17 Responses to “Drill Down Through bsadn.pantherssl.com”

1. Google Treasure Chest - it’s a scam and a half! | Strangely Perfect on April 10th, 2009 at 12:19 pm

   [...] Drill Down Through bsadn.pantherssl.com [...] Like or Dislike: 0  0

2. Google Kit, or Treasure Chest, the Plot Thickens? | Strangely Perfect on April 11th, 2009 at 10:35 am

   [...] Drill Down Through bsadn.pantherssl.com [...] Like or Dislike: 0  0

3. Not Kevin on April 12th, 2009 at 5:54 pm

   Those all look like offers on CPA (cost per action) advertising networks. These can pay up to $40 per ‘lead’ (example of a lead would be someone paying the $1.99 for the Google Treasure Chest Trial or a ‘Free’ trial of Acai berry etc. As they are forking out between $30 and $40 per lead plus an override amount to the CPA network, clearly the only way the companies offering the trial can make a profit is if someone is hit for the monthly rebiling charge – hence the hidden continuity, tiny print, amount written out instead of in numbers, difficulty in contacting them to cancel, etc etc… And they can get thousands of people to sign up by lying about what they offer with false claims “earn $5000 per month posting links on Google”, “loose weight with Acai pills” etc,.. How this affiliate > cpa > scam company triangle all works is explained quite well in the comment on this post http://wafflesatnoon.com/2009/01/20/the-fake-diet-girls/ made by “tons of affiliates promote this way…” says..[March 26th, 2009 at 12:47 pm] but basically someone joins one of these CPA networks and promotes the ‘offers’ for a payout per lead. Now some of the people doing this are clearly not too honest and ethical (or even legal) in their marketing methods (hence all the fake blogs); the actual offers are also not very honest in their marketing methods (hence the hidden or almost hidden forced continuity and the monthly payments being charged 7 days after purchase (usually before the trial product or cd even arrives). And then the CPA advertising companies are clearly not too fussy about who they accept as clients and some even encourage their affiliates to use ‘blackhat’ methods. So we have 3 layers of dishonesty – affiliates, the actual company behind the scam and the CPA ad agency in the middle. But all 3 make lots of money and the losers are all the people who get scammed. Clearly where there is lots of money to be made ethics and morals go out the window and both affiliates and cpa ad agencies / networks are guilty of helping these scams to grow and thrive… Like or Dislike: 0  0

4. Strangely on April 12th, 2009 at 6:06 pm

   Originally Posted By Not Kevin Thanks for that breakdown and the insight and extra work. Like or Dislike: 0  0

5. Not Kevin on April 15th, 2009 at 12:59 pm

   I also found a reference to bsadn.pantherssl.com/ in the images folder of this stunningly designed website: http://sendmeyourmoneynow.com/ http://sendmeyourmoneynow.com/images/bsadn.pantherssl.com/offer_images/ The sendmeyourmoneynow.com also appears to summarize the business formula of Google Treasure Chest et al: 1. Make a website 2. Convince others to send you money in exchange for mystical knowledge 3. ????? 4. PROFIT! —— Interestingly the domain pantherssl.com appears to be registered to Panther Express who seem to be a ‘legit’ company with offices in the US, Paris and London: Whois Record Registrant: Panther Express 40 West 20th Street Sixth Floor New York, NY 10011 US Domain Name: PANTHERSSL.COM http://www.pantherexpress.net/about/ West Coast 130 Rio Robles San Jose, CA 95134 +1 408.228.3700 France 8, rue de l’Isly 75008 Paris +33 (0) 1.75.43.81.92 UK One Alfred Place London WC1E 7EB +44 (0) 203.355.1115 The plot does indeed thicken… Like or Dislike: 0  0

   • Strangely on April 15th, 2009 at 1:54 pm

     Yay Not Kevin. You’ve been busy. I checked out the link – the cheesy grin? ….funny as f**k. The panther thing just seems to be somewhere to store images and css files with a few extra things in as well. It looks like the whole directory has just been copied across and then the next ‘member’ as they call them, makes their own website from a selection. A bit like perm 10 from 100! It’s so funny to see the ‘rules’ just listed – because that’s EXACTLY what it is! I’ll check it all out later today when I’m off this locked-down public computer. That London Panther address is interesting …. View Larger Map I think it’s just a little office. In the meantime, well done and keep up the good work! The plot has indeed turned from a thin soup to a medium consomme. I can’t wait for the stew… I guess it’ll finish off as pure stodge. One bad thing, from my personal viewpoint, is to do with the real Google ads I carry on this website. Because of the ‘intellisense’ and ’self-optimising’ nature of the links, I’m now getting scoundrel links on my pages…. This does not look good for me! Within the Google Adsense admin pages I can block ads from certain sites – and there’s a certain amount of ‘wild-card-ness’ I could do. But the trouble is the varying nature of these scam sites. There are so many it’s impossible to block them out. Now I’m loath to take down the ads as the few clicks people make helps with the hosting costs etc, so I’d just like to say to anyone reading this: If a Google Ad promises cash beyond your wildest dreams, click it at your own risk It’s got absolutely nothing to do with me, but I will get some money from it, but my preference is that they’re not here. Like or Dislike: 0  0

