dslreports logo
    All Forums Hot Topics Gallery
spc
uniqs
815297
MGD
MVM
join:2002-07-31

1 recommendation

MGD to Twice Bitten

MVM

to Twice Bitten

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

said by Twice Bitten :

First, I want to thank you all for this thread. About 8 months ago I was hit by ATALA DESIGNS for a fraudulent charge of about $11.00. I googled the ATALA website which led me to this thread. I followed your excellent advice and canceled my CC, reported the fraud to my bank, and am now checking my statements on-line every 2-3 days.

I got hit again today by EXTRA PATH 800-385-8413 TX, for $9.01. Googled EXTRA PATH but couldn't find a website for them. However, I did find this: »800notes.com/Phone.aspx/ ··· jLO1ZUNw

*sigh* I just got off the phone with my bank to cancel and report fraud yet again. I also called the telephone #, which was just an anonymous voice-mail box...
Hey Twice Biltten, I am so glad that you remembered us from that Atala Designs fraud charge and came back to post this. Actually there was nothing familiar about your current charge, and even less about the site:

Extrapath.COM AKA EXTRA PATH 800-385-8413


»Extrapath.com/contactus.html
Snapped 2009-01-08 05:11:35


-----------------------------
CONTACT US

Phone: Toll Free (USA)
(800) 385-8413

• Important Note: For product questions please send us an email.
(Most questions are answered the same business day.)

Email: service@Extrapath.com

Mailing Address:
EXTRA PATH
10 S. Riverside Plaza
Chicago, IL 60606
-----------------------------

Especially since they are displaying products and not intangibles:


»Extrapath.com
Snapped 2009-01-08 05:35:56


But them I started to be bothered by this. For starters, there are a line of fraud victims over the years, who have reported cancelling and replacing their cards. Only to be hit again within a few months on their new card. Zenith5 See Profile is the most recent example of that: »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto I am always looking for changes and adaptations in this criminal operation, so I started checking EXTRA PATH aka Extrapath.COM a little closer.

The first problem was they also are coded to be blocked from search engine archiving with a robots.txt file.




Also they must be switching around merchant accounts, because the latest report from a few hours ago shows the line item as:
quote:
--- - 5 hours 4 minutes ago
I had a similar charge on my card "EXTRA PATH BROWNWOOD,TX" for $8.67. Calling my bank first thing in the morning.

»800notes.com/Phone.aspx/ ··· 5-8413/2

Also.. a report from a fraud victim in Australia:
quote:
Hi, I just registered here after Googling the exact same phone number - which appeared on my credit card, also! I'm in Australia and I was billed US$9.51 by the same company, which was a fraudulent transaction - it's a scam. Ask your bank to investigate it ASAP.

There are patterns with Extra path that fit the existing mold, and pieces that do not. However there has always been a morphing trend. Auditing the source code on the ordering page reveals that it is set to pass data to:
>https://secure.mania.lunarmania.com/~extra20/checkout.pl

however, the card fields are captured in text and you can submit blank orders without entering data. So I am not even sure if it is connected. This makes me cringe !!




Look at that EXTRA PATH listed address: 10 S. Riverside Plaza, Chicago, IL 60606

That is one of those virtual offices from Regus:




»www.regus.com/locations/ ··· =offices

From anywhere in the world for ~ $100 you get an address, mail and fax forwarding etc, a place to call a business home. How convenient!! Assuming they even rented one and are not just hijacking the address.

Let's look at the domain:


Registrant:
EXTRA PATH
10297 S DeAnza Blvd
Cupertino, CA 95014
US
.
Domain name: Extrapath.COM
.
Administrative Contact:
Battstone, Matthew service@Extrapath.com
10297 S DeAnza Blvd
Cupertino, CA 95014
US
+1.8005690292
.
Registrar of Record: TUCOWS, INC.
Record last updated on 16-Apr-2008.
Record expires on 16-Apr-2009.
Record created on 16-Apr-2008.
.
Domain servers in listed order:
NS2.LUNARMANIA.COM
NS1.LUNARMANIA.COM

.
What do you think is located at 10297 S DeAnza Blvd., Cupertino, CA 95014 ? Yep, another regus.com virtual office center:




»www.regus.com/locations/ ··· =offices

We could maybe call both locations and see if there is even an Extrapath renting there.

