Adiv Financial (Stolen Identity) scam

Adiv Financial (Stolen Identity) Fraud

Don't Bear Internet Fraud

This Adiv Financial criminal fraud website should not be confused with any other company with the same or similar name. The screenshot below and the following evidence defines this criminal alone. These criminals have stolen the website of the genuine company AES International for their fraudulent purposes as detailed below and have also stolen the identity of a genuine 'ADIV FINANCIAL PTY LTD' Australian company in a futile attempt to try and give their botnet hosted site some credibility.

Adiv Financial scam screenshot (Stolen Website & Identity) - 19-Feb-2010

Adiv Financial scam is yet another 'Rockphish' serial fraud consisting of a fake, (stolen), financial site used as a vehicle to legitimise a money laundering fraud job scam. The only reason it looks so glossy and professional is because the website has been stolen in its entirety from the genuine financial organisation AES International. That much is self evident and as such it is irrefutable evidence of fraud. The fake website is also hosted on a 'Fastflux' botnet using zombies that are also used for other frauds and also for 'phishing' fraud domains. It's not the only scam website this fraudster has produced using an identical MO. He has previous aliases of Paramount Finance, First Rate Finance, World Finance Group, Zeus Financial Group, Toll Finance, Range Financial Corporation, Adriatic Finance Services, Arena Financial Group, Rams International, Moranna, Zoom Financial Services and many others. This particular 'Rockphish' alias last appeared as the identical Landor Financial using the same stolen website content. Clear evidence of serial fraud. The fact that the website is hosted on a 'Fastflux' zombie botnet guarantees its criminal nature - no legitimate website is hosted on a zombie botnet.

The initial website fraud domain adivfinancial.com was only registered with the unresponsive registrar TODAYNIC.COM, INC. on 15-feb-2010 for the usual 'criminal's domain' minimum period of only one year and the crook has no genuine web presence at all, (not to be confused with the genuine company of the same name whose identity the criminal has stolen, as is their normal MO). All absolutely irrefutable evidence of fraud.

Current Zombie Botnet Controller Hosts

SingleHop, Inc. - ns1.condorbirt.com [69.175.58.251] - Notified 20-Feb-2010

The above table shows the current providers of zombie botnet hosting services to the criminals and how long they have been providing them for. The decent ethical majority of service providers, (all credit to them - they are a pleasure to deal with), act promptly when informed of the criminal abuse of their system, (the best in less than 1 hour), but there are unfortunately some that, for whatever reason, do not respond, do not act and in some cases clearly do not care. Any hosting company that remains in the above list for more than 48 hours has unfortunately not responded to abuse reports and may possibly be a 'blackhat' or even a criminal controlled host. N.B. - To ignore reports of criminal activity is an offence under US law codes, UK law and undoubtedly also under other country's legal provisions. Please be aware that complaints against unresponsive hosts are filed with upstream providers and that 'accessory after the fact' complaints are filed with law enforcment agencies after all contact attempts have failed.

If you are an abuse team that has taken action, please let me know so that I may remove the above record and update the data.

Evidence of Criminal Fraud:

i) Zombie botnet hosted: First and foremost, this criminal fraud site is hosted on a 5-IP 'FastFlux' 'Rockphish' zombie botnet as clearly evidenced by the DNS data. As no legitimate site is hosted on a zombie botnet this site is irrefutably defined as criminal. The zombies involved are also hosting other 'Rockphish' frauds such as his other aliases as listed above. Reverse IP data on the zombies involved shows other hosted 'Rockphish' domains and phishing URLs.

ii) Stolen website: It is obvious that the Adiv Financial criminals have stolen their entire fraud site from the genuine AES International and modified it for their own fraud purposes by adding the usual fake "Payment Protection" menu option - clear evidence of site theft and fraud.

iii) As the Adiv Financial criminals have stolen the website from the genuine AES International company, the content has no real relevance, although they claim on their 'About Us' page "Adiv Financial draw on unparalleled expertise, experience and resources to deliver positive change and the maximum possible benefit to our clients", but the fraudster's domain adivfinancial.com was only registered with the unresponsive Chinese registrar TODAYNIC.COM, INC. on 15-feb-2010 for the usual 'criminal's domain' minimum period of only one year. Clear evidence of fraudulent misrepresentation.

