Tag Archive: Registrant

Estonian Spammer Forges CBS and The Guardian

Get Rich Quick Scam Forges Genuine News Agencies Web Pages

Gmail Spam

Gmail Spam

I recently received two emails from a friend’s old Hotmail account, but to two of my email addresses.

Email Spam

Email Spam

Probably, the account has been hacked as I could detect no spoofing in the emails’ headers.  These are the emails, with the email addresses blacked out.

Initial Email Investigations

The text is similar in that they try to entice a user using pretty poor English to click on the shortened URL links, which are active.

Here’s how the links work:
To my Email address;
cbsbusiness9

cbsbusiness9

I had http://cbsbusiness9.com/index2.php?/5260 which then goes to

http://cbsbusiness9.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

To my GMail address;
cbsnews-article

cbsnews-article

I had http://cbsnews-article.com/index2.php?/4032 which then goes to

http://cbsnews-article.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

The screenshots show the results using a neat Firefox plugin, Flagfox, which displays the source IP address and country on mouse-over.

The WHOIS’s of each domain are almost identical.  These are screenshots.

whois.domaintools.com screen capture 2012-12-12-17-12-26 whois.domaintools.com screen capture 2012-12-12-17-13-17 That Arthor Brown’s a one, eh?  Notice the Ukrainian, Russian and New York connections?   Who is/are  or what is:

TNew line ave 172 95
NY, 18274
UNITED STATES
+1.7343541732

Google Search on +1.7343541732

Google Search on +1.7343541732

Googling the phone number pulls out a heap of (not)surprises including an awful cesspit of scamminess that’s now starting to rival Pacific Webworks’ Google Treasure Chest and Jesse Willms’ Colon cleansing efforts!  (We saw these scams a few years back – check the links)

Just check out the fake news and dodgy sounding sites in the search results….  These are the first couple of pages of current search results:

  • Com-news8.net
  • Bcnews8.com
  • Dildobigg.com
  • Raspberry-Ketone24.com
  • BigGgEts.com
  • HurtGuys.com
  • GrowsPeniss.com
  • HugerAss.com
  • Com-news9.net
  • Com-nbcnews9.net
  • coloncleanse-extreme.com
  • nbc9news.com
  • nbc1news.com

Arthor Brown is in most of them with his Yahoo! email address as [email protected]   Please don’t confuse him with this Arthur Brown, but yes, handle all of these websites like Fire!

Forged Webpages of The Guardian Newspaper

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsbusiness9.com screen capture 2012-12-12-16-3-23

cbsbusiness9.com screen capture 2012-12-12-16-3-23

The Guardian, is an old and respected news organisation in the UK.  CBS is a long-established US media network.

They, and the purported author of both webpages, Sirena Bergman, must be pretty pissed off about the hijacking of their names.

Also to be annoyed, is Lloyds TSB Bank who apparently are “in association” with this get rich quick scheme for work at home moms!

Completely Forged News Articles!

Indeed they are.

  • The articles are dated “December, 11:41”, which is odd since there’s no day, just month and time!
  • Both articles are embedded in genuine Guardian web-pages, with all the links surrounding the article going to genuine Guardian web-pages or genuine advertiser websites!
  • The hook links in both forged webpages go to http://workinghome22.com/go.php

The forgery is done in the same manner as the well-known phishing scams done for banks and on-line finance and insurance.

Apart from the images sourced from The Guardian, the scammer’s images are sourced from:

  • ddmcdn.com which is HowStuffWorks.com!
  • localconsumeralerts.com
  • prosperadtracker.com
  • ophan.co.uk

So, Who Is workinghome22.com

Bad Gateway

Bad Gateway

The first link was dead, opening a bad gateway so the expected redirect didn’t work.  The tracking pointed back to Ireland!

Bad Gateway

Bad Gateway

The second link worked, but the sweetly named workingfromhome22.com wasn’t the destination.   No, the link immediate re-directed to http://onlineincnow.com/2/?aff_sub=72

Well, at least the affiliate number 72 is getting paid….

