ADX TRANS EXPRESS Fraud

Don't Bear Internet Fraud

This criminal fraud website should not be confused with any other company of the same or similar name - the above screenshot of the criminal's website home page and the detailed evidence below are intended to identify this fraudster and this fraudster alone.

ADX TRANS EXPRESS scam is the latest fraud from the money laundering department of the well known 'rockphish' criminals who are currently operating as the zombie botnet hosted Green Tree (Warehousing) Ltd criminal fraudster as clearly evidenced by the same criminal registered zombie botnet nameserver ns1.sevengh.com and host IP (89.46.34.93) which confirms its criminal nature beyond any doubt even without any of the following damning evidence.

There is an identical active fraud website under the name International Bidding Solutions, once again zombie botnet hosted and using the same initial nameserver ns1.sevengh.com and on the same IP and with the same contact details.

If you are a registrar or a host who has received an abuse report concerning this criminal then please review the irrefutable evidence below and take prompt and permanent action to shut this criminal down.

If you've either received an active website link in an ADX TRANS EXPRESS fraud spam, or know of an active domain and it is not listed in the domain tables below, then please let us know by reporting it using the 'Report Active Domain' option in the title bar above.

Current Zombie Botnet Controller Hosts

PFA-BOSTAN-TUDOR-TEODOR (Jump.ro) - ns1.sevengh.com [89.46.34.93]

The above table shows the current providers of zombie botnet hosting services to the criminals and how long they have been providing them for. The decent ethical majority of service providers, (all credit to them - they are a pleasure to deal with), act within 1-24 hours of being informed of the criminal abuse of their system, (the best in less than 1 hour), but there are unfortunately some that, for whatever reason, do not. Any hosting company that remains in the above list for more than 48 hours has unfortunately not responded positively to abuse reports.

If you are an abuse team that has taken action, please let me know and I will immediately remove the above record.

ADX TRANS EXPRESS : Evidence of Criminal Fraud

i) The bogus ADX TRANS EXPRESS website is zombie botnet hosted as clearly demonstrated by the DNS data below. The initial criminal registered nameserver, (ns1.sevengh.com), is exactly the same as was used by the Green Tree (Warehousing) Ltd criminal fraudsters which clearly demonstrate the fact that they are one and the same criminal organisation. No legitimate company would use a zombie botnet to host their websites - Clear evidence of criminal fraud.

ii) The criminal's claim on their website above: "Founded in 2004". In their spam below they claim: "Founded in 1999". Despite their obvious confusion about when they were actually founded, their website domain adxtransexpress.cc was only registered with PUBLICDOMAINREGISTRY.COM (MyNick.Name) on 01-jul-2008. Clear evidence of criminal fraud.

iii) The contact details, (from the website):

ADX TRANS EXPRESS Corporate Headquarters

ADX TRANS EXPRESS Central Office

US
66 DEWBERRY LANE
PERRYVILLE
MD,21903
Fax : +13154105321

• - A Google search on the address "66 DEWBERRY LANE" (PERRYVILLE, MD, 21903) shows that exactly the same address was used for other incarnations of this fraudster, eg. EGT-Online Finance, Euro-Drop (IBS Corp), and International Bidding Solutions
• - A Reverse Phone Detective lookup on the Fax. number +13154105321 shows that it is listed for Syracuse, NY and not Perryville MD.
All clear evidence of fraud

iv) Note the usual spelling mistakes and grammatical errors common to these fraudsters, e.g. "Servises" for services in the above screenshot of the criminal's home page not to mention "Let the professionals make your business flourishing", "Take bring of your item to one of our stores nearby.", "Entrust your needless treasure to our specialists" and "When the auction is over we’ll send you your payment within 1020 days". Nearly three years seems a long time to wait for your money to me.... This is worse than the usual rubbish from these crooks. Certainly clear evidence of fraud.

v) The criminal's spams, (example below), spamvertise the usual part-time, work from home job that will inevitably turn out to be accepting payments into your private account and transferring them back to the criminals, less a percentage, using Western Union and Moneygram. Unfortunately, the criminals now do not explicitly spell them out in the spams to avoid incriminating themselves, but taken in conjunction with the rest of the evidence of criminality it is not difficult to infer the purpose.

The Spam

Online Sales and Operations Manager/Administrative assistant

ADX Trans Express, founded in 1999, is and international financial business which provides services to individual customers
all over the world with engaging Administrative Assistants.

Currently, we have positions available at the territory of Australia and New Zealand.
The part-time job which we propose does not require any special skills in financial business area.
We will be assisting you from your first step in the work process.
You do not have to spend much time to earn sufficient money to be added to your main income. If you have
good business position, are able to understand company's requirements, this job is right for you!
You have a real chance to become Administrative Assistant, get new experience, choose your working hours,
and salary amount.

