Carex Estate Ltd Fraud
Report
Active
Domain
Don't Bear Internet Fraud
Home
Bobbear Icon
Carex Estate Ltd scam website screenshot (06-Sep-2009)
Carex Estate Ltd scam website screenshot (06-Sep-2009)
This Carex Estate Ltd criminal fraud website should not be confused with any other company of the same or similar name. The above screenshot and the following evidence defines this criminal alone. 

Carex Estate Ltd is the latest fraud from the money laundering department of the well known 'Rockphish/Asprox' phishing criminals and is hosted on a standard 'Rockphish' site hosting zombie botnet using the recently registered initial fraud domain carex-ltd.com (XIN NET TECHNOLOGY CORPORATION (08-jul-2009)) - no legitimate website is hosted on a zombie botnet. The purpose of the website is to lend an air of legitimacy to a spam campaign intended to recruit money laundering mules. Despite their website claims of being in the business since 2001, their domain was only recently registered for the usual 'criminal's domain' minimum period of only one year, they have no Google internet presence whatsoever, and their location/contact details are easily demonstrated to be fake.
Current Zombie Botnet Controller Hosts

 - ns1.coolfol.com []

The above table shows the current providers of zombie botnet hosting services to the criminals and how long they have been providing them for. The decent ethical majority of service providers, (all credit to them - they are a pleasure to deal with), act promptly when informed of the criminal abuse of their system, (the best in less than 1 hour), but there are unfortunately some thatfor whatever reason, do not respond, do not act and in some cases clearly do not care. Any hosting company that remains in the above list for more than 48 hours has unfortunately not responded to abuse reports and may possibly be a 'blackhat' or even a criminal controlled host. N.B. - To ignore reports of criminal activity is an offence under US law codes, UK law and undoubtedly also under other country's legal provisions. Please be aware that complaints against unresponsive hosts are filed with upstream providers and that 'accessory after the fact' complaints are filed with law enforcment agencies after all contact attempts have failed. It's only fair to the victims of these criminals.
If you are an abuse team that has taken action, please let me know so that I may remove the above record and update the data.

Carex Estate Ltd: Evidence of Site Theft and Criminal Fraud

N.B. - Check tables and ***Latest News*** items for domain and hosting updates.

i) First and foremost the Carex Estate Ltd fraud website is hosted on a standard 'Rockphish' site hosting zombie botnet as evidenced by the DNS DataNo legitimate company would use a zombie botnet to host their website - irrefutable evidence of criminality.

ii) A webcheck shows that Carex Ltd. are not registered in the NY state business register, clear evidence of a fake company. Check for yourself.

iii) They claim in the above screenshot "Carex Ltd was established in 2001" but their domain carex-ltd.com was only registered with the criminal's favourite unresponsive Chinese registrar, XIN NET TECHNOLOGY CORPORATION on 08-Jul-2009 for the usual criminal's domain minimum period of only one year - a clear indication of a fraud domain.

iv) A Google search for "Carex Ltd" shows that this crook has no web presence whatsoever. Not to be confused with any other company of the same name.

v) Passive DNS replication checks on the zombies listed in the DNS data below link this fraud to other 'Rockphish' group scams and include numerous phishing links.

vi) Fake contact details from the fraudulent website: (These crooks are not a registered company in New York, so their details are pretty well guaranteed to be bogus)

Contacts

Address:
Carex Ltd.
is located in the Midtown area
at 186 Elizabeth Street,
New York, New York 10019,
United States

Phone numbers:
212-245-7564
212-265-7565 (FAX)

•  - A Google search for the address "186 Elizabeth Street, New York" returns no results.
•  - A Google Maps search for the address "186 Elizabeth Street, New York" returns no results.
•  - A USPS zipcode search for the address "186 Elizabeth Street, New York" returns the message "The address you provided is not recognized by the US Postal Service as an address we serve. Mail sent to this address may be returned". There is no 186 Elizabeth Street, it is a fake address.
•  - Elizabeth Street, (NoLIta), is downtown New York, not midtown New York. (It's in the area supposedly referred to by Petula Clark in her hit "Downtown").
•  - A Google Search for the telephone number "212-245-7564" returns only the crooks own fake website.
•  - A Google Search for the telephone number "212-265-7565" returns only the crooks own fake website.
All clear evidence of fake details.
vii) The Website Job:
Regional agent
Responsibilities:

Search and placement of realty objects in the company database, follow-up on bargains, performing online presentations.

