This one was an illegal pharmacy scam.  The endorsement fraud involved
claims they were approved/endorsed by the BBB and Visa.  Both were
LARTed.

First the WHOIS for net-top.info.  Typical Yambo bogus info and
nameserver data.

Domain ID:D11912794-LRMS
Domain Name:NET-TOP.INFO
Created On:21-Jan-2006 18:53:53 UTC
Last Updated On:21-Jan-2006 19:41:03 UTC
Expiration Date:21-Jan-2007 18:53:53 UTC
Sponsoring Registrar:NamesBeyond.Com (R201-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:NER2R-PEREF11273
Registrant Name:Edhem Fulin
Registrant Organization:
Registrant Street1:NURIJE POZDERCA 4
Registrant Street2:
Registrant Street3:
Registrant City:Sarajevo
Registrant State/Province:Sarajevo
Registrant Postal Code:71101
Registrant Country:BA
Registrant Phone:+387.33458344
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:adm2c...@yahoo.com
Admin ID:NER2R-PEREF11273
Admin Name:Edhem Fulin
Admin Organization:
Admin Street1:NURIJE POZDERCA 4
Admin Street2:
Admin Street3:
Admin City:Sarajevo
Admin State/Province:Sarajevo
Admin Postal Code:71101
Admin Country:BA
Admin Phone:+387.33458344
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:adm2c...@yahoo.com
Billing ID:NER2R-PEREF11273
Billing Name:Edhem Fulin
Billing Organization:
Billing Street1:NURIJE POZDERCA 4
Billing Street2:
Billing Street3:
Billing City:Sarajevo
Billing State/Province:Sarajevo
Billing Postal Code:71101
Billing Country:BA
Billing Phone:+387.33458344
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Billing Email:adm2c...@yahoo.com
Tech ID:NER2R-PEREF11273
Tech Name:Edhem Fulin
Tech Organization:
Tech Street1:NURIJE POZDERCA 4
Tech Street2:
Tech Street3:
Tech City:Sarajevo
Tech State/Province:Sarajevo
Tech Postal Code:71101
Tech Country:BA
Tech Phone:+387.33458344
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:adm2c...@yahoo.com
Name Server:NS1.ROUTAGED.INFO
Name Server:NS2.ROUTAGED.INFO
Name Server:NS2.ITANEXPO.INFO
Name Server:NS1.ITANEXPO.INFO

Hosting data:

Tracking link: http://net-top.info/
[report history]
Resolves to 218.22.162.226
Routing details for 218.22.162.226
[refresh/show] Cached whois for 218.22.162.226 :
w...@mail.hf.ah.cninfo.net anti-s...@ns.chinanet.cn.net
abuse net chinanet.cn.net = anti-s...@chinanet.cn.net,
ctsumm...@special.abuse.net, postmas...@chinanet.cn.net
Using last resort contacts anti-s...@chinanet.cn.net
ctsumm...@special.abuse.net w...@mail.hf.ah.cninfo.net
postmas...@chinanet.cn.net
anti-s...@chinanet.cn.net bounces (99 sent : 99 bounces)
Using anti-spam#chinanet.cn....@devnull.spamcop.net for statistical
tracking.
ctsumm...@special.abuse.net redirects to ct-ab...@sprint.net
ct-ab...@sprint.net redirects to ct-ab...@abuse.sprint.net
w...@mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces)
Using wang#mail.hf.ah.cninfo....@devnull.spamcop.net for statistical
tracking.
postmas...@chinanet.cn.net bounces (99 sent : 20164 bounces)
Using postmaster#chinanet.cn....@devnull.spamcop.

Injected into mailstream at

Tracking message source: 80.53.250.110:
Routing details for 80.53.250.110
[refresh/show] Cached whois for 80.53.250.110 :
ab...@telekomunikacja.pl
Using abuse net on ab...@telekomunikacja.pl
abuse net telekomunikacja.pl = postmas...@telekomunikacja.pl,
ab...@telekomunikacja.pl, ab...@tpnet.pl, webmas...@telekomunikacja.pl
Using best contacts postmas...@telekomunikacja.pl
ab...@telekomunikacja.pl ab...@tpnet.pl webmas...@telekomunikacja.pl
Yum, this spam is fresh!
Message is 0 hours old