But hang on, who exactly is workingfromhome22.com?
workinghome22.com screen capture 2012-12-12-16-31-44

workinghome22.com screen capture 2012-12-12-16-31-44

Well, typing the URL directly takes me to workingfromhome22.com!  This is it!

Cunningly, you’ll note that it’s pulled out my home-town as Bournemouth (where I live) with that awful “mom” Americanism!  No-one in the UK addresses their mother as mom…  I mean, FFS?

The webpage links, containing the disreputably used graphics of Thomson, Reuters, CNBC and NBC Universal all point to http://workinghome22.com/go.php, which is of course in this domain.  So let’s click it, shall we?

Well, pctrck.com is trying to load, but not much else.

Reversing then trying to exit workinghome22.com produces a pop-up of dubious functionality!  Check the words – there’s no cancel button!

workinghoome22_Popup

workinghoome22_Popup

I did however manage to successfully close this page following that.  Whew!

Now Back to onlineincnow.com

OnlineIncNow Location

OnlineIncNow Location

The previously mentioned http://onlineincnow.com/2/?aff_sub=72 is located in the USA.

So What Is It Up To?

OnlineIncNow.com Whois Record

OnlineIncNow.com Whois Record

Good Question!   A WHOIS puts the registrant in China with the DNS servers in Russia!

As I mentioned earlier, the similarity of the scamminess of this thing is just like the Google Treasure Chest/ Google Money Tree / PWW scams of old.

The site is plastered with the logos of well known businesses to ad an air of authenticity to things (just as the original hook sites used The Guardian Newspaper and CBS in the same way) yet at the bottom of the page they disingenuously ad:

This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by NBCNEWS, ABC, USA Today, CNN or Fox News, nor have they been reviewed tested or certified by NBCNEWS, ABC, USA Today, CNN or Fox News.

onlineincnow.com T&C Screenshot

onlineincnow.com T&C Screenshot

Despite all this, it is of course bollox set to deceive.  In fact, it now appears that it’s the well known negative option scam, used by Pacific Webworks (PWW) and Jesse Willms to good effect until they were found out.

Let’s see how this pans out, shall we?…..

Check out the T&C page from the tiny link in the page footer – screenshot on the right.

  • They say that the applicable law is the State of Florida.
  • You will become a “member” and the key phrases are here:

You must register as a “Member” with Online Income Now to access certain functions of the website. You must provide current, complete and accurate information about yourself (the “Registration Data”) when registering as a Member. You agree that such information is truthful and complete. You agree to maintain and keep your Registration Data current and to update your Registration Data as soon as it changes. You are responsible for maintaining the security of your password. Online Income Now is not liable for any loss that you suffer through the use of your password by others. You agree to notify Online Income Now immediately of any unauthorized use of your account or other breach of security known to you. You also, by becoming a Member, agree to report violations of these Terms and Conditions by others to Online Income Now.

For a limited time only, the cost of this product is $97.00 ( usual price $299.95 ) and every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

MATERIALS PROVIDED TO Online Income Now OR POSTED AT ANY Online Income Now’s WEB SITE

Online Income Now does not claim ownership of the materials you provide to Online Income Now (including feedback and suggestions) or post, upload, input or submit to any Online Income Now Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Online Income Now, its affiliated companies and necessary sublicensees, permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.

You’ll see that “Online Income Now” will:

  • make you a “member” (of what?)
  • and you will be regularly billed, (why?)
  • and that for anything you post, upload etc (wah?  whadya mean?  Where is this uploading?),  “Online Income Now” will take no responsibility for what you do!

…………….which is curious as you don’t know what you’ll be doing and they have invited you to do it in the first place!!!

Now Lets Click The Link!  Follow that Opportunity!

onlineincnow.com screen capture 2012-12-12-17-46-50

2 Spots Left!

Amazingly (sarcasm alert) there are two “spots” left in my area!  This is the page… http://onlineincnow.com/2/index2.php

Michelle Johnson is the “guru” who will tell me everything!  So what do I do?  I have two options:

  • Back out
  • Sign up

Let’s Try Backing Out, Shall We?