iv) Serial fraudster - this is just the latest zombie botnet hosted alias from the 'Rockphish' group as listed above and an identical alias to their Landor Financial scam.

v) As is usual for these criminals, a Google search shows that they have absolutely no internet presence at all despite the claim on their About Us page "Adiv Financial draw on unparalleled expertise, experience and resources to deliver positive change and the maximum possible benefit to our clients". Do not confuse the criminals with a genuine company of the same name whose identity these crooks have clearly stolen as is their normal practice from previous aliases.

vi) The 'Payment Protection Services' scam pre-amble from the website:

Payment Protection

When buying-selling operations via the Internet are concerned, the buyer and the seller don’t know each other and are placed in different corners of the world. Therefore it is important both to the buyer and the seller to ensure that their transaction is made safely. Payment Protection means receiving payments, documents, goods (it might be both the seller’s and the buyer’s) concerning the transaction by a reliable, experienced, impartial person - our Payment Protection agent. The agent will hold the funds and documents until all the terms of the deal are satisfied.
Please visit this page to learn more.

if you click on the above link, you are taken to this further page of information:

Protection

Benefits for Payment Protection Agents

The main chain of our Payment Protection service is a Payment Protection agent who is carefully selected before he is admitted to the job. We need agents all over the world that is why the majority of our agents work on a part-time basis from home, although there are agents who work full-time. Payment Protection agents get the commission for every successfully-completed transaction, which is 5-7% (depending on the quantity of processed transactions) from the amount of each transaction. As an agent, you will be granted 24/7 support and assistance from our help-desk in case of emergency. A secure online environment makes the work of a Payment Protection agent easier. Bank deposits and withdrawals are not taxable by EU/EU/US/AU law, making it a comfortable source of income.

Benefits for the seller

The seller must be ensured that while selling goods or services online he/she will eventually receive the payment. That is why online sellers turn to our company; on our behalf we garantee that if they sell online, they will receive payments according to the terms agreed upon in advance. Our company provides a safe environment for internet transactions making it easy for all participants to be completely protected.

Benefits for the buyer

The buyer must be ensured that while purchasing goods or services online he/she will eventually receive the item he/she paid for. Conducting online payments through our Payment Protection agents garantees a risk-free internet purchase, because Payment Protection agents release the payment to the seller only after all the terms of the agreement are satisfied and the required documents are processed.

Benefits for our company

Year by year the amount of e-commerce is increasing, the services of our company are becoming more and more demanded, which gives us an opportunity to expand our business and provide fast, secure and professional services. The more Payment Protection agents we attract the quicker we can perform Payment Protection procedures, as inner transfers take no more than an hour. The transaction time depends on the physical location of the sender and the receiver of the funds. Our agents get 5-7% from each transaction, while we get 3% more for our services, and that's how we benefit from the business to ensure a sustainable growth and development.

Please visit this page to learn more about Payment Protection Services Process

"Payment Protection" fraud is of course simply "Escrow" Fraud under a new name. "receiving payments" is simply receiving stolen funds to your bank account and transferring a balance back to these criminals, i.e. the classic money laundering mule function.

vii) The Spam:

Adiv Financial Pty Ltd,
67 Beard Street, Eltham,
3095, VIC, Australia.

Hello,
my name is John Allen and I am Adiv Financial hiring manager. We have found and carefully reviewed your CV at TotalJobs and decided to offer this job to you.

Our services
When buying-selling operations via the Internet are concerned, the buyer and the seller don't know each other (they may be placed in different corners of the world) - it is very important both to the buyer and the seller for their deal to be made safe. Payment Protection means receiving money, documents, goods (it might be both the seller's and the buyer's) concerning the transaction to a reliable, experienced, impartial person - our Payment Protection agent. The agent will hold all the documents and money until all the terms of the deal are satisfied and only then release them to the intended receiver.

