Scum Debt Relief Spammers from China via Live Spaces

I decided to have a small investigation on (some!) of today’s spam…  I noticed a lot of similarities in my Mailwasher Pro output:

  • Forged/spoofed “from” address
  • “Debt free” or “get out of debt” or some permutation thereof in the subject field
  • ALL have a non-obfuscated ~spaces.live.com web address as the link
  • 2 line body: e.g.
    • Let us Help you Manage your Debt. Reduce your payments up to 50%!
  • All 1.2kb in size
  • No attachments
  • All to the usual spam harvester address – a catch all I use for sign-ups of ANYTHING on the web

These are the four address links:

pdf of microsoft's spaces live userAll the genuine spaces pages look exactly the same.  The pdf is an exact copy of the web page I made using Nitro’s PDF Download add-on for Firefox.

There are two websites buried in here.

  • is the click-to link
  • is where the large central graphic is located

Clicking the follow through link instead of going to actually goes straight to Google.com!!  This must be Microsoft’s doing within the spaces.live environment.  They must be expecting this rubbish…

Going to the domain hosting the picture, actually IS a debt type site called which looks very professional and honest.  Thoughtfully, they’ve provided a “Company Info” page…..

Precision Debt Relief Company Info Page….er, apart from a large pile of advertising waffle, the only “info” is a graphic with a nice glass office block and an address in Dallas, Texas.  This is it here in Dallas:
View Larger Map

Doing a WHOIS on the site, like here, or here, we find that the website is registered/owned by a guy called Mark Compton who owns about 108 other domains according to public whois information.  Some proper company info can be found here and traced through – I haven’t the time for my investigation here and it’s not relevant for me.  I’m chasing IP address info, like so.

Doing a whois on SARIAKANDIFUL.COM such as here or here, gives us a place in China for the domain nameserver and the website is hosted in Panama! So that’s the spamming bit…

So all you need to ask yourself is:

Q.  Why does Mark Compton who has several companies and websites,

  1. advertise his services with forged email spam that
  2. links to Microsoft Live Spaces as a hook, and
  3. is nameserved from China and
  4. is hosted in Panama and
  5. has a dedicated server for his websites (IP 67.212.165.51), physical address in Chicago, apparently, and
  6. has websites registered with (cheapo) GoDaddy and
  7. has DNS nameservers (e.g. DNS1.MIDPHASE.COM) which are at http://enom.com and
  8. uses a simple anonymous yahoo email address for business correspondence?

A.  He’s trying to hide something. His name and address are clear but there’s something going on.

Q.  So why borrow money from someone who’s trying to hide his business?

A.  ?

Or am I missing something and have got it all wrong?

He hasn’t harmed me and I don’t have a connection with him?

Er… I do now!   He’s just plonked shite in my in-tray!

Related Posts:

Comments are closed

Comments are closed.

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me