CannotBackoutFromOnlineIncNow2

Cannot Backout From OnlineIncNow 2

CannotBackoutFromOnlineIncNow

Cannot Backout From OnlineIncNow

Well of course, they won’t let me.  It takes two goes to get out and the first one completely takes over the browser!  Bad.  This is B.A.D.

Ah, well.  Finally escaped.

Let’s Try Clicking to the Signup Page, Shall We?

secure.onlineincnow.com Data Entry Screen

secure.onlineincnow.com Data Entry Screen

I decide on my name, “Jobless Jake” and a random phone number…. The website is now https://secure.onlineincnow.com/2/cc_97.php

What I see is bad, really bad, and any attempt by this pack of jokers at saying they don’t run a negative option scam is now revealed on this sign-up page!

The scam is now revealed for what it is – a negative option scam!        Read it carefully…..  They expressly say;

By enrolling, you will be charged a one-time fee of $97.00

In teeny-tiny letters, note!

But remember, right back buried in the T&C’s they say;

every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

This is expressly against the FTC code and laws in most countries.  If any extra charges are to be levied for any service or goods, they should be expressly stated on the sign-up page where the customer first enters their financial details.

Gotcha! You Bastards!

Okay, I’ve Had Enough of This. I’m Off!

“Not so fast, young Jobless Jake”, say onlineincnow.com……!

CannotBackoutFromOnlineIncNow3

Cannot Backout From OnlineIncNow 3

They’ve an extra 20% off plus and extra bit of webpage-erese!  The screenshot says it all, though it wasn’t the end of it.  I had one more “Leave Page” option like the earlier one above.

Conclusion

Negative Options are banned by law in most countries.  If you get collared by one, you’ll have a job stopping the bastards taking money from your account for ages.  The only sure way to stop this once you’ve been sucked in is through….

  • Chargebacks.   Get your bank or card company to get a charge-back saying the terms of trade or purchase were hidden (as seen in my screenshot above).

So………………….

  • It’s a scam.
  • Stay away from it.


Enhanced by Zemanta

Related Posts:

Massive Spam Hit for Centurion Wealth Circle Pyramid Scheme

Massive Spam Hit

Willie R

Centurion Wealth Circle Spam Deluge

Centurion Wealth Circle Spam Deluge

Over the weekend, I received over 600 spams from someone called Willie R (with a number appended to the name) to my gmail account which I now use for my spam-trapping on an old email address that I use for registrations and the like…  See the screenshot of one page above!

Centurion Wealth Circle

On checking out a sample I found that most point back to Centurion Wealth Circle with a small array of other dubious links included.  The spams I got had almost identical formats (except for differing ‘from’ addresses).  The differences were in a couple of links.  These are the two spam  types:

Type 1: Includes Link to AutoXten.com

CWC Spam Type 1

CWC Spam Type 1

Type 2: Includes Link to TextAdBrokers.com

CWC Spam Type 2

CWC Spam Type 2

The amazing thing taken straight from http://textadbrokers.com/?premier1 is the spelling mistake for their prime selling point!  Under the headline “What is TextAdBrokers?” we see:

TAB was created as the premier Partner for marketing and distribution For the newly created contextual advertising Platform hitcralwer.com

hitcralwer.com (or HitCrawler.com) has already spawned a long chain on Scam.com that starts with a scam warning, then features server outages, lawyer warnings, lawyer bebunkings and various personal threats and revelations about the contributors.  For me, this is all very entertaining stuff, but the key facts for me are that;

  1. I have been heavily spammed, all links tending to the same source and all pointers pointing to the same destination(s).
  2. TAB’s own blurb can’t even spell correctly!

From that, you’ll gather which side of the honesty fence I think this lot come from…!