That problem is that yours and other victims charges show Texas on the line item. That entry is outside of the criminals control, and is where the merchant account originates. However the website claims Chicago and the domain is California. Of course there is no question that it is a fraud. But how did they manage to get a merchant account?. If you wish you can IM me the ARN and will try and have the merchant acquirer bank located.

Also, I am starting to find more and more that Extrapath not only to this fraud but also to that massive card pinging operation ongoing in Texas. Plus that REBATESOFT scam has connections to this also. On 12/10 gallowsroad See Profile posted about a fraud charge from rebatesoft: »[Credit Card Fraud] Rebatesoft however I can now confirm that it has nothing to do with rebatesoft.com it was rebatesoft.us. That is starting to tie into this crime syndicate also. These tangents do have unique patterns though. Many of the victims are getting fleeced after being pinged. Large charges follow, including Western Union cash transfer attempts. One case of the victim's card account address being changed. etc etc. I need to post a clarification on that rebatesoft thread.

Being hit with fraud charges on two different cards has always been a common theme going way back:
quote:
Posted: Wed Dec 24, 2008 9:31 am Subject: rebatesoft and others

--------------------------------------------------------------------------------

I too had a rebatesoft charge back in November so I canceled my card# and started using a different card from a different bank. Last week I got a notification from this bank (Chase)of a possible fraud attempt. I didn't see the details of the charge but as I recall it was only a buck or two and I think it was listed as some type of subscription related to the New York Times.
Two fraudulent charges in two months on two different cards is too much of a coincidence for me. So either this is a massive CC attack, or someone I'm doing business with is selling my CC number (or is being hacked).

»www.debtconsolidationcar ··· 482.html

More to follow on common links to all of these ...

MGD
MGD

2 edits

1 recommendation

MGD to Doctor Four

MVM

to Doctor Four
said by Doctor Four:

A post today on the Sunbelt Blog is related:

US FTC Goes After $10 M Micropayment Scam
quote:
The U.S. Federal Trade Commission has said it brought an action in U.S. Federal court that shuts down an identity theft scheme that stole more than $10 million from victims’ credit card accounts in small amounts and sent the money out of the country.

The scammers recruited 14 money mules to set up dummy corporations and open bank accounts to receive payments of $10 or less from victims’ credit card accounts. Each account was charged only once. The FTC said it did not know how the scammers obtained the victims’ credit card information.

The money mules, recruited via spam email, sent the stolen funds to bank accounts in Bulgaria, Cyprus, Estonia, Latvia, Lithuania, and Kyrgyzstan.

»sunbeltblog.blogspot.com ··· ent.html

The cybermule companies named are different, but the M.O. here is the same.
Outstanding catch Doctor Four See Profile, same Organized Crime Syndicate, long ago tied directly to many of the names which are mentioned below. In various sections of the thread many are referred to
as the 3 letter "Toll Free Group", read on:
said by Snowy:

said by Doctor Four:

A post today on the Sunbelt Blog is related:

US FTC Goes After $10 M Micropayment Scam

direct link to FTC press release
»www.ftc.gov/opa/2010/06/ ··· ele.shtm
Thanks for the link. Snowy See Profile

[Note the FTC case file is labeled as (FTC File No. 0923051)(Adele Services)]

Actually, they are part of the Organized Crime Syndicate's multiple hub and spoke fraud operation, and many of the names are listed in this thread. Unfortunately the Chicago branch of the FTC has only taken a tiny bite out of the huge apple. It is as if they have reached into a 20LB. bag of ice and puled out a handful of cubes. While I congratulate the Chicago office of the FTC and what they have done. However this action amounts to a minor hiccup within the entire operation of the OCS. Not only has it not been shut down, it is flourishing, hundreds of thousands of dollars are still leaving the US every week en route back to the OCS. The FTC really needs to speak with other three letter government agencies whose primary focus is on criminal action and not civil. They can best describe to the FTC the larger and global picture of what is going on.

