Is this a legitimate article?
November 12, 2012 5:34 PM   Subscribe

I was sent an msnbc article about jobs in America which reads a little suspicious. No luck with a simple "whois" search. Can anyone verify the veracity of this site?

My father sent me this link yesterday:

I think the wording is a bit effusive. Makes me feel like it's a dummy article pushing this company. The URL looks almost like MSNBC, but the hyphen placement makes me wonder. Any quick ways to check? A simple whois search just gives me an error message.

It looks like a generic annual job ranking article, the #1 one job is Online Affiliate. The article's treatment of the job just doesn't sounds right to me.

Here are the passages that make me suspicious:
Patricia Feeney of Houston, Texas never thought she would have a job working at home until one day she filled out a simple form online. Before she knew it, she discovered her secret to beating the recession, and being able to provide for her family by working from home.
I asked her about how she started her remarkable journey. "It was pretty easy. I filled out a short form and applied for a Home Cash Profits. There is a small shipping and handling fee, its not really free but it was under $10. I got the Kit and within four weeks I was making over $5,000 a month. It's really simple, I am not a computer whiz, but I can use the internet. I post links that are given to me, I don't even have to sell anything and nobody has to buy anything. They are constantly recruiting people to post links, you should try it."

This is immediately followed by the rankings which further raised my bullshitometer.

No. 1 best: Online Affiliates

Adriana Garcia / AP
Job Description: Work online posting links for big corporations like Google, Yahoo, Facebook, Twitter, etc.
Verdict: This low-stress, high-paying job made the top of the list because of “two emerging industries: Web applications and social networking. Also, Who doesn't want to work in the comfort of their own home? Not to mention its one of the easiest jobs to get out there. One of the top online corporations giving jobs to hundreds of thousands of Americans is Home Cash Profits.
The job brings in about $87,000 annually and the hiring outlook is among the best of the ranking. Positions are expected to increase by about 42 percent by 2018, the fastest of any occupation, according to the BLS.
Wondering how to get started?
You don't need a college degree, this job requires your computer and basic typing skills. Go to Home Cash Profits and follow the instructions given to receive your trial. The trial is free however, you will need to pay a $9.99 shipping and handling fee to receive your starters kit.
posted by Telf to Work & Money (27 answers total)
So the actual domain name there looks to be, which, yeah, doesn't appear to be affiliated with MSNBC.
posted by limeonaire at 5:37 PM on November 12, 2012 [3 favorites]

Definitely not MSNBC. Scammer, spammer, hoax, fake, you name it. Avoid avoid avoid. The top-level domain is and the rest is just a hostname fakeout.
posted by Mo Nickels at 5:37 PM on November 12, 2012 [4 favorites]

I was just sent the same link from my chiropractor's account. His email account has been hacked before. I am certain, because of who sent me the link, that it is not a "legitimate" article, but I don't have any proof for you other than the great twanging of my bullshitometer.
posted by lakersfan1222 at 5:38 PM on November 12, 2012

Thirding. The actual domain name is Probably a scam.
posted by retypepassword at 5:39 PM on November 12, 2012

It's a scam. The actual domain for this site is not MSNBC, but rather I got sent this earlier today, and was kinda impressed with how authentic it looks. Look closely at the URL. Your eyes tend to glaze over where the dots are, which is why these things can be effective.

Delete, and let your referring friend know that their email has been hacked.
posted by jbickers at 5:39 PM on November 12, 2012

PS: The whois for shows that the DNS servers are in Russia, and "Joe Celbow" is the registrant. Fake. I mean, it might be a real name but the site is fake.
posted by Mo Nickels at 5:39 PM on November 12, 2012

Yeah, and its IP address is based in Ukraine.
posted by limeonaire at 5:40 PM on November 12, 2012

Here's the actual MSNBC article they started with - the scammers took the layout and most of the article, and just swapped in that first bit.
posted by songs about trains at 5:42 PM on November 12, 2012

apparently this is a thing. earlier today I was sent the exact same link by somebody I haven't emailed with in maybe 7 years. I assumed it was spam and deleted it.
posted by changeling at 5:43 PM on November 12, 2012

Response by poster: Pretty well done. I don't think my Dad's account was hacked, I'm quite sure he sent it to me in good faith. He used to work on Oil Rigs and I think it was sending it to me in reference to the roustabout job description. The shady online job scam just came along for the ride.

For the people who found the IP and successful whois, can you give me a quick run down on how to that. Obviously my google for "whois"and then entering the whole URL didn't work.

Thanks guys!
posted by Telf at 5:45 PM on November 12, 2012

I found the IP address via this whois site by Googling
posted by limeonaire at 5:51 PM on November 12, 2012

Did the email say:

"check this out when you get a chance (shady link)"

? Because that's what mine said and I know for sure that the guy who sent it to me would never send me that link, nor any link...
posted by lakersfan1222 at 5:54 PM on November 12, 2012

Best answer: Anatomy of a spam URL:

http://     msnbc.        msn.   /jobs
_______  _________  _________  ____________  __________
protocol   subdomain   subdomain   domain             subdirectory
posted by limeonaire at 5:59 PM on November 12, 2012 [15 favorites]

FWIW, the link was blocked by Avast as a possibly malicious site.
posted by Verdandi at 6:11 PM on November 12, 2012

I got this as spam from people who are Facebook friends. They did not send it, but my guess is their address books got hijacked.
posted by Sidhedevil at 6:34 PM on November 12, 2012

Best answer: Yeah, the thing to look at is, after the http:// part, where is the first '/'? Not a hyphen, not a period, not anything but '/'. Then backtrack to the last '.' before that.