Willie R Burke kindly leaves his address in one spam type as “41 Merker Dr, Edison, NJ 08837”.  This ties in with the WHOIS of the source.  However, I don’t see why I should have to follow THEIR suggestion to stop the spam coming from them.  After all, I have over 600! The suggestion is not everywhere, but only on some of the pointers.

Five domains are in nearly every spam, (from those that I checked in my deluge.)

These are;

  1. http://vd.autoxten.com
    • –  Under their earnings disclaimer, they claim “that AutoXTen is not a get rich quick scheme but is a business” and that “all customers are essentially purchasing advertising”….?
  2. http://www.centurionwealthcircle.com/?register
    •  – considering the deluge I just got, their spam policy takes some beating!  e.g. “Unsolicited commercial email (UCE), while regarded as legal in some jurisdictions, is regarded as spam by most Internet service providers (ISPs), and may not be used to promote CWC”.  Larry Harper, take note!  I am not prepared to wade through 600 email headers just to prove that your spam policy works…  You do it.  Start with the source.  YOU!
    • Pyramid Details

      CWC Pyramid Details

      CWC

      Their business model is based on buying “tokens”, keeping them as a “portfolio” or something for a bit, and then cashing in 50% of the “investment” at some ill-defined “maturity” point.  Although they claim otherwise, this is classic pyramid scheme technology.  They make clear the exponential growth that potentially exists in their own blurb, and ONLY pyramid schemes promise exponential growth.

  3. http://www.makemoneyonline-free.org/
    • – here I find out that I “have been invited to join ClixSense by robbie1201”.  Oh really!  Thanks for nowt robbie.  It’s a site called “ClikSense, advertising that pays” but the domain name remains the same.  On their user agreement, point 10, Spam Policy, they helpfully remind Robbie and Willie R that “Spamming is a federal crime. Any member caught Spamming will not only have their account terminated immediately and lose any past, present and future earnings, but shall also be held liable for spamming as we shall cooperate with any authorities and investigations that may arise from the spamming incident. ClixSense may fine your account up to $5 per spam email reported from you email address.”    I don’t think they were listening!
  4. http://www.homebasedtelesalesjobs.com/

The registrant of  http://infinityleadsystem.com/ is;

E.C.I.
5802 Bob Bullock C1 Unit 328C-195
Laredo, TX 78041-8813
US

However, the server is located in Quebec, Canada!

Why this should be so when so may sites (like mine here) are served from the massive data centres in the US (like Texas, say!) is beyond me.  But I find the Canadian connection strangely comforting.

Conclusion

It stinks.  From the initial deluge to burrowing through the various “systems”; it stinks.  Leave it well alone folks.  Any business of note should NOT  be resorting to Spam for new business.  The scale of this spam deluge emphasises the non-credibility of these charlatans much more than their cheesy website offering ever could.

The fact that most domains were hidden “for privacy” plus the fact that the websites are almost incomprehensible as they struggle to disguise their real motives and modus operandi are just bonuses!

Related Posts:

Comments are closed

How WordPress Spam Works

WordPress Comment Spam

The plague of all blogs is spam, mainly comment spam, by sheer numerical superiority.

Q.  Why Do They Do It?

A. As a minimum, they do it to open a back-door into your blog that allows the perpetrator to place reverse linkages to another website to increase that website’s visibility in search engine results (so called “Search Engine Optimisation” – SEO ).  This back-linkage they use to increase website search hits, which they can charge an ignorant website beginner big money for.

At the worst, the culprit would gain full access to the blog allowing free posting and deletions or even the complete removal of your website content.

Today’s Example

Today, I got a comment that made me check further as notionally, it looked okay-ish. These are the details (click image for full-size view of the comment as it appears in the WordPress admin section):

Comment Spam Example

Comment Spam Example

The Jacksonville lawyer is in Florida and has this website; http://www.divorceyes.com/index.html, and the actual comment is pretty kosher, although brief, saying;

Strangely you have made an awesome post and i appreciate your work and keep it up. Thanks for sharing this with us.

This is all very nice, but check out the IP address….

