March 23, 2020

In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization (SEO) services rendered on behalf of their domain names. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. What follows are some clues that point to a very convincing answer to that question.

Since at least 2007, Web Listings Inc. has been sending snail mail letters to domain registrants around the world. The missives appear to be an $85 bill for an “annual search engine listing” service. The notice does disclose that it is in fact a solicitation and not a bill, but wording of the notice asserts the recipient has already received the services in question.

Image: Better Business Bureau.

The mailer references the domain name, one of several similarly-named domains registered sometime in 2007 or later to a “James Madison,” who lists his address variously as a university in New Britain, Connecticut or a UPS Store mailbox in Niagara Falls, New York.

Some others include:,,,,, and At some point, each of these domains changes the owner’s name from James Madison to “Mark Carter.” As we’ll see, Mark is a name that comes up quite a bit in this investigation.

Image: Better Business Bureau.

A Twitter account for Web Listings Inc. has posts dating back to 2010, and points to even more Web Listings domains, including weblistingsinc.orgCached versions of at show logos similar to the one featured on the Web Listings mailer, and early versions of the site reference a number of “business partners” in India that also perform SEO services.

Searching the Internet for some of these Web listing domains mentioned in the company’s Twitter account brings up a series of press releases once issued on behalf of the company. One from May 2011 at sings the praises of, and in the same release, and lists the point of contact simply as “Mark.”

Historic WHOIS registration records from Domaintools [an advertiser on this blog] say was registered in Nov. 2010 to a Mark Scott in Blairgowrie, Scotland, using the email address bills itself as an online service for “fighting negative and incorrect content on the internet,” which is especially interesting for reasons that should become clearer in a few paragraphs. The site says Mark Scott, 46, is an employee of, and that he is also involved with two other companies:

-GoBananas, a business that sets up group outings, with a focus on bachelor and bachelorette parties;, an entity in Scotland that did online marketing and travel tourism both in Scotland (via sites like and and on India’s coastal Kerala state where employed a number of people involved in the SEO business. now simply redirects to GoBananas.

According to Farsight Security, a company that keeps historic records of which Web sites were hosted at which Internet addresses, was for a while hosted at the IP address with just six other domains, including, which was a blog about traveling and living in Alberta, Canada registered to Mark Scott and the email address Cached versions of this site from 2011 show it naming Web Listings Inc. as a business partner.

That same email address is tied to the WHOIS records for,, Cached copies of from 2010 at show his profile page on links to another blog with much the same content, images and links called

Among the 2011 entries from the Internetmadness blog is a post promoting the wonders of benefits of Web Listings Inc.

A cached copy of Mark Scott’s blog Internet Madness from 2011 promotes Web Listings Inc.


Aha! But wait, there’s more. You see, for years was hosted on the same servers along with a handful of other domains that all switched Internet addresses at the same times, including, and the IP addresses (17 hosts), (6 hosts).

Most of the other domains at these IPs historically have been tied to other domains connected to Mark Scott and his various companies and business partners, including,,,,,, and

I found a similar pattern with domains stemming from a Crunchbase company profile on Web Listings Inc., which says the firm is based in Toronto, Canada, with the Web site, and email address Historic WHOIS data from says was registered in 2013 to a Marcus Ruskov in Toronto.

Information about who registered is completely hidden behind privacy protection services. But Farsight says the domain was in 2015 hosted at the Internet address, along with just 70 other domains, including the same list of domains mentioned above,,,, et cetera.

What do all of these domains have in common? They are tied to companies for which Mark Scott was listed as a key contact. For example, this press release from 2o11 says Mark Scott is the contact person for a company called Appco Group UK which bills itself as a market leader in face-to-face marketing and sales.

“Worldwide, Appco Group has raised hundreds of millions of pounds for some of the world’s biggest charities, delivered pay-TV and broadband services, financial services, security and many other successful marketing solutions on a diverse range of products,” the press release enthuses.

The Appco Group is the re-branded name of a family of marketing and sales companies originally created under the name The Cobra Group, whose Wikipedia page states that it is a door-to-door selling and marketing company headquartered in Hong Kong. It says investigations by the media have found the company promises much larger compensation rates that employees actually receive.

“It is also criticized for being a cult, a scam and a pyramid scheme,” the entry reads.