In defense of the FTC, the entire hub and spoke format of the syndicate's network, is, by design, configured to obfuscate and hide the entire scope of the global operation. Thus any infiltration will be unlikely to lead to a complete exposure without comprehensive and in dept forensics being performed.

In fact, during their investigation had the FTC just Googled the country names where they then knew the fraud proceeds were being wired to, they would have found almost several pages of almost 70 fraud alert listings from me of fraud entity names that were not on their list:»www.google.com/search?q= ··· filter=0




The FTC is in good company though, investigations in the past into the "Digital Age" and "Pluto Data" mass fraud charging also failed to unearth the full scope of the operation.

quoted from news articles:

.."U.S. consumers footed most of the bill for the scam because, amazingly, about 94 percent of all charges went uncontested by the victims."

Over a much larger and longer period sample, the percentage is between 80% to 85%.

.." According to the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed."

Using the same time period that the FTC is referring to, 2004 to now, the actual number is well over 20 times that amount. Well in excess of $250 to $300 million in fraud proceeds, .25 billion, and well over 50 million cards fraudulently charged. If you add in the associated costs of the fraud including an industry average of $15 to $20 for institutions to replace a compromised card then the total cost to date could well be barking at $1 billion.

.."Typically they floated just one charge per card number, billing on behalf of made-up business names such as Adele Services or Bartelca LLC."

Absolutely not true, over a very small sampling period it may appear as "floated just one charge per card number", however if you examine a much larger transaction time period of the card you will see that in the vast majority of the cases victims will be continually charged month after month. I have seen as many as 16 fraud charges on a single card over an 18 month period.

The FTC action is titled ADELE SERVICES, you can see here where cross charging between Adele and an already known and confirmed syndicate site of "Looper Enterprises"




An initial cursory review of the FTC's documents, raises questions about the some of the behavior of the cyber-mules. Though the OCS will never confide in a cyber-mule about the fraud, I always checked on how the cyber-mule set up the entities to see if they tried to hide or obfuscate the set up. My theory in sizing up the cyber-mules in advance was that if the business set ups were hidden and difficult to trace then that indicated to me that the cyber-mule was suspicious of the deal and might be indicative of some culpability. The cursory review of the FTC documents clearly indicate to me that some of the cyber-mules created hidden and hard to trace trails. That indicates to me suspicious behavior. Some of these business entities had over 70 business bank accounts. Who in their right mind would think that a business needing 70 bank accounts was engaged in anything remotely legitimate.

==============================================

API Trade, LLC, a Pennsylvania limited liability company incorporated in 2006, which has at least four bank accounts in its name; API's registered office address is 9926 Haldeman Avenue, #45 B, Philadelphia, Pennsylvania 19115

ARA Auto Parts Trading LLC, a limited liability company, which has at least two bank accounts in its name; ARA's principal address is 14202 Barcalow Avenue, Philadelphia, Pennsylvania 19116

Bend Transfer Services, LLC, a Nevada limited liability company incorporated in 2007, which has at least thirty bank accounts in its name; Bend's registered office address is 21285 East Highway 20, #169, Bend, Oregon 97701.

B-Texas European, LLC, a Texas limited liability company incorporated in 2006, which has at least sixteen bank accounts in its name; B-Texas' registered office address is 701 Brazos Street, Suite 1050, Austin, Texas 78701. B-Texas also conducts business at 8070 County Road, 603, Brownwood, Texas 76801.

CBTC, LLC, a Delaware limited liability company incorporated in 2007, which has at least four bank accounts in its name; CBTC's registered office address is 151 Evergreen Drive, Dover, Delaware 19901. It also conducts business at 9926 Haldeman Avenue, #45 B, Philadelphia, Pennsylvania 19115.