Why we need Payment Protection agents
Having a Payment Protection agent in every country we can quickly transfer funds inside a country without wasting time on the international bank transfers, and continue our rapid growth rather than overwhelming our own bank account with inbound and outbound transactions leading to severe hold times and possible service interruption. It is time that is of significant importance to our clients.

Career and Benefits
Your main task will be receiving money transactions to any bank account you would like to use for the purposes of this job; and then forwarding these transactions to the next party of the Payment Protection process according to our instructions. You will benefit from the commissions, which are 5-7% of each transaction and depend on the quantity of the completed transactions and the speed of your work. Besides, you will be paid a basic salary of 1500 GBP per month.

For your convenience there will be no paychecks, your commission will remain in your account after every successfully completed transaction. The money transfer fee is not included in your commission, meaning that you will deduct it from the received amount, not from your commission. Also you receive 5-7% of the transaction amount. Normally the amounts that we process vary from 2,000 GBP to 10,000 GBP, but can go higher on special occasions.

Job details
As the financial activity in your area is not too high, a Payment Protection agent will be processing approximately 1-2 transactions per week. Each transaction requires approximately 4-5 hours of the agent work. Our manager always calls the agent beforehand to provide all the instructions. Therefore, with the due time management, the agent is able to combine this job with other activities (e.g. primary job or studies).

If you are ready to proceed, please provide us with your AVAILABLE phone number and our hiring manager (Stephen Holmes) will contact you shortly.

Please do not hesitate to contact us if you need more information.
--
Yours Sincerely,
John Allen,
Adiv Financial.

viii) It is the identical spam as used by this criminal's previous aliases.

The above spells out to you the crystal clear part-time, work from home money laundering mule position of accepting stolen funds, (hijacked from 'phished' bank accounts - these are the 'Rockphish criminals after all), to your personal bank account which will get your account closed, your assets frozen and will lose you all of the money that you send to the criminals. No legitimate company is going to advertise for this sort of trusted position among the untrained, inexperienced and uncertified general population overseas - it is clear evidence of criminal fraud.

ix) Fake 'Contact Us' Details from website:

Adiv Financial
67 Beard Street, Eltham
3095, VIC
Australia

E: info@adivfinancial.com

• - Note the lack of a telephone number.
• - The above details are simply the details of the genuine company that the crooks have assumed the identity of.

The above evidence clearly demonstrates beyond any doubt that the Adiv Financial website has been set up very recently by 'Rockphish' money laundering criminals purely for the purpose of spamvertising an illegal money laundering 'mule' job. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of criminal activity - please don't delay - these criminals will not respond to any communication from you, (all their whois data is false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.

Main Website Domains

adivfinancial.com

Registrar

TODAYNIC.COM, INC. (15-feb-2010)

Botnet Nameserver Domains

condorbirt.com

Registrar

MONIKER ONLINE SERVICES, INC. - 04-jan-2010

Nameserver Host

SingleHop, Inc.

Host IP

69.175.58.251

Active
Suspended/Disabled
Parked

Domain Whois Data [These are criminal registered domains and the registrant details are either fake or stolen - redacted where necessary]

   Domain Name: ADIVFINANCIAL.COM
   Registrar: TODAYNIC.COM, INC.
   Whois Server: whois.todaynic.com
   Referral URL: http://www.NOW.CN
   Name Server: NS1.CONDORBIRT.COM
   Name Server: NS2.CONDORBIRT.COM
   Status: clientTransferProhibited
   Updated Date: 15-feb-2010
   Creation Date: 15-feb-2010
   Expiration Date: 15-feb-2011
(Todaynic are not currently displaying whois data for their domains and they do not respond to abuse reports)

Registrar:     MONIKER ONLINE SERVICES, INC.
Status:        clientDeleteProhibited
Dates:         Created 04-jan-2010   Updated 14-jan-2010 Expires 04-jan-2011
DNS Servers:   NS1.CONDORBIRT.COM NS2.CONDORBIRT.COM