WHOIS 113.203.135.140

By checking the WHOIS for this, we see that the IP Address for this supposedly reputable Florida lawyer (Divorce Yes) is in Karachi, Pakistan!  Well are they?  My guess, given the cheap web costs in the USA, is that Divorce Yes is in the US and that they wouldn’t for an instant even consider anywhere else!

And so it is!  The actual WHOIS for Divorce Yes is in Florida!  (The actual WHOIS for the web-hosting, fortehosting.com is in Illinois).  The registrant’s name (Miller) also agrees with the Divorce Yes’s contact details here, but note; the email address in the comment, [email protected], is not the same as the email address on the contact page, which is [email protected]

Registrant:

jeff miller

1019 grand court

highland beach, Florida 33487

United States

Registered through: GoDaddy.com, Inc. https://uk.godaddy.com/)

Domain Name: DIVORCEYES.COM

Created on: 07-Jun-05

Expires on: 07-Jun-16

Last Updated on: 17-Feb-07

Administrative Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Technical Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Domain servers in listed order:

NS1.FORTEHOSTING.COM

NS2.FORTEHOSTING.COM

Conclusion

There isn’t a conclusion really.  This is just an example of the way that text harvesting is being used to make seemingly intelligent comments slip past the comment filters on a WordPress blog.

As many of these filters rely on an IP address, if the webmaster lets a dodgy IP address through just once then it’ll be marked as “good” by the filters which will then allow the spammer to post even more comments, all for the various nefarious reasons that I mentioned first.

This is why I use a plugin like WP-SpamFree, and using it I can block all incoming pings from a given IP address, in this case, 113.203.135.140!

For interest, I’ve edited out the back-link from the spam comment above and you can find it on this post, Pacific Webworks, Lawyers and Social Networking, here.

Alternative Conclusion

This isn’t a conclusion again, but my examination of alternative possibilities, but note the following:

  • The Divorce Yes website is made and SEO’d by http://enettechnologies.com/.
  • WordPress is used on the website.
  • Many WordPress plugins exist to “improve” the SEO of a website.  (I use some!)
    • Some do it by ensuring meta and other data is added if it’s missing.
    • Others have sprung up over the last few years that “intelligently” link to other websites….  they harvest websites for text and linkages for later use, much like email spammers scan websites for email addresses to spam.  [n.b.  I use PHPEnkoder from Michael Greenberg to hide email addresses on this site from email address harvesters.]

It could be, although I cannot prove or disprove it, but because some of this spam I receive is now pretty readable as with this one above, that plugins are being used for much of the hits I get.  This comment  could be such an example, or the law website name is being used textually as a smokescreen for the Pakistani spammer.  I see lots of adverts along these lines that couldn’t possibly rely on manual  human link placements for their effectiveness….

I’d be interested to hear from Miller Law or their website designer on this one.  It’s not the first time that I’ve had reputable businesses appear on my website like this and I’d like to know what it appears like at their end, if at all.  It does make me wonder if this very website is being used to cloak spam at other websites in the same manner.

This is why I’ve left all URL back-links to the parties in place so that they’ll see them in their logs.

Related Posts:

Comments are closed

Is There Really a SwipeAuctions to SellOffAuctions Link?

Introduction

I’ve been reading this post on Penny Auction Watch:

http://www.pennyauctionwatch.com/2010/11/have-you-bid-on-selloffauctions-com-reviews/

..and can agree with Amanda that many of the search results are “very interesting“, as she says.

The claims from “anonymous” and others really should be chucked out for believability because they are unsubstantiated.  But there still lie many interesting things.  Things like the Google screen-shots which demonstrate links over long periods of time between a clutch of business entities, most of which include substantial volumes of complaints and dissatisfaction summarised by the word “scam”.

This linkage is there in the internet record, no matter how much business entities chop and change their identity, on-line or off-line.

Blog Posting

Of particular interest is Amanda’s mention of a SellOffAuctions blog.  I remember this when it started, but it’s no longer extant although this huge web comment stream gives a description of its genesis.  However, a quick Google search on the first line of the text pulls out the two blogs in Amanda’s narrative.