Requirements to the candidate:

- - Ability to follow directions
- - Good responsibility to company requests
- - Age 21 and older
- - Status of a resident in the territory of the Australia/New Zealand/EU/USA
- - Internet access
- - Opportunity to spend no less than 2 hours for work per day
- - Honesty and responsibility in performing corporate tasks
- - Willingness to coordinate personal results, work independently

Advantages:

- - Opportunity to work from home
- - 3500 AUD a month as a beginner, based on a comission and depending on your results
- - Independent work and self control
- - Flexible schedule
- - Online assistance and training
- - No fee for starting to work

This may be your best opportunity!
Please feel free to submit the application. Visit our website:

www.adxexpressinc.cc

Feel free to apply now online(application form):

www.adxexpressinc.cc/rega.php

v) The Zombie Botnet DNS Data (Valid for domain adxexpressinc.cc)
Looking up at the 2 adxexpressinc.cc parent servers:

Zombie Botnet Nameserver	Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.sevengh.com [89.46.34.93]	210.205.208.193 67.160.54.252 69.216.133.214 85.178.248.110 125.139.235.178
ns2.sevengh.com [99.61.78.15]	Timeout - Fake nameserver, (never resolves).

The data shows a standard 5-IP site hosting zombie botnet where the nameserver ns1.sevengh.com hosted by PFA-BOSTAN-TUDOR-TEODOR (Jump.ro) on IP 89.46.34.93 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT). That is exactly the same criminal registered nameserver and host IP as was used for the Green Tree (Warehousing) Ltd fraud.

For an explanation of this form of hosting, please see The Zombie Botnet 'Host By Proxy'

The above evidence clearly demonstrates beyond any doubt that the criminal's website has been set up by money laundering and phishing criminals purely for the purpose of spamvertising an illegal money laundering 'mule' job. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of site theft, copyright offences, criminal money laundering activity and spamming - please don't delay - these criminals will not respond to any communication from you, (all their whois data is false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.

Do not be misled - these are professional criminals with a long history of fraud as detailed on the General Information page and are the same criminals as the 'rockphish' phishing fraudsters, so if a host or registrar shelters these crooks then they are also sheltering the 'rockphish' phishing fraudsters and aiding and abetting their criminal 'phishing' fraud activities.

ADX TRANS EXPRESS Fraudsters - current hosting details.

Current Main Domains, Hosts and Registrars

Domain

adxexpressinc.cc

Registrar

PUBLICDOMAINREGISTRY.COM (MyNick.Name)

Host IP Network /Botnet Nameserver Host

PFA-BOSTAN-TUDOR-TEODOR (Jump.ro) - ns1.sevengh.com

Host IP/Botnet Nameserver IP

89.46.34.93

Suspended

Current Zombie Botnet Nameserver Domains and Registrars

See table below for the full list of known active & suspended main domains used by this criminal.

List of all known domains used by the ADX TRANS EXPRESS Fraudsters

Domain

adxtransexpress.cc
adxexpressinc.cc

Criminal Registered Nameserver Domains

sevengh.com

Status

Suspended
Suspended

Active

Registrar

PUBLICDOMAINREGISTRY.COM (MyNick.Name) 01-jul-2008
PUBLICDOMAINREGISTRY.COM (MyNick.Name) 01-jul-2008

INTERNET INVEST, INC. DBA IMENA.UA (17-Jun-2008)

Please notify me of any errors or domains not listed here.

Notes for Registrars

i) The ADX TRANS EXPRESS criminal uses his own nameserver domains to control his zombie botnets or provide his DNS. By definition there can be no legitimate domains using his dedicated botnet nameservers & his conventional nameserver domains are always very recently registered. This provides an ideal database search option for you to identify and delete all of this criminal's fraud domains without any risk of hurting an innocent domain. All of the criminal's current botnet nameservers are - ns1.sevengh.com

ii) The criminal's domains have different false whois registration data.

iii) The criminal will not respond to your challenge but will use the notice to prepare a new network - immediate suspension is requested, please.

Blocking The spam

I have had quite a few queries about how to block the criminal's spam in Outlook Express. Fortunately they are easily detected using the OE 'Mail Rules' (Tools - Message Rules - Mail).

Rules based on the From, To etc addresses will never work as the header data is all forged. The message body remains constant, however & that can be used to detect them.

Use the rule "Where the message body contains specific words" and use "ADX Trans Express" as the search item then choose 'delete' (or whatever action you prefer) as the action then that will definitely detect every single one of these spams.

If you find this site helpful then please feel free to link to it on your website by inserting the following HTML code, (opens site in new window):
<a href="http://www.bobbear.co.uk" target="_blank">Money Laundering Fraud Websites</a>

Fraud Blog Initial entry 07th. July 2008

Later: The domain adxtransexpress.cc has been suspended by the registrar. No active domains known, if you know of an active URL for these criminals, please do let me know.

***Latest News*** 8th. July 2008
New domain notified by site contact - adxexpressinc.cc still hosted on the PFA-BOSTAN-TUDOR-TEODOR (Jump.ro) - ns1.sevengh.com [89.46.34.93] zombie botnet.

***Latest News*** 25th. July 2008
Both domains adxtransexpress.cc and adxexpressinc.cc now suspended - please let me know of any active domains.