Responsibilities:

    * Age 21 up
    * Available free time (3-4 hours daily)
    * High communicative abilities
    * Knowledge of basic programs (Internet, mail clients)

What we offer:

    * Salary consists of base part + percent
    * Variable percent rate
    * Medical insurance
    * Bonuses are applicable
A 'cloaked' job as they often are these days - they are only spelt out once you have made contact, but note the part-time, work from home nature and bear in mind the clear and irrefutable evidence of a criminal fraud zombie botnet hosted website - you do not have to be Hercule Poirot to work out the criminal nature of the proposed 'job' - the "percent rate" will be 10% of every successfully processed money transfer - do not be fooled.
The above irrefutable evidence clearly demonstrates beyond any doubt that the Carex Estate Ltd website has been set up on a zombie botnet by the 'Rockphish' group for criminal fraud purposes and is directly related to all the other Rockphish/Asprox money laundering/phishing criminal fraudsters' aliases documented here. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of site theft, criminal deception and spamming - please don't delay - these criminals will not respond to any communication from you, (all their whois data is false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.

 Do not be misled - these are professional criminals with a long history of fraud as detailed on the General Information page and are the same criminals as the 'Rockphish/Asprox' phishing fraudsters, so if a host or registrar shelters these crooks then they are also sheltering the 'Rockphish/Asprox' phishing fraudsters and aiding and abetting their criminal 'phishing' fraud activities. N.B. - To ignore reports of criminal activity is an offence under US law codes, UK law and undoubtedly also under other country's legal provisions.

Carex Estate Ltd Fraudsters - current hosting details.

Current Main Domains, Hosts and  Registrars
Domain

carex-ltd.com
 Registrar

 XIN NET TECHNOLOGY CORPORATION (08-Jul-2009)
 Host IP Network /Botnet Nameserver Host

Current Zombie Botnet Nameserver Domains and Registrars
Nameserver Domain

coolfol.com

 Nameserver Domain Registrar

INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM (19-Aug-2009)
 Host IP

See table below for a list of all known active & suspended main & nameserver domains used by this criminal.

List of all known domains used by the Carex Estate Ltd Fraudsters 

Domain

 carex-ltd.com

Criminal Registered Nameserver Domains

coolfol.com
 Status

Active



Active
 Registrar

XIN NET TECHNOLOGY CORPORATION (08-Jul-2009)



INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM (19-Aug-2009)

Please notify me of any domains not listed here.

Notes for Registrars

i) The  Carex Estate Ltd criminal uses his own nameserver domains to control his zombie botnets or provide his DNS. By definition there can be no legitimate domains using his dedicated botnet nameservers & his conventional nameserver domains are always very recently registered. This provides an ideal database search option for you to identify and delete all of this criminal's fraud domains without any risk of hurting an innocent domain. The criminal's current botnet nameserver domain(s) are listed in the above table.

ii) The criminal's domains have different false whois registration data.

iii) The criminal will not respond to your challenge but will use the notice to prepare a new network - immediate suspension is requested, please.
The Zombie Botnet DNS Data (Valid for domain carex-ltd.com)

DNS Lookup: carex-ltd.com A record
Searching for carex-ltd.com A record at b.root-servers.net [192.228.79.201]: Got referral to L.GTLD-SERVERS.NET. (zone: com.)
Searching for carex-ltd.com A record at L.GTLD-SERVERS.NET. [192.41.162.30]: Got referral to ns2.coolfol.com. (zone: carex-ltd.com.)
Searching for carex-ltd.com A record at ns1.coolfol.com. [63.223.110.82]: Reports carex-ltd.com.
Response:
DomainTypeClassTTLAnswer
carex-ltd.com.AIN180085.102.118.64
carex-ltd.com.AIN180093.103.186.245
carex-ltd.com.AIN180075.59.215.83
carex-ltd.com.AIN180080.99.167.132
carex-ltd.com.AIN180083.25.134.40
carex-ltd.com.NSIN1800ns2.coolfol.com.
carex-ltd.com.NSIN1800ns1.coolfol.com.
ns1.coolfol.com.AIN180063.223.110.82
ns2.coolfol.com.AIN180066.249.15.115

Looking up at the 2 carex-ltd.com. parent servers:

ServerResponse
ns1.coolfol.com [63.223.110.82]75.59.215.83 80.99.167.132 83.25.134.40 85.102.118.64 93.103.186.245
ns2.coolfol.com [66.249.15.115]Timeout

The data shows a 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.coolfol.com hosted by Beyond The Network America, Inc./Sentris Network LLC on IP 63.223.110.82 is acting as a zombie botnet controller, 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT). See The Zombie Botnet 'Host By Proxy' for a general explanation of this method of hosting.
***Latest News*** Initial entry 6th. September 2009
***Latest News*** 20th. September 2009
News from Simon Bear - the botnet hosting for domain carex-ltd.com has been disabled - please notify me of any active website for this criminal.