BlogSimilaritySearch

Blog Similarity Search

 

TerraMarketing’s output is in this shot below, but the SellOffAuctions blog is now unavailable:

Spam The Wrong Way To Market Your Business

Spam The Wrong Way To Market Your Business

Yet the SellOffAuctions basic blog contents at start-up show up clearly in the Google cache of the web-page:

SellOffAuctions Blog

SellOffAuctions Blog – webcache

…and the original “Why Free Isn’t Better?” post from the old blog  is here on yet another Willms blog:

JesseWillmsMarketing

JesseWillmsMarketing

What Does this Mean?

Well the thread at PAW makes plain that a high degree of website copying has been going on.  A guy claiming to be from SellOffAuctions makes this point as an excuse to speed up the site set-up.  Others have pointed out that if this is the case and there has been no collusion with SwipeAuctions, then the brief happy Willms’ outfit would have a very good case for copyright infringement.

Bid Auction Software

Bid Auction Software – a Google Search

One extra spanner in the works that may block any suing is that on-line templates exist for the express purpose of setting up “Bid Auction” type websites!  So of course they’d be similar! (That is a screendump of a Google search for Bid Auction software on the right!)  This does not explain the similarity in the blog postings mentioned below, though.

Another extra spanner that might possibly confuse people over intra-website or intra-business linkages is the addition of the SellOffAuction.com domain (n.b. no trailing s).  This was pointed out here.

It Is Very Interesting

It’s also very interesting that two blog posts from the Willms’ website stable found their way into the Google cache of a direct competitors blog, is it not?  We now know that the blog was pulled, but in its entirety?  Maybe after all, there was copying and the blog was simply pulled as being past its purpose.  This happens all the time, not least with Willms’ myriad of blogs such as described here.

The WHOIS records for all websites above follow the usual patterns with the notable introduction of “Internet Holdings” into the mix (what happened to TerraMarketting?) and also the movement of some Willms domains to the Ashton Manning registrant noted a while back:

One Last Twist!

SellOffAuctions.Net

There is of course potentially, a plethora of SellOffAuction domains.  the dot net one, is one and a full screenshot is on the left complete with a the biggest footer of exclusion clauses that I’ve ever seen!.  Here’s what the top of the page looks like:

You’ll see that it contains a video, the very same video used by SwipeAuctions.com on their website and affiliate promotions.  Also, it’s on selloffauctions.com too!

Even more interestingly, all the links supposedly go to SellOffAuctions.com if you look carefully – except they don’t!!  They actually point to:

http://selloffauctions.net/auctions

…which then redirects to:

https://www.vigrxplus.com/?a=InterMark&t=2656

This is a site to flogging big knob stuff, a whois puts them as follows below with 45 similar big knob sites listed here.

Registrant:

Leading Edge Marketing Inc.

c/o DM Contact Management Ltd.

Suite 100 – 645 Tyee Road

Victoria, British Columbia V9A 6X5

CA

250-383-8267×452

Fax:250-383-0896

Leading Edge Marketing’s T&C contain the USA phone number  1-866-621-6886 which throw up a few complaints mainly from folks who don’t like porn.  Personally, I can take it or leave it.  I just don’t like thieving scammy bastards.

In this case, it’s an affiliate fuck up either by design or accident.

Conclusion.

That’s about it.  I can’t find direct linkages for now.  There’s too much supposition and too little actual proof.  Sechrists pop up and go.  Blogs pop up and go.  Websites pop up and go.  So for now, that’s it.  Inconclusive is my take on any connection.

Related Posts:

MyBookface, Google, Utah and Nevis Scamboys United

Introduction

I knew there was something really, really dodgy about that MyBookFace.net crap highlighted in this post the other day. Not only are they connected to some serious malware (as detailed in the posting), but they’ve an interesting line in popups!!!

Google Treasure Chest Rises Yet Again!