The Cobra Group and its multifariously named direct sales and marketing companies are probably best described as “multi-level marketing” schemes; that is, entities which often sell products and/or services of dubious quality, use high-pressure sales tactics and misleading if not deceptive advertising practices, and offer little to no employee payment for anything other than direct sales.

Even the most cursory amount of time spent searching the Internet for information on some of the companies named above (Appco Group, Cobra Group, Redwoods Advance, GDS International) reveals a mountain of bad press and horrible stories from former employees.

For example, Appco salespeople became known as “charity muggers” because they were trained to solicit donations on behalf of charities from random people on the street, and because media outlets later discovered that the people running Appco kept the majority of the millions of dollars they raised for the charities.

This exhaustive breakdown on the door-to-door sales industry traces Cobra and Appco Group back to a long line of companies that simply renamed and rebranded each time a scandal inevitably befell them.

Now it makes sense why Web Listings Inc. had so many confusingly-named domain names. And this might also explain the primary role of Mr. Scott’s business — the online reputation management company — in relation to the Cobra Group/Appco’s efforts to burnish its reputation online.

A partial screenshot of a mind map I used to keep track of the myriad connections between various Web Listings domains and their owners. This map was created with MindNode Pro for Mac.

Mark Scott did not respond to multiple requests for comment sent to various email addresses and phone numbers tied to his name. However, KrebsOnSecurity did receive a response from Cobra Group founder Chris Niarchos, a Toronto native who said this was the first he’d heard of the Web Listings scam.

“Mark used to provide some services to us but my understanding was that stopped a long time ago,” Niarchos said. “He used to own a marketing company that we supplied but that contract ended maybe 12 years ago. That’s how we met. After that he did start some internet based businesses where he sold services to us as a customer at arms length. That also stopped many years ago again as we did it all in house. As far as I know he did this for many companies and we were simply a customer of his. In my dealings with him we got what we paid for but never did we have any closer relationship than that.”


Two more small — possibly insignificant — but interesting things. First, if we go back and look at archived posts from in 2010, we can see a number of entries where he defends the honor of Cobra Group, Appco, and other multi-level marketing programs he supports, saying they’re not scams. If we go back further to 2008 and look at Mark Scott’s profile on, we can see at the bottom of the page a link called “Enquiries and Emails.”

Visiting that link brings up what looks like a public shaming page of emails apparently sent to Mr. Scott from scammers trying to set him up for some kind of fake check scheme in connection with renting one of the U.K. properties listed by his various travel accommodations Web sites. Click the “Contact” tab at the top right of that page and you’ll see Travel Scotland has a U.S. phone number that potential customers here in the states can use to make reservations toll-free.

That number happens to be in Connecticut. Recall that the address listed in the ownership records for many of the Web Listings domains tied to the “James Madison/Mark Carter” identities were for an address in Connecticut.

Finally, I wanted to mention something that has stumped me (until very recently) since I began this investigation a couple of years ago. There are two unexpected domains returned when one performs a reverse search on a couple of different persistent data points in the WHOIS registration records for the Web Listings domains. See if you can spot the odd duck in this list produced by running a reverse search at Domaintools on (the contact email address shown on the mailed letter above):

Domain Name Create Date Registrar 2010-08-03 enom, inc. 2007-04-24 ENOM, INC.,ENOM, LLC 2015-11-06 ENOM, INC.,ENOM, LLC 2007-04-23 ENOM, INC.,ENOM, LLC 2014-06-21 GODADDY.COM, LLC 2016-02-09 ENOM, INC.,ENOM, LLC 2015-11-06 ENOM, INC.,ENOM, LLC 2007-06-03 ENOM, INC.,ENOM, LLC 2007-06-03 —

Ten points if you said “” Now let’s run a search on the phone number for Mark Carter — the phony persona behind all the Web Listings domains registered to the Niagara Falls address — +1.716-285-3575. What stands out about this list?

Domain Name Create Date Registrar 2001-01-11 GODADDY.COM, LLC 2007-04-24 ENOM, INC.,ENOM, LLC 2015-11-06 ENOM, INC.,ENOM, LLC 2007-04-23 ENOM, INC.,ENOM, LLC 2014-06-21 GODADDY.COM, LLC 2016-02-09 ENOM, INC.,ENOM, LLC 2015-11-06 ENOM, INC.,ENOM, LLC 2007-06-03 ENOM, INC.,ENOM, LLC 2007-06-03 —

If you’re picking up an aquatic and marine life theme here, you’re two for two. That is actually the real phone number for the Aquarium of Niagara; the Web-Listings people just for some reason decided to list it in their WHOIS records as theirs.