CMG Global, LLC, a Pennsylvania limited liability company incorporated in 2006, which has at least eleven bank accounts in its name; CMG's registered office address is 7400 Roosevelt Boulevard, #52602, Philadelphia, Pennsylvania 19115. It also conducts business at 7400 Roosevelt Boulevard, Apartment A303, Philadelphia, Pennsylvania 19152 and P.O. Box 52602, Philadelphia, Pennsylvania 19115.

Confident Incorporation, a California company incorporated in 2002, which has at least three bank accounts in its name; Confident's registered office address is 17800 Castleton Street, Suite 386, City of Industry, California 91748. Confident also conducts business at 30616 Sand Trap Drive, Agoura Hills, California 91301.

HDPL Trade LLC, a Pennsylvania limited liability company incorporated in 2008, which has at least nine bank accounts in its name; HDPL's registered office address is 1143 Northern Boulevard, #263, Clarks Summit, Pennsylvania 18411.

Hometown Homebuyers, LLC, a Texas limited liability company incorporated in 2002, which has at least thirty-seven bank accounts in its name; Hometown's registered office address is 413 East Highway 121, Lewisville, Texas 75057. It also conducts business at 8070 County Road 603, Brownwood, Texas 7680l.

IAS Group LLC, a California limited liability company incorporated in 2008, which has at least five bank accounts in its name; Highway 121, Lewisville, Texas 75057. It also conducts business at 8070 County Road 603, Brownwood, Texas 7680l.

IHC Trade LLC, a New York limited liability company incorporated in 2007, which has at least seventy-one bank accounts in its name; IHC's registered office address is 5823 North Burdick Street, East Syracuse, New York 13057.

MZ Services, LLC, an Arizona limited liability company incorporated in 2004, which has at least fifty-three bank accounts in its name; MZ Services's registered office address is located at 2910 North Casa Tomas Court, Phoenix, Arizona 85016.

New World Enterprizes, LLC, a New Jersey limited liability company incorporated in 2005, which has at least fourteen bank accounts in its name; New World's registered office address is 115 Magnolia Avenue, Suite 10, Jersey City, New Jersey 07306. New World also conducts business using the following addresses: (1) 441 Tomlinson Road, Apartment G 12, Philadelphia, Pennsylvania 19116, (2) P.O. Box 2645, Newark, New Jersey 07114, (3) 2400 East 3rd Street, Apartment 705, Brooklyn, New York 11223, and (4) 504 Florida Grove Road, Keasby, New Jersey 08832.

Parts Imports LLC, a Louisiana limited liability company incorporated in 2006, which has at least forty-two bank accounts in its name; Parts Imports' registered office address is 617 Elm Drive, Bogalusa, Louisiana 70427.

SMI Imports, LLC, a Florida limited liability company incorporated in 2006, which has at least fourteen bank accounts in its name; SMI's registered office address is 2329 North Tamiami Trail, Apartment #10, Sarasota, Florida 34234. SMI also conducts business at 8122 45th Court East, Apartment 7, Sarasota, Florida 34243.

SVT Services, LLC, a New York limited liability company incorporated in 2008, which has at least eight bank accounts in its name. SVT's registered office address is 800 East 13th Street, Apartment K, Brooklyn, New York 11230.
==============================================





According to the FTC the above companies had merchant accounts and billed under the following names:




==============================================
ACM »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Adele Services
»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

»www.google.com/search?hl ··· gs_rfai=

Advanced Global Tech
AEI
Albion Group
Alpha Cell

ALS
ALS LLC


»www.google.com/search?q= ··· =en&sa=2

ALS cross charges a victim who 24 hours earlier was hit by Eatemplates.com AKA EA Web Designs 434-878-3659





BEI
BIT
BusinessWorks
Center Company
Centrum Group
CFM
CFR
COS
Data Services
Den Enterprises
Dgen
Digest Limited
Don Partners
DwellTech
Edge
ESTA
Eureka

Extra Path

»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Form Limited
Foto Fast
Gamma