Here’s what to do…

Blogs » MyBookFace (Powered by phpFoX)

Blogs » MyBookFace

  1. Go to http://mybookface.net making sure that you’ve emptied your browser cache and removed cookies (you will find that the popup only appears once, if you close it down. So if you need to see it again, clear your cache & cookies)
  2. Now click on the “Blogs” link which is
    • You’ll now be presented with a popup window for San Francisco DAILY NEWS. This is located at http://www.net-news-daily.com and is yet another pseudo-news website that appears to be full of interesting links!
  3. Link Information for: www.net-news-daily.com

    Link Information for: www.net-news-daily.com

    Actually, all of the links go to only a couple of destinations….. If you use the “Web Developer” plugin for Firefox, you can quickly see all the links in a web document – and in this case, there aren’t many!

    • You’ll also see that the T&C type links at the page bottom don’t work!! (these are the javascript void links)
  4. Let’s follow the link… Where do you think it ends up?

Google Fortune – GoogleWorksToday.com

Unbelievable, isn’t it?..!!

Google Fortune - Earn Money Using Google!

Google Fortune - Earn Money Using Google!

As seen and trusted on ABC, CNBC, CNN it says!! – well that’s one way of putting it!

In essence, it’s the same old trip we’ve had from Google Treasure Chest, Google Revolution, Google Money Tree. So from now on, anything like this is lumped into one ‘thing’ called Google Bollox.

The page is actually quite inviting and not quite as gaudy as before. Apparently, you can earn up to $907 per day (damn – I was hoping for $935 again.)

The same poor logic and content checking is going on though – at the bottom they helpfully inform the reader that their product isn’t endorsed by Fox News even though this is the first actual mention of Murdoch’s child.

Also at the bottom, there’s another new company (for me) called FunWebProfits View Marketing, Inc., 642 Main Street, Nevis. Nevis is that island in the Caribbean again!

Who Are They?

This seems a relatively recent addition. A Google search on the full name and address produces nothing. However, separating the name and address into two different searches produces the now-usual crop of complaints and allegations of fraud and theft that we’ve become accustomed to.

Try FunWebProfits View Marketing, Inc., 642 Main Street, Nevis.

The Nevis address has been in these pages several times. See:

Using this earlier research, and the website: http://www.sknvibes.com/Business/Trust.cfm?Vz=1, we can say that the Nevis company is:

Nevis International Trust Co. Ltd.
Mr. Eugene Herbert
P.O. Box 642
Hamilton Development
Nevis
Tel: 1 (869) 469-5132
Fax: 1 (869) 469-5898
E-mail: [email protected]
Website: http://www.inttrust.com

The header at the top of the inttrust about page says it all. It’s a dinky little island so has to make money somehow…

Nevis is an excellent jurisdiction in which to open a Limited Liability Company (LLC). The Nevis Limited Liability Company Ordinance was passed in 1995 and has become very popular.

It offers a full range of financial services and products including asset management and protection, company formation and administration, insurance, foundations, mutual funds administration, offshore banking, investment management, and trust services.

Nevis offshore companies are free from taxation and are protected in privacy by the 1985 Confidential Relationship Act.

The blurb on their website offers strict confidentiality along with business expertise from the United States and Britain!

Another interesting bit is that the copyright for this crap is claimed by a company called “View Marketing”. This makes a Google Search on them very hard, presumably by design! The inconsistent punctuation is designed to mislead, is it not? I take it they’re nothing to do with the Scottish Tourism company of the same name… etc etc etc.

Time to Sign Up! I’m In!

Google Fortune - Earn Money Using Google: Credit Card Entry Page

Google Fortune - Earn Money Using Google: Credit Card Entry Page

Because the GoogleWorksToday.com page is a “Limited Time Offer”, I thought I’d better leap in now before it’s too late…

I used my standard spam magnet email address but with a name of “Donna Kebab”(I’ll be waiting for some spam on this name, natch). I used the postcode of Scotland Yard in London and their general enquiries telephone number…. Mysteriously, I notice that they have a “mark of the devil” contact number of 877-402-2666….. Hmmm. Let’s check that out using Google, seeing as how I’m starting a new career with it today!!