It appears that a Scotsman named Robert Paul Graham Scott — perhaps Mark’s older brother — was in the same line of work (SEO and advertising) and pimping the exact same companies as Mark. According to a listing at Companies House, the official ledger of corporations in the United Kingdom, Paul Scott was for four years until Sept. 2019 a director in HMGT Services Ltd. (HMGT stands for the aforementioned HelpMeGo.To business).

Paul Scott’s own Internet presence says he lives in Perth — a short distance from Mark’s hometown in Blairgowrie, Scotland. Like Mark, Paul Scott did not respond to requests for comment. But Paul Scott’s Twitter profile — @scubadog_uk — shows him tweeting out messages supporting many of the same companies and causes as Mark over the past decade.

More to the point, Paul’s Website — — says he has an abiding interest in underwater photography, scuba diving, and all things marine-related.

33 thoughts on “Who’s Behind the ‘Web Listings’ Mail Scam?

  1. JimV

    What a fascinating deep-dive investigation you’ve apparently noodled on a LOT over the past few years, Brian — kudos!

    I’m waiting for the next chapter, if or when there’s some sort of reaction from the identified principal scammers…

    1. Lindy

      Whew, what a lot of work on this web of deceit.
      Thanks Brian.

      JimV…I am waiting to hear how much time they get after they are found guilty… ;-D

  2. Ray Antonelli

    I rec’d letters in the mail from firms like this.
    I could tell it was fake and it went into the round file post haste.

  3. Notme

    Thanks for the great read, I needed this today!

  4. Dennis

    Yep, got very similar bill from them before. And more than once.

    There’s also very similar scam going on in US, Brian. We get bills for the “fake” labor law posters, scaring us that the state will fine the business if we don’t order right away. What they don’t seem to tell you is that one can get those posters for free from the local state’s DOL website.

    I discovered recently that our comptroller was paying $300/yr to those scammers when we could’ve gotten those posters for free.

    And they have very similar wording with “this is not a bill” hidden somewhere in the small print. If you want I can email you a couple of samples of those. I’m collecting them now (just for fun.) They mail them to us diligently almost monthly 🙂

  5. Spamnation

    Excellent and useful analysis that answers so many questions.

    Given that they’re apparently based in Scotland, I suspect it’s not an accident that the logo shown on the letters looks rather like the Cross of St. Andrew on the Scottish flag.

    Do you have any insights into Internet Domain Name Services, another very similar operation that also sends paper mail, but uses domains such as,,, and

  6. David Hoium

    I agree with the other comments as to what a fantastic read. Thanks

  7. Joe bob

    It says it is not a bill so I don’t see how this is a scam. Don’t blame him there are ignorant and gullible people waiting to be taking advantage of just like all the big banks do to us every day

    1. Joe

      They try to make it appear legal by including that line.
      But that doesn’t necessarily make it legal. Having this somewhere in the small print and make everything else look like it is an official letter still makes it a scam.
      There are legal precedents for that.
      There cheap-a** attempts to make it appear ok just don’t cut it.

  8. Donna

    Fascinating! What a lot of hard work you put into following clues through this rabbit warren. I also appreciated your including the partial screenshot of your mind map; that in itself was intriguing. (Mind mapping software! A bit of improvement over the stacks of index cards I used to go through, back in the olden days!)

    Excellent work, yet again. Thanks for sharing your discoveries.

  9. Globaltel

    Very well informative. I can’t wait for them to be found guilty. Karma is real.

  10. Jim

    Illegal? I thought it was legal. Just like those addons you get in the phone bill, or the cable bill. And sounds like a legit business, of course he could be running out of countries where that grey area of business is legal, that are free. And that’s why the movements. Good story. Good job.

  11. Mark Scott

    I am not that Mark Scott, but as it’s a very common name, I have been amusing myself for years by keeping a casual note of mentions of namesakes as revealed by a persistent Google search.

    I though you might be interested to hear of one in Blairgowrie, Perthshire, whose name turns up quite often in connection with a pet food business. As I say, it’s a very common name, so this may or may not be the man you’ve identified.