6. Not Kevin on April 15th, 2009 at 4:25 pm

   Yes sendmeyourmoneynow.com/ is quite amusing with the cheesy grins, Zimbabwe 10 million dollar bill, web design from hell and the ‘4 step formula’. Perhaps it’s a self parody by the scammers? :) If it disappears there should be a cache of it. I found it by googling bsadn.pantherssl.com Some of the other pages are erm ..interesting: http://sendmeyourmoneynow.com/bgp/ http://sendmeyourmoneynow.com/money/ http://sendmeyourmoneynow.com/seo/ By the way. ‘Waffles’ had the same problem with dodgy adsense ads: http://wafflesatnoon.com/2009/03/25/what-about-ad-201/#more-567 Like or Dislike: 0  0

7. mystimulusmoney dot con | Strangely Perfect on April 26th, 2009 at 12:27 am

   [...] Drill Down Through bsadn.pantherssl.com [...] Like or Dislike: 0  0

8. Google Treasure Chest, or Kit, and Mysterious ‘Help’ from a Stranger | Strangely Perfect on June 6th, 2009 at 10:54 am

   [...] Drill Down Through bsadn.pantherssl.com [...] Like or Dislike: 0  0

9. Dan on June 7th, 2009 at 3:42 pm

   Haha, I own sendmeyourmoneynow.com! I assure you, it is most certainly a parody, and not something to be taken seriously in any fashion. The site is my way of exposing internet scams for what they truly are :) Like or Dislike: 0  0

   • Strangely on June 7th, 2009 at 5:03 pm

     @Dan I’m sorry – I never did get round to looking at you closer! It’s pretty obvious that the joke’s on us! As bsadn.pantherssl.com have now locked down their folders, it appears that you are actually a good resource for the FTC folks (and anyone else) who wants to see the connections between the various scams. Some of them, I’m sure, are connected to this dodgy US ISP 3FN etc, who’ve just had their plug pulled by the FTC. http://www.ftc.gov/opa/2009/06/3fn.shtm I checked out the address of the place and I can’t be absolutely certain, but I’m sure it was one of the places I checked on when setting up my three email honeypot addresses. I didn’t write everyone down as there were so many, but I did check a lot of StreetView, just to gauge my ‘enemy’, if you like, and my visual memory of places is very, very good. It’s here: View Larger Map Like or Dislike: 0  0

10. Dan Ryan on June 9th, 2009 at 4:00 am

    Wow, I knew these folks were scammers, but I had no idea it was this bad! I copied their site to grab some of their ridiculous ads; I’m happy to leave the files up if it is of benefit to anyone :) Like or Dislike: 0  0

    • Strangely on June 9th, 2009 at 10:59 am

      @Dan I’ll see about copying your files to this site as well. In combo with the folder list I made above, it makes interesting reading for anyone who’s waded through half a dozen of these websites, just to see exactly the same graphics and text all grouped into one place. This is the point when it dawned on me the insidious and all-encompassing nature of these websites, then, when coupled to the mailing lists, it becomes obvious that we are all just sheep to be shawn, and, WE provide the means (the physical structure of the internet) for them to shear us!!! WE also provide the means for them to block up everyone’s mail servers with crap as well, which slows down the whole web for everyone, and it’s speed that WE are all paying for! Sometimes we may as well be on dial-up! And don’t get me started on the crap malware that blocks everything and the botnets. As with the Kevin Bacon effect, there are not many hops from a scammer in UTAH to a Russian mafia guy in St Petersburg. Like or Dislike: 0  0

