Centurion Logistic Group Fraud
Report
Active
Domain
Don't Bear Internet Fraud
Home
Bobbear Icon
Centurion Logistic Group screenshot - 01-Jan-2009
Centurion Logistic Group screenshot - 01-Jan-2008

This fraudster should not be confused with any other company that may have a similar name. The website graphics and the evidence below identify this criminal.

Centurion Logistic Group is a re-shipping fraud job spamvertising website. It's a zombie botnet hosted website which guarantees its fraudulent nature even without any other evidence. It uses the same criminal registered nameserver domains as the First Miami Cargo fraudster which defines its pedigree. It has several other criminal aliases, including International Logistic CompanyHHT Logistic Company and others that have been taken down. The posted part-time, work-from-home job on the website under the 'Vacancies' tab consists of accepting parcels to your home address and forwarding them on the an address specified by the crooks. This is the classic re-shipping fraud function that will earn you a visit from the police and could get you a criminal record. The criminals website is hosted on a 5-IP 'fastflux' zombie botnet as evidenced by the network data below - no legitimate website is zombie botnet hosted. The zombies used by previous related frauds have also been used by 'rockphish' related scams such as Sunreef YachtsSNB Auctions etc. so this fraud is almost certainly also a 'rockphish' related scam. Notice the «quotation marks» in the text that these criminals always use as the markers where they 'cut & paste' in their various aliases.
Evidence of Criminal Fraud:

i) The criminals website is hosted on a 5-IP 'fastflux' zombie botnet using domain centurion-logistic.info which proves its criminality even without the rest of the evidence - no legitimate website is zombie botnet hosted.

ii) Despite the claim on their above home page: "The logistical company «Centurion Logistic Group» has been on the market since 1997" The criminal's website domain centurion-logistic.info was only registered with PublicDomainRegistry.com on 09-Jan-2009. Clear evidence of misrepresentation and fraud.

iii) A Google search for "Centurion Logistic Group" shows no web presence whatsoever for this particular company apart from their own fake site and various fraud website listings and job site spamming which lends the lie to their claim to have been around since 1997. Clear evidence of fraud

iv) False website Contact Details

Address:
Centurion Logistic Group
is located in the Midtown area
at Spring 358 Street,
New York, New York 10019,
United States

152 Pitt Street,
Sydney, NSW 2000,
Australia

96 Kaiserstrasse,
Dortmund, 44135,
Germany

Phone numbers:
USA: +18326327639

AU: 0292872888

E-mail:
Support: support@centurion-logistic.name

• -  It's the same fake US address as for International Logistic Company which is clear evidence of fraud in itself.
• - The US address format is wrong - if it were a genuine address, (which it is not), it should be 358 Spring Street and not "Spring 358 Street".
• - A local resident tells me that