Oh Dear! Best not.

This phone number already appears to have ‘prior’, as the boys in blue would say… Apart from the few scam sites like realjobsfast.com say, all the hits are complaints! Like:

Needless to say, like your typical “News of the World” reporter, I’ve made an excuse and left! However, this was not before noticing that the credit card page of GoogleWorksToday.com at

..has a WHOIS of:

Registrant: View Marketing
2862 Gulf to Bay Blvd
Building A
Clearwater, Florida 33759
United States

Domain Name: GOOGLEWORKSTODAY.COM
Created on: 22-Jul-09
Expires on: 22-Jul-10
Last Updated on: 22-Jul-09
Administrative Contact:
Marketing, View
2862 Gulf to Bay Blvd
Building A
Clearwater, Florida 33759
United States
+1.8774022666

This Florida place is in these little shack businesses, very nice.

However, spin round 180 degrees and we can find one possible source for the ‘company’ name… The large building is called “View Gardens”, ha ha!

Paths Running Deep and Murky

One of the scam site results in the Google search for the 877-402-2666 number was another pseudo news site (these must be effective because of their prevalence):

New York Reporter News at http://web.archive.org/web/20090802103410/http://news9at6.com:80/index14.php?

Jobs - Employment - New York Local News: Scam site

Jobs - Employment - New York Local News: Scam site

This scam site even has very convincing YouTube news-type videos, all targeted at the work-at-home-mom thing. As before, apart from the inbound feeds that add authenticity, there are hardly any links.

Most links point to this sucker-inner website:

http://web.archive.org/web/20090809071637/http://news9at6.com:80/google14.php?arid=

which redirects to:

Google Fortune - Earn Money Using Google! This time at https://www.processcartcenter.com

Google Fortune - Earn Money Using Google! This time at https://www. processcart center.com

…that will have an aura of familiarity for readers of my Google Treasure Chest – it’s a scam and a half! posting from April (yes, it’s processcartcenter.com again) and also, it’s exactly the same Google Fortune page as before, but with a different address…..

Whois, Who Are They?

All is not lost. Check out the IP addresses in the WHOIS’s for processcartcenter.com and googleworkstoday.com which are:

  • 209.90.119.16
  • 209.90.119.11

These are obviously related. Now if you suspect that they live in Utah, I’m not betting any money with you. The WHOIS for both these IP addresses is:

Fibernet Corporation: 1155 S 800 E, Orem, Utah 84097

Talk about keeping it in the family!

The Tabernacle-like building houses 3 companies:

Of the three, Fiber.net (sic) has definitely been involved in spamming from 1997 through to at least 2007. Nethosting.com seems to be a standard webhosting entity with the usual good and bad references.

Ceristar seems a bit odd, to say the least! Their previously posted domain name ceristar.com is up for sale and since 2000 they have had a host of double stock swapping company mergers and takeovers. Their stock exchange reference (OTC BB: CTRI) now seems to point to a Chinese Organic Food business, which wholly at odds with previous references to the company setting up ISP-related connections to all and sundry in Utah.

Conclusion

Scam, scam and thrice scam.

The only thing missing from this ferago of twisted and hidden businesses is some references to County Durham, Gibraltar, Pasig City or Nicosia, Cyprus.

No doubt they’ll pop up soon (pun intended)

Naturally, DO NOT SIGN UP FOR ANY OF THESE “OPPORTUNITIES”!!!
Follow the Guidance given in Google Treasure Chest – it’s a scam and a half!, Google Revolution, Different Name, Same Scam!, More on Google Profits and Pacific Webworks, Robert G Allen, Grants, and a Credit Card Slimeball
Between these articles I’ve now produced clear links between the various scam operations, their money stashed overseas and their business entity partners and covers in the USA and elsewhere.
DO NOT SIGN UP FOR ANYTHING – FINAL WARNING

Related Posts:

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me