11. Not Kevin on June 17th, 2009 at 12:07 am

    Our old friend bsadn.pantherssl.com is back Clicked on the link to Easy Google Profit from this fake news story: http://www.businessgazette.net/finance/article-3910/ and about 6 different sites are loaded through some javascript thing including yoursearchprofits.com seofromhome.com bsadn.pantherssl.com and a few others. When you view the source code you get: SEO Google Cash Club eval(unescape(%66%75%6E%63%74%69%6F%6E%20%72%65%64%69%6D%65%6E%73%69%6F%6E%28%6F%62%6A%65%74%29%7B%76%61%72%20%48%3D%30%3B%76%61%72%20%57%3D%30%3B%69%66%28%74%79%70%65%6F%66%28%77%69%6E%64%6F%77%2E%69%6E%6E%65%72%57%69%64%74%68%29%3D%3D%27%6E%75%6D%62%65%72%27%29%7B%48%3D%77%69%6E%64%6F%77%2E%69%6E%6E%65%72%48%65%69%67%68%74%3B%57%3D%77%69%6E%64%6F%77%2E%69%6E%6E%65%72%57%69%64%74%68%3B%7D%65%6C%73%65%20%69%66%28%64%6F%63%75%6D%65%6E%74%2E%64%6F%63%75%6D%65%6E%74%45%6C%65%6D%65%6E%74%20%26%26%20%64%6F%63%75%6D%65%6E%74%2E%64%6F%63%75%6D%65%6E%74%45%6C%65%6D%65%6E%74%2E%63%6C%69%65%6E%74%57%69%64%74%68%29%7B%48%3D%64%6F%63%75%6D%65%6E%74%2E%64%6F%63%75%6D%65%6E%74%45%6C%65%6D%65%6E%74%2E%63%6C%69%65%6E%74%48%65%69%67%68%74%3B%57%3D%64%6F%63%75%6D%65%6E%74%2E%64%6F%63%75%6D%65%6E%74%45%6C%65%6D%65%6E%74%2E%63%6C%69%65%6E%74%57%69%64%74%68%3B%7D%65%6C%73%65%20%69%66%28%64%6F%63%75%6D%65%6E%74%2E%62%6F%64%79%20%26%26%20%64%6F%63%75%6D%65%6E%74%2E%62%6F%64%79%2E%63%6C%69%65%6E%74%57%69%64%74%68%29%7B%48%3D%64%6F%63%75%6D%65%6E%74%2E%62%6F%64%79%2E%63%6C%69%65%6E%74%48%65%69%67%68%74%3B%57%3D%64%6F%63%75%6D%65%6E%74%2E%62%6F%64%79%2E%63%6C%69%65%6E%74%57%69%64%74%68%3B%7D%6F%62%6A%65%74%2E%73%74%79%6C%65%2E%77%69%64%74%68%3D%57%2B%27%70%78%27%3B%69%66%28%28%6E%61%76%69%67%61%74%6F%72%2E%61%70%70%4E%61%6D%65%2E%73%75%62%73%74%72%28%30%2C%34%29%21%3D%27%4D%69%63%72%27%29%29%7B%6F%62%6A%65%74%2E%73%74%79%6C%65%2E%68%65%69%67%68%74%3D%28%48%2D%31%31%29%2B%27%70%78%27%3B%7D%7D)) o=”&3C&62&6F&64&79&20&73&74&79&6C&65&3D&22&6F&76&65&72&66&6C&6F&77&3A&68&69&64&64&65&6E&3B&22&20&6F&6E&72&65&73&69&7A&65&3D&22&72&65&64&69&6D&65&6E&73&69&6F&6E&28&64&6F&63&75&6D&65&6E&74&2E&67&65&74&45&6C&65&6D&65&6E&74&42&79&49&64&28&27&41&66&66&43&6F&76&43&6F&6D&27&29&29&3B&22&3E&3C&73&63&72&69&70&74&3E&69&66&28&28&74&6F&70&2E&6C&6F&63&61&74&69&6F&6E&2E&74&6F&53&74&72&69&6E&67&28&29&2E&69&6E&64&65&78&4F&66&28&27&26&72&27&29&3E&2D&31&29&7C&7C&28&74&6F&70&2E&6C&6F&63&61&74&69&6F&6E&2E&74&6F&53&74&72&69&6E&67&28&29&2E&69&6E&64&65&78&4F&66&28&27&3F&72&27&29&3E&2D&31&29&29&7B&66&75&6E&63&74&69&6F&6E&20&64&69&72&65&63&74&69&6F&6E&28&29&7B&74&6F&70&2E&6C&6F&63&61&74&69&6F&6E&2E&68&72&65&66&3D&22&68&74&74&70&3A&2F&2F&77&77&77&2E&74&72&61&63&6B&6C&65&61&64&2E&6E&65&74&2F&72&65&64&69&72&2E&61&73&70&78&3F&43&49&44&3D&32&33&38&35&31&26&41&46&49&44&3D&36&35&31&34&30&26&44&49&44&3D&31&30&34&35&31&33&26&53&49&44&3D&22&3B&7D&76&61&72&20&72&65&64&69&72&69&67&65&3D&74&72&75&65&3B&73&65&74&54&69&6D&65&6F&75&74&28&27&64&69&72&65&63&74&69&6F&6E&28&29&27&2C&32&35&30&30&29&3B&7D&3C&2F&73&63&72&69&70&74&3E&3C&69&6D&67&20&73&74&79&6C&65&3D&22&70&6F&73&69&74&69&6F&6E&3A&61&62&73&6F&6C&75&74&65&3B&6C&65&66&74&3A&2D&31&39&30&30&70&78&3B&77&69&64&74&68&3A&31&70&78&3B&68&65&69&67&68&74&3A&31&70&78&3B&22&20&73&72&63&3D&22&68&74&74&70&3A&2F&2F&77&77&77&2E&74&72&61&63&6B&6C&65&61&64&2E&6E&65&74&2F&72&65&64&69&72&2E&61&73&70&78&3F&43&49&44&3D&32&33&38&35&31&26&41&46&49&44&3D&36&35&31&34&30&26&44&49&44&3D&31&30&34&35&31&33&26&53&49&44&3D&22&3E&3C&69&66&72&61&6D&65&20&69&64&3D&22&41&66&66&43&6F&76&43&6F&6D&22&20&73&72&63&3D&22&68&74&74&70&3A&2F&2F&77&77&77&2E&74&72&61&63&6B&6C&65&61&64&2E&6E&65&74&2F&72&65&64&69&72&2E&61&73&70&78&3F&43&49&44&3D&32&33&38&35&31&26&41&46&49&44&3D&36&35&31&34&30&26&44&49&44&3D&31&30&34&35&31&33&26&53&49&44&3D&22&20&73&74&79&6C&65&3D&22&70&6F&73&69&74&69&6F&6E&3A&61&62&73&6F&6C&75&74&65&3B&6C&65&66&74&3A&30&70&78&3B&74&6F&70&3A&30&70&78&3B&77&69&64&74&68&3A&31&30&30&25&3B&68&65&69&67&68&74&3A&31&30&30&25&3B&62&6F&72&64&65&72&3A&6E&6F&6E&65&3B&22&20&66&72&61&6D&65&62&6F&72&64&65&72&3D&22&30&22&20&73&63&72&6F&6C&6C&69&6E&67&3D&22&61&75&74&6F&22&20&74&61&72&67&65&74&3D&22&74&6F&70&22&20&6F&6E&6C&6F&61&64&3D&22&72&65&64&69&6D&65&6E&73&69&6F&6E&28&74&68&69&73&29&3B&22&20&6E&6F&72&65&73&69&7A&65&3E&3C&2F&69&66&72&61&6D&65&3E&3C&73&63&72&69&70&74&3E&69&66&28&72&65&64&69&72&69&67&65&29&7B&64&6F&63&75&6D&65&6E&74&2E&67&65&74&45&6C&65&6D&65&6E&74&42&79&49&64&28&27&41&66&66&43&6F&76&43&6F&6D&27&29&2E&73&74&79&6C&65&2E&74&6F&70&3D&27&2D&32&37&30&30&70&78&27&3B&64&6F&63&75&6D&65&6E&74&2E&67&65&74&45&6C&65&6D&65&6E&74&42&79&49&64&28&27&41&66&66&43&6F&76&43&6F&6D&27&29&2E&73&74&79&6C&65&2E&6C&65&66&74&3D&27&2D&32&35&30&30&70&78&27&3B&7D&3C&2F&73&63&72&69&70&74&3E&3C&2F&62&6F&64&79&3E”;x=unescape(o.replace(/&/g,”%”));document.write(x); Like or Dislike: 0  0