If that last bit doesn't actually match the name of the website you think it is, and it's actually intended to be linked-to, then it's not it. There are a few big websites that do use some other domans. Like you may find a Facebook photo at But that's not meant to be the front-facing URL. The main URL of an article? Always going to be on their big, famous domain name, basically. You don't really need to get as far as whois.

Your dad needs a stronger password on his Facebook, probably, if that's where you got it from, or his email otherwise.
posted by gracedissolved at 6:40 PM on November 12, 2012 [2 favorites]

I got this link too, from my aunt. I assumed someone hacked her email, because the email just looked kind of spammy, then the article was just so wrong.

I actually do have affiliate links on my blog, and a fair number of readers. In the last few months, I've made a grand total of $8. So, if you're thinking about making money as an affiliate, it's a lot of work for very little return (I blog because I love blogging, the affiliate links are just because I'm linking to products anyway, might as well make a couple cents off of it).
posted by insectosaurus at 7:15 PM on November 12, 2012

I used to work for a webhosting company, and while it's possibly a matter of an email account getting hacked- of course that happens all the time- it could just as likely be a php-mailer on a compromised web-hosting account, we used to see this exact same sort of thing- probably from the same people- getting sent that way. So it's worth checking on that as well.
posted by hap_hazard at 9:38 PM on November 12, 2012

Here's a wrinkle: I clicked on the link above to check out the article. Didn't click on anything else in the article, navigated away soon after.

Now, several hours later, I see that my yahoo email address has sent out 7 messages to the first 7 people in my address book, subject line "Hey [name]!" and body "You have to check this out: [link to site above]."

I don't know much about how this would work, but I know I didn't click/download anything from that page, and I KNOW I didn't send those spammy messages!

Obviously I've changed my email password now, but I would recommend others not click on the link above.
posted by Bella Sebastian at 11:05 PM on November 12, 2012 [2 favorites]

Mod note: I changed the URL to plain text instead of HTML so it's less easy to follow.
posted by goodnewsfortheinsane (staff) at 12:07 AM on November 13, 2012

Response by poster: The original email I received was also from a yahoo account. Big apologies to Bella Sebastian and any others who may have had problems from the link, honestly didn't even know that was possible.
posted by Telf at 2:40 AM on November 13, 2012

I found it interesting that the link from the same author listed as the domain instead ; spot checking, com-articles{1..9}.us and com-report{1..9}.us look to be owned by the same person (who's likely fake, or stolen id); nameservers for the domain are with NS{1..3}.KYTOOG.RU .

com-news{1..9}.us has a different contact name, but namesers also with and nslookup shows that they all point to the same IP . I'd like to say this might make people become a bit more familiar with url naming, but considering how long fake paypal fronts have been around, I guess not.

I've submitted all this to enom, the registrar for there domains ; hopefully they'll find still more names from the scammers.

I'd be curious if anyone wants to pick through this (I have a mirror if it comes down fast (Ha, I say funny things some times)) to see if there's anything malignant. At the very least, remove your cookies from if you visited this site.
posted by nobeagle at 7:16 AM on November 13, 2012

I had clicked a link to this from a Facebook friend before seeing this askme. Today I got an email with this link from my Yahoo account to another account I have and several Mailer daemon notices to my Yahoo account too. Don't know how many people I spammed.
posted by saffry at 11:26 AM on November 13, 2012

I received an email from a friend's Yahoo account with this link. I clicked the link on my iPhone, not looking at it carefully enough (at a glance, it really looked like an genuine MSNBC site, or else I never would have clicked it). Shortly afterward, I saw the same link had been sent to a handful of my contacts (starting with "A") from my Yahoo mail account. Pretty scary that clicking on a link (even on an iPhone!) can allow hackers access to your email account. My guess is you have to be logged into Yahoo at the time you click, and somehow hackers are able to take over the secure session that had been established with Yahoo.

I also found someone had posted about it on their blog:

I wish Yahoo would acknowledge this real issue, but in their support documents about being accounts being compromised, Yahoo just lists the obvious ways it can happen. Clearly they have a security hole that needs to be fixed ASAP!
posted by liquidsoap at 11:42 AM on November 13, 2012

just got it from two more unacquainted people today.
posted by changeling at 11:49 AM on November 13, 2012

And, finally at "Fri, 16 Nov 2012 11:59:28 +0000" I received a notice from enom that they've suspended the 27 domains that I pointed out to them - they are definitely not Go(I pull the plug on a whim)Daddy (which in many (most?) cases is a good thing). That said, they actually followed up with me twice, despite a big warning on the complaint submissions that they wouldn't. Nothing about them looking further into the issue; I came across com-news{1..9} just by randomly guessing; it was the articles and report that I saw listed. I'd be surprised if the abuser only did 3 nouns, but randomly looking I wasn't finding anything.
posted by nobeagle at 5:54 AM on November 16, 2012

« Older Glitter wall alternatives for an adult?   |   Fungus on tomato leaf: cause or effect? Newer »
This thread is closed to new comments.