GFDL

»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

GLOBO
Green Stone
Harry Dean

HBS

»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

HBS was identified by multiple victims as cross charging with known OCS entities. Including this September 2009 posting showing "HBS" and "Daye Traffic" and "CJ Financials" all hitting the same victim's card:





CJ Financials was subsequently linked to a cyber-mule LLc in Maryland: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto and of course "Daye Traffic" was tied to a cyber-mule KEVIN L. DAYE in Nebraska »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Home Port

Homebase

»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

ICH Services
IHS
Image Company
Image Services
IPS
ISSO
IVA
Lang Group
Light Flow
Link Group

Link Services

»www.google.com/search?hl ··· gs_rfai=

Another one of numerous cross charges which ties the Organized Crime Syndicate's operation together. "LINK SERVICES" on the FTC's list and "Daye Traffic" a known OCS bothe hit the same victim's card sequentially:
quote:
...Just got my credit card statement with a fraudulent charge of $9.00 on it from "LINK SERVICES" out of California with the phone number of 866-473-8739. I also got one from "DAYE TRAFFIC LLC" with the phone number of 402-408-6643.





»Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

DAYE TRAFFIC was one of numerous identical floral themed fraud charging websites

List Services
Mark Silver
MARX
Mera
MFG
Name Services
NETT
New Eight
Office Development
Office Services
OM Extra
ONE
Online Group
Prc Services
Presi
Rasna
RSIPartners
RSS Inc.
Safeworks
Search Company
Search Management
Search Services
SFR
Sigma
Site Group
Site Management

Site Services


»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Source Limited
Standard Six
SYS INC
System Development
Terra
THQ
TIMO
TLC Inc.
Union Green
United Services
VIVOS
WELLE
Will Services
World Trade
World Wide Services
YES

==============================================
Back in 2008 I posted how even the folks at 800notes.com had noticed the well known obfuscation tactic by the OCS of post seeding the phone numbers of the fraud entity:


800NOTES

Credit Card Thieves Trying to Hide Their Trails

30 Jun 2008

We have recently discovered that many phone numbers, reported to be connected with unauthorized charges, are being targeted by spammers, who come to the website and make unrelated postings to the discussion threads.

At first it didn’t make any sense, we would see a thread where almost every user was reporting something completely different than all the others. Some said that the number belongs to a collection agency, some claimed that a telemarketer calls from it, others reported that the number belongs to a newspaper subscription service.

After a while a pattern emerged, all of these threads had one thing in common: “true” users were reporting unauthorized charges while other postings were made by bots.

We started to monitor the threads and discovered that someone has been spamming these particular discussions. It seems they do it for one purpose: to confuse the audience and keep it off track.

In many cases they even create a discussion thread for a particular number well in advance before any fraudulent charges are noticed and reported. They then spam it with unrelated postings. Like, for example, in this thread the first posting was made on Feb 16th2008, and then only on March 5th users started reporting strange transactions (we didn't remove the 'bot' postings for demonstration purposes and will clean it up shortly).

We are now building the list of the phone numbers that match this pattern and so far have 60 phone numbers responsible for fraudulent charges. All the numbers are from 888, 877, 866, and 800 area code.

The fraudulent charges are placed using the following company names:'Link Services', 'Link Group', 'Source Limited', 'System Development', 'HBS', 'Electronic Business Resources', 'Image company', 'World Wide Services', 'World Trade', 'ICS Services', 'Homebase', 'Home Port', 'DEN Enterprises', 'EST Company', 'BEI', 'Site Services', 'Search Services', 'ESTA', 'SENSATE TECHNOLOGY', 'Market Billing', 'MCA Templates', 'Web Templates', Will Services, 'Office Services', 'Terra', 'World Development', 'UNITED SERVICES', 'SITE DEVELPOMENT', 'ALS', 'Mera', 'Search Management', 'ONLINE GROUP', and 'ACM'.

We are looking into ways to prevent them from posting. If you find a thread with the pattern described above, please use the 'Report Abuse' button to alert us.
Ref:»800notes.com/news/Lvz7S1 ··· jKqPx8Ag



You can clearly see how the seeding tactic was used across the entire range of groups, including the Orange template group, and including those listed by the FTC.