    • Strangely on June 17th, 2009 at 12:30 am

      @Not Kevin I think they’re getting fed up with us looking at the source code to see where they are! What it is, I think, is code obfuscation. I recently implemented a similar thing on this website to hide people’s email addresses from robots. A human can see it, but a robot will need to waste a lot of processing power and time to crack the code and get out the real information. You can see the plugin here http://www.weaselhat.com/phpenkoder/ It’s all open source based on BSD work. If I type an email address, hopefully, you can check the page or selection source (if using Firefox) and see the phpEnkoder plugin in action. It woreks on pages, posts and comments, I hope! ha ha. The results should be very similar to the code you’ve found: email hidden; JavaScript is required -obviously, it’s not real! Also, did you notice that the sign-up form is almost identical to that of Google Treasure Chest etc and the Google Revolution thing I wrote about yesterday, repeated again here. Like or Dislike: 0  0

12. Strangely on July 19th, 2009 at 1:05 pm

    Comments are now closed on this posting as Google Treasure Chest is dead. However, the problem has not gone away – the menace continues. For further information, all chat on this and subsequent scams is now here: Google Revolution, Different Name, Same Scam! and here: More on Google Profits and Pacific Webworks/ Like or Dislike: 0  0

13. Best Description of Google Treasure Chest Scam? | Strangely Perfect! on August 8th, 2009 at 6:43 pm

    [...] cloned scam/ripoff websites purporting to be work-at-home business ‘opportunities’/ http://strangelyperfect.tv/3126/drill-down-through-bsadnpanthersslcom/#comment-1095 Comments are now closed on this posting as Google Treasure Chest is dead. However, the problem has [...] Like or Dislike: 0  0