Domain Name: CONDORBIRT.COM
Registrar: MONIKER

Registrant [2443517]:
*******************
*******************
        nashville
        TN
        37220
        US

Administrative Contact [2443517]:
*******************
*******************
        nashville
        TN
        37220
        US
*******************

Billing Contact [2443517]:
*******************
*******************
        nashville
        TN
        37220
        US
*******************

Technical Contact [2443517]:
*******************
*******************
        nashville
        TN
        37220
        US
*******************

Domain servers in listed order:

        NS1.CONDORBIRT.COM         74.62.154.37
        NS2.CONDORBIRT.COM         195.214.135.11

        Record created on:        2010-01-04 11:50:40.0
        Database last updated on: 2010-01-14 09:25:06.373
        Domain Expires on:        2011-01-04 11:50:40.0

The Zombie Botnet DNS Data (Valid for domain adivfinancial.com)

DNS Lookup: adivfinancial.com A record
Searching for adivfinancial.com A record at d.root-servers.net [128.8.10.90]: Got referral to F.GTLD-SERVERS.NET. (zone: com.)
Searching for adivfinancial.com A record at F.GTLD-SERVERS.NET. [192.35.51.30]: Got referral to ns1.condorbirt.com. (zone: adivfinancial.com.)
Searching for adivfinancial.com A record at ns1.condorbirt.com. [74.62.154.37]: Reports adivfinancial.com.
Response:

Domain	Type	Class	TTL	Answer
adivfinancial.com.	A	IN	1800	174.49.161.92
adivfinancial.com.	A	IN	1800	67.149.103.60
adivfinancial.com.	A	IN	1800	71.61.187.95
adivfinancial.com.	A	IN	1800	117.96.64.151
adivfinancial.com.	A	IN	1800	150.216.95.29
adivfinancial.com.	NS	IN	1800	ns1.condorbirt.com.
adivfinancial.com.	NS	IN	1800	ns2.condorbirt.com.
ns1.condorbirt.com.	A	IN	1800	74.62.154.37
ns2.condorbirt.com.	A	IN	1800	195.214.135.11

Looking up at the 2 adivfinancial.com. parent servers:

Server	Response
ns1.condorbirt.com [74.62.154.37]	117.96.64.151 150.216.95.29 174.49.161.92 67.149.103.60 71.61.187.95
ns2.condorbirt.com [195.214.135.11]	Timeout

The data shows a standard 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.condorbirt.com hosted by Road Runner HoldCo LLC/servebydesign.net on IP address 74.62.154.37 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT/NSLOOKUP). See The Zombie Botnet 'Host By Proxy' for an explanation of this method of hosting.

***Latest News*** 19th. February 2010
Webpage created.

Later: News from servebydesign.net: The above botnet controller has been disconnected. The criminal is back up on a new botnet host:
Looking up at the 2 adivfinancial.com. parent servers:

Server	Response
ns1.condorbirt.com [204.152.223.207]	174.49.161.92 67.149.103.60 69.1.58.44 71.61.187.95 99.172.8.129
ns2.condorbirt.com [195.214.135.11]	Timeout

The data shows a standard 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.condorbirt.com hosted by OC3 Networks & Web Solutions, LLC/SystemInPlace SYSINPLC on IP address 204.152.223.207 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT/NSLOOKUP). See The Zombie Botnet 'Host By Proxy' for an explanation of this method of hosting.

***Latest News*** 20th. February 2010
The SystemInPlace botnet has been disabled and the crook is back up on the Singlehop IP 69.175.58.251:
Looking up at the 2 adivfinancial.com. parent servers:

Server	Response
ns1.condorbirt.com [69.175.58.251]	174.49.161.92 68.41.21.187 69.1.58.44 69.138.236.21 71.63.222.155
ns2.condorbirt.com [195.214.135.11]	Timeout

The data shows a standard 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.condorbirt.com hosted by SingleHop, Inc., on IP address 69.175.58.251 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT/NSLOOKUP). See The Zombie Botnet 'Host By Proxy' for an explanation of this method of hosting.