Not only has the current FTC action not even come close to shutting the operation down, being generous, it barely covers 5% of the known activity.

On the surface the FTC found that some of the fraud proceeds were used to pay for the set ups and support services.

Note Red underline:




If the FTC had of dug a lot deeper, they would have found that in one instance alone over $15,000 from the fraud charging proceeds of just one fraud entity were transferred from a Bank of America business account to buy an entire sequence of prepaid debit cards in $500 and $300 increments. These purchases were made in two trips where the cyber-mule was directed by the crime syndicate to a specific mall in Texas, and told to buy the prepaid cards at a Simon Group Mall store:




The Organized Crime Syndicate then had the cyber-mule go online and register the $15,000 worth of prepaid debit cards to various names and addresses which they provided to the mule via email. Once the mule completed the online registration of the prepaid cards then they could be used by the criminals directly from Eastern Europe to go online and purchase anything the wanted in the US. This is a form of "Virtual Money laundering" that the FBI has been loudly complaining to Congress and the banking industry about for some time now. It has been impossible to track this form of virtual money laundering, since no "money" physically moves between countries or banks. If you have noticed how difficult it has become recently to buy a prepaid debit card anonymously this should explain why. Criminals and money launderers have taken to to the prepaid debit card system like a duck to water. So much so that new legislation is about to go in effect shortly that requires all prepaid debit card purchases to be documented, including the recording of identity submits used to make the purchase.

Subsequent tracking of the OCS's card data above showed that it was used to pay for numerous forms of criminal support services, including hosting at GoDaddy, Voip phone service from Vonage, and online registration services for other fraud LLCs and corporations.

Obviously the FTC has apparently tracked the fraud proceeds from the group going to "bank accounts in Bulgaria, Cyprus, Estonia, Latvia, Lithuania, and Kyrgyzstan."





You can place a strong bet that if the FTC were to run these known bank wire drops of the Organized Crime Syndicate, where the card fraud proceeds were tracked going to against their own FTC list, bells should ring from the matching hits:
==============================================
Beneficiary Name: BETA-METAL LTD
Beneficiary Address: Grushevskogo 28/2, Kyev, Ukraine. 01021
IBAN: LV55 RTMB 0006 0380 6245
(multicurrency)
Bank: JSC Rietumu Banka
Bank address: 54 Brivibas street, Riga, LV-1011,
LATVIA S.W.I.F.T.: RTMBLV2X
==============================================

==============================================
Beneficiary Account: Name: VIDESS S.A No.: 073725
IBAN: CY2011501002073725USDCACC001
Beneficiary Bank: FBME BANK Limited,
Nicosia, Cyprus
Swift Code: FBMECY2N
Correspondent Bank: Deutsche Bank Trust Company,
New York, USA Swift
Code: BKTRUS33
Account No: 04-053-863
==============================================

==============================================
Beneficiary's Bank Name: FBME BANK Limited
Beneficiary's Bank SWIFT code: FBMECY2N
Beneficiary's Bank Address: Nicosia, Cyprus
Beneficiary Account: CY5611501002074923USDCACC001
Beneficiary Name: WESTA HOLDINGS LTD
==============================================

==============================================
NAME OF COMPANY : MARMION PACIFIC CORPORATION
COMPANY ADDRESS : 95 Athalassas Avenue
3rd Floor, CY-2024, Nicosia, Cyprus

BANK NAME : BANK OF CYPRUS
BANK ADDRESS : 28 Michalakopoulou Street,
CY-1075 Ayji Omologitae, Nicosia
Account number : 0155-40-642688-06
SWIFT : BCYPCY2N
==============================================

==============================================
Beneficiary's Bank Name: EUROBANK PLC
Beneficiary's Bank SWIFT code: EUBKBGSF
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria
Beneficiary Account: BG96PIRB91701745144579
Beneficiary Name: Inowest Enterprises Inc
==============================================