    1. Calum

      The address used for that company is the same as the address used for a Mark Scott who was a director of HMGT Services. It appears to me that he owns the business centre at that location also.

  12. water

    It states so I really don’t see how this really is a scam, it isn’t a bill. Do not blame there are dumb and folks waiting to be taking advantage of just do to people daily

    1. Charles

      Why hello Paul and/or Mark! You make a very uncompelling argument that no one would agree with. The document may state that it’s a solicitation, however the blatant misrepresentation is absolutely the hallmark of a scam.

      You’re gross.

  13. Robert

    As a small businessman, I get a lot of letters like this that look exactly like bills, often from the government, offering to renew my business license, domain, trademark, EIN (!), etc. You have to be very careful. Some of them look real, and omit the “this is not a bill” statement.

  14. Charles

    Reminds me of those “bills” that used to get mailed out for fake Yellow Pages listings, back when printed-on-paper telephone directories were the highest technology available for advertising. It looked legitimate, and there was the same “This is not a bill” disclaimer at the bottom. The scammers hoped that no one would examine it closely, and that the Accounts Payable department would simply issue a check. But the directory in question was either never published, or only a few copies were printed and distributed in out-of-the way locations.

    A very, very old trick, just updated to refer to the latest technology, hoping that you’ll fall for it (or that your A/P department will fall for it).

  15. Tom

    Niagara Falls NY is loaded with UPS Stores intended for Canadians. Canada is 5 mins away and Toronto is 90 minutes.

    Mark Scott is the name of a Buffalo radio personality (WBFO), just 20 mins away. Bit of a red herring there.

    Your man knows the area and picks up checks locally.

    So why can’t the Cobra Group prove who he is, if they did so much business with him and he was so honest…and local?

  16. Chris M

    Brian, have you determined whether or not there’s a connection to Domain Registry of America / Brandon Gray Internet Services / The core domain slamming scam (snail mail ‘this is not a bill’ fine print invoices) is identical. DROA also utilized Niagra Falls (and I believe Buffalo, NY) mailing addresses.

  17. Angus

    Very entertaining! Thank you Brian, your investigative reporting linking people to online identities and assets is by far my favourite.

  18. NickDanger

    Not sure if it’s related, but recently a customer of mine forwarded spam they received from – it looks like these scammers are doing a more sophisticated version of the Chinese “trademark protection scam” that’s been going around for a few years now. I suspect that this scam will substantially more successful, since it actually has a professional-looking website behind it & the EMails aren’t riddled with “Engrish.”

  19. Chris

    Hey Brian, thanks for this post. I recently received a letter in the mail that was VERY similar to this scam that requested $160 for an annual LLC filing. In the fine print, the organization, “C.P.S.”, claimed to not be connected to any government agency but made the form look obligatory with a due date and all. It looked like a mandatory bill.

    This family of scams has probably been going on for years, and they’re completely legal right now.

  20. Domain Guy

    This is an absolutely fantastic analysis. There already were scams like the appraisal scams earlier and possibly even now(I think someone mentioned this on NamePros recently) that are bothering newbies. Many got saved somehow, but some people fall prey to such scams. I myself almost fell for the appraisal scam and remember telling my dad about how I was going to close a $2,400 sale when I came across this scam thread on one of the forums.

    And another scam like this. I wouldn’t be surprised if newbies at least would fall prey to this. It works on the same principle of converting(scamming) less than 1% out of the volumes of people they approach.

  21. Himanshu Mahajan

    As an eCommerce businessman, I get a lot of letters like this that look exactly like bills, often from the government, offering to renew my business license, and all that stuff, You have to be very careful. Btw the article is very helpful.

  22. M Doyle

    Obtaining monies by deception or misrepresentation is a criminal offence in the United Kingdom under the Fraud Act 2006.

  23. Brandon

    Hey, I went to that university in New Britain, Connecticut. I’d love to know during what years he was active there. Maybe I knew “James Madison” and never realized it.

  24. john

    Hello this is the opportunity i was waiting for, i will like to write for your site

  25. peter

    This is very informative, thank you. I noticed you put the focus on the learner, not the teacher, which means in order to really learn something the learner must be proactive and can’t expect the teacher to do it all for them. This is the main point of learning, isn’t it?
    Again thanks. Will make sure my students become aware of these wonderful ideas.

Comments are closed.