-Newsreader, X-MimeOLE
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
X-Original-NNTP-Posting-Host: 3eea5094.cable.wanadoo.nl
X-Original-NNTP-Posting-Date: 14 Sep 2003 19:26:51 GMT
X-Original-X-Complaints-To: abuse@euronet.nl
X-Original-X-Trace: DXC=f<BAFc76hIh7HkO3GOn_JlSKYkiiVZ:6o=V3C3PK81QalJ<BO@ng0Oj1`\LnN2UYYaFo=DF>8RR@j`G_eJaJQ6Se<g6R\7@L?Ti


[Interessant: de regels die beginnen met [*] zijn in het origineel
onzichtbaar gemaakt met behulp van <font color="#FFFFF9"> - zijn er dan ook
spamfilters die berichten juist wel doorlaten als er teksten in staan als
"Community Service" of "Schwartzenegger" ?]

X-Persona: <Proxy>
Return-Path: <cisileraz@chocofan.com>
Received: from mx1.wanadoo.nl (mx1.wanadoo.nl [194.134.193.43])
by pop03.wanadoo.nl (Postfix) with ESMTP id DBC8610212
for <44932857@pop03.wanadoo.nl>; Sun, 14 Sep 2003 18:16:04 +0200
(CEST)
Received: by mx1.wanadoo.nl (Postfix)
id 205A072; Sun, 14 Sep 2003 18:16:04 +0200 (MEST)
Received: from cc335533-a.deven1.ov.home.nl (cc335533-a.deven1.ov.home.nl
[217.122.154.155])
by mx1.wanadoo.nl (Postfix) with SMTP id 2553343
for <xxxxx@wanadoo.nl>; Sun, 14 Sep 2003 18:15:56 +0200 (MEST)
From: cisileraz@chocofan.com
To: xxxxx <xxxxx@wanadoo.nl>
Reply-To: tobazenys@jpopmail.com
Sender: rupujys@hsuchi.net
Subject: Fw: Win 8508550$ in GRE/\T 0n-Iine C/\SlN0, xxxxx! xUdAA P aKcD
mI
MIME-Version: 1.0
Content-type: multipart/alternative;
boundary="----=_NextPart_001_0012_01C27DD2.75377C90"
Message-Id: <20030914161556.2553343@mx1.wanadoo.nl>
Date: Sun, 14 Sep 2003 18:15:56 +0200 (MEST)
X-UIDL: 0c9060ec77c2fd57a632d2e804238b62


The GoIdenStake Casino Experience, GET $101 FREE AND GET BACK YOUR FULL
DEPOSIT NOW!
NO DOWNLOAD NEEDED. INSTANT PLAY. INSTANT CASHOUTS.
[*]I'd ruther not... HMe qFTtw Let me... in 1916 to sign here Don't go that
way kUB pG
We pay in 1 hour after receiving your cashout.
[*]in 1970 N WgTZ where do you live? There's also another one Keep calm! I'm
sorry Vvj HgRlVbt
As a new player welcome, deposit any amount and we'll credit you with $101
free money + 30% of your initial deposit!
[*]try to understand Bk ji in 2003 you mustn't I've only got in 1800 YnBDX
UatO
You've found the Finest, Fairest, and most Secure casino on the Internet.
Play
at GoldenStake Casino , and we're confident that you'll enjoy your time with
us.
[*]Erika may hit Cz w in 1834 CDC: West Nile in 1948 Illinois man qwCZ vy

Regular Promotions & Prizes
Secure transactions & total respect for your privacy
Best quality free casino software in the industry
[*]Community service u or Not in 1805 that suits me. Should be allowed F fBy
24hr / 7 days a week friendly customer support
Better Odds than land-based casinos
[*]wait for? rx AKZKWtJ we need to get Good night! in 1875 Schwarzenegger k
ImtEn
To start playing, open account and enjoy our superb free software with 12
great games:
[*]aren't you? p tPO city name Or By no means that's wrong Where is the
Ptkrh HQ
CIick HERE T0 0PEN ACC0UNT
[*]in 1805 C lWeJoBjbAWX that's a call for you in 1941 I'm sorry in 1873 IGt
tUp



Link ("click here") verwijst naar:

domain: goldenbetcasino.net
status: production
organization: GTS Partners
owner: Mihai Dumitru
email: santino110@yahoo.com
address: 15 Calea Victoriei
city: Bucharest
postal-code: 704111
country: RO
admin-c: santino110@yahoo.com#0
tech-c: santino110@yahoo.com#0
billing-c: santino110@yahoo.com#0
nserver: n1.goldenbetcasino.net 200.206.185.241
nserver: n2.goldenbetcasino.net 200.206.185.241
registrar: JORE-1
created: 2003-08-20 12:29:51 UTC JORE-1
modified: 2003-08-20 12:42:59 UTC JORE-1
expires: 2004-08-20 08:29:34 UTC
source: joker.com

db-updated: 2003-09-14 21:20:26 UTC

--
De geposte sightings in nl.internet.misbruik.spam-signalering zijn niet door de moderator geverifieerd. De sightings worden meestal besproken in nl.internet.misbruik.



http://profiles.yahoo.com/santino110
Last Updated: 05/30/2003 (no other info)

The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK5261/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2023 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy