I decided to have a small investigation on (some!) of today’s spam… I noticed a lot of similarities in my Mailwasher Pro output:
- Forged/spoofed “from” address
- “Debt free” or “get out of debt” or some permutation thereof in the subject field
- ALL have a non-obfuscated ~spaces.live.com web address as the link
- 2 line body: e.g.
- Let us Help you Manage your Debt. Reduce your payments up to 50%!
- http://cid-0210edcd1b81f31a.spaces.live.com/
- All 1.2kb in size
- No attachments
- All to the usual spam harvester address – a catch all I use for sign-ups of ANYTHING on the web
These are the four address links:
- http://cid-0210edcd1b81f31a.spaces.live.com/
- http://cid-8c9140fee87a9fe8.spaces.live.com/
- http://cid-c6a7ef1ebf9fda3f.spaces.live.com/
- http://cid-2007bf4b228d055b.spaces.live.com/
All the genuine spaces pages look exactly the same. The pdf is an exact copy of the web page I made using Nitro’s PDF Download add-on for Firefox.
There are two websites buried in here.
- http://sariakandiful.com/ is the click-to link
- http://www.precisiondebtrelief.com/images/debt-consolidation_01.jpg is where the large central graphic is located
Clicking the follow through link instead of going to http://sariakandiful.com/ actually goes straight to Google.com!! This must be Microsoft’s doing within the spaces.live environment. They must be expecting this rubbish…
Going to the domain hosting the picture, actually IS a debt type site called http://www.precisiondebtrelief.com which looks very professional and honest. Thoughtfully, they’ve provided a “Company Info” page…..
….er, apart from a large pile of advertising waffle, the only “info” is a graphic with a nice glass office block and an address in Dallas, Texas. This is it here in Dallas:
View Larger Map
Doing a WHOIS on the site, like here, or here, we find that the website is registered/owned by a guy called Mark Compton who owns about 108 other domains according to public whois information. Some proper company info can be found here and traced through – I haven’t the time for my investigation here and it’s not relevant for me. I’m chasing IP address info, like so.
Doing a whois on SARIAKANDIFUL.COM such as here or here, gives us a place in China for the domain nameserver and the website is hosted in Panama! So that’s the spamming bit…
So all you need to ask yourself is:
Q. Why does Mark Compton who has several companies and websites,
- advertise his services with forged email spam that
- links to Microsoft Live Spaces as a hook, and
- is nameserved from China and
- is hosted in Panama and
- has a dedicated server for his websites (IP 67.212.165.51), physical address in Chicago, apparently, and
- has websites registered with (cheapo) GoDaddy and
- has DNS nameservers (e.g. DNS1.MIDPHASE.COM) which are at http://enom.com and
- uses a simple anonymous yahoo email address for business correspondence?
A. He’s trying to hide something. His name and address are clear but there’s something going on.
Q. So why borrow money from someone who’s trying to hide his business?
A. ?
Or am I missing something and have got it all wrong?
He hasn’t harmed me and I don’t have a connection with him?
Er… I do now! He’s just plonked shite in my in-tray!
Related posts:
- Combatting WordPress Trackback Comment Spam Two WordPress trackback spams lead our hero to investigate their...
- Even More on Baer Bank versus Common Decency/Law/Sense (WikiLeaks) More on the Julius Baer (un)Trust(worthy) goings on with WikiLeaks....
- Email Spam Trojans Hiding on Websites as MSNBC Breaking News Items For the past few weeks I suppose everyone has had...
- Email Spam Trojan Changes Slightly My recent post email-spam-trojans-hiding-on-websites-as-msnbc-breaking-news-items led with the effect and infection...
- What is the Creative Conciousness? Answer – Courage. Art and creativity come in many forms but since the...
Related posts brought to you by Yet Another Related Posts Plugin.
