Please support our effort by making a small donation. Thank you!


How Google is Used As a Weapon

How Google Is Used As a Weapon Against You

During our two years exposing Internet scams and threats we have developed a real appreciation for the creativity, skill, and resourcefulness of the criminals who target citizens of the world.  We’ve watched their tactics evolve as they develop new malicious  tricks making it harder for the average Joe to recognize a threat when it is staring him in the face.  Their latest tactic is meant to appear to use Google as a means to deliver a malicious payloads.
This email appears to have been sent by a graphic designer from the legitimate domain without a subject line.  It also appears to be forwarded from another email.  The only contents worthy of attention is a link that points to

TS1-Google Link

If you look carefully at the red hyperlink to Google notice a second http in the code, followed by %3A%2F%2F and more.  These characters are a form of coding that translates the same as ://.  So what you are really seeing is another link buried in the link to Google…

   h t t p:// /kxnuuina.php and a lot more characters….


The Zulu URL Risk Analyzer confirms the hidden redirect but doesn’t identify it as malicious.

TS2-Google link

redflagRed Flag #1: Someone has send a link made to look like a link to Google but is actually a redirect to a website called  Google tells us that this website may have been hacked.  When Google tells you this, you had better believe it…


If we ask the Zulu URL Risk Analyzer to investigate the link to we find several interesting things to consider….
redflagRed Flag #2: contains many redirections to other websites, including  Everyone should recognize the remarkable charity foundation, Save the Children.  But what is it doing here with at least three redirects pointed to it?  The popups to are meant to distract you just like a pickpocket distracts you with one hand while picking your pocket with the other.  If you look at the analysis from Zulu you’ll also see that there is a redirect to a strange website called

TS3-Google link

redflagRed Flag #3:  We look up in Google and find absolutely nothing.   Zulu doesn’t find it threatening but it does score it 43 out of 100 points.  However, it does find that is being hosted in Lithuania.


TS4-Google link

Remember, this started as an innocent email containing a link that seemed to point to Google.  Now we see that we’re being sent to a website in Lithuania and Google can’t find any information whatsoever about this website.  Does this still seem safe to you?


Since it seems that our final destination is we used to look up ownership of the domain…

TS6-Google link

redflagRed Flag #4:  We learned that was registered on June 27, the day the email was sent and that the site appeared to be hosted in England.


Looking more carefully at the WHOIS record for shows that it was registered through a sleazy registrar in China called  If you look up in Google as we did, you’ll find lots of complaints against this Registrar, including the fact that ICANN (the Internet’s Governing organization) hit with a breach of contract in 2014.  Visit:  We wonder why is still in business! And check out this article in about how sleazy is reported to be!

TS7-Google link

redflagRed Flag #5: Finally, we decided to look up the administrator listed on the WHOIS record for…. Mckenzie Considine of Considine Corporation Ltd. According to this document we found on a U.S. Government website, Considine Corporation was served with a lawsuit in 2014 for fraudulent practices by the U.S. Commodities Future Trading Division. Visit:

TS8-Google link

How does that link to Google feel to you now? Innocent?  Nothing to worry about or did it have malicious intent?  Yeah, that’s what we thought too.  Delete and be glad you dodged a bullet.
The next time a friend sends you an email with a link, look carefully at it before you click.  Any doubts, be sure to contact your friend personally to ask about the email.