==============================================
Beneficiary's Bank Name: Piraeus Bank
Beneficiary's Bank SWIFT code:
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria
Beneficiary Account: BG73PIRB74051735052201
Beneficiary Name: Midtown Intergroup Ltd.
==============================================

==============================================
Beneficiary's bank name: ASIAUNIVERSALBANK
Beneficiary's Bank SWIFT code: ASUJK22
Bank address: 59, togolok moldo str., 720033,
BISKHEK, KYRGYZSTAN REPUBLIC
Beneficiary account: 1231128530000131
Beneficiary name: Inowest Enterprises
Beneficiary address: same as bank address
==============================================

==============================================
Intermediary bank:

NATIONAL BANK OF CANADA
MONTREAL, CANADA
ACC. 10233724000200101
SWIFT code: BNDCCAMMINT

Beneficiary Bank:
Trasta Komercbanka (Trust Commercial Bank)
Miesnieku iela 9, Riga LV 1050, Latvia
SWIFT code: KBRBLV2X
Beneficiary:
Name: VELNAR TRADE LLP
Account number: LV40KBRB1111212307001
Address: Cornwall Buildings, Birmingham, B3 3QR, UK
==============================================

==============================================
Beneficiary's Bank Name: Parex banka.
Beneficiary's Bank SWIFT code: PARXLV22.
Beneficiary's Bank Address: 3, Smilshu str., Riga, LV-1522, Latvia.
Beneficiary Account: LV83PARX0009490320001.
Beneficiary Name: Omtron Limited.
Beneficiary address: 60 market Square P.O.Box 1906, Belize City, Belize
==============================================

==============================================
Benificiary's Bank Name: Hellenic Bank
Benificiary's Bank SWIFT code: HEBACY2N
Benificiary's Bank Address: 173, Athalassas Ave. Stovolos, 2025, Nicosia, Cyprus
Benificiary's Account: CY69005001400001400734734801
Benificiary's Name: Omtron Limited
Benificiary's Address: 60 Market Square P.O. Box 1906, Beliz City, Beliz
==============================================

==============================================
Beneficiary's Bank Name: Parex banka
Beneficiary's Bank SWIFT code: PARXLV22
Beneficiary's Bank Address: 3, Smilshu str., Riga, LV-1522, Latvia
Beneficiary Account: LV83PARX0009490320001
Beneficiary Name: Omtron Limited
Beneficiary address: 60 market Square P.O.Box 1906, Belize City, Belize

Detail of the payment:
Law and consulting services.
Description: Consultations on introduction of accounting system of
documents. Documentation creation. Processing and filling
==============================================

==============================================
Beneficiary’s Bank Name: Aizkraukles banka
Beneficiary’s Bank SWIFT code: AIZKLV22
Beneficiary’s Bank Address: Elizabetes 23, LV-1010, Riga, Latvia.
Beneficiary Account: LV29AIZK0001140110388
Beneficiary Name: DIMELFIELD MANAGEMENT LTD
Beneficiary address: Geneva place Waterfront Drive Road, Town Tortola,
British Virgin Islands
Detail of the payment: For law consulting invoice 29072009/1
==============================================

==============================================
Please pay via Bank Wire Transfer (SWIFT transfer) to:

BANK: BANCO POPULAR DOMINICANO
BANK ADDRESS: TORRE POPULAR FLOOR 4 AVENIDA JOHN F. KENNEDY/MAXIMO GOMEZ
BANK CITY: SANTO DOMINGO
BANK COUNTRY: DOMINICAN REPUBLIC
SWIFT CODE: BPDODOSXXXX
ACCOUNT NUMBER: 735904526
ACCOUNT HOLDER: FREE WAY CORPORATION C por A
ACCOUNT HOLDER ADDRESS: CALLE B, CASA 17, SANTO DOMINGO, DOMINICAN REPUBLIC
REASON FOR PAYMENT: PAYMENT FOR SERVICES / PAGO DE SERVICIOS
The account currency is USD, so please execute the wire in USD
==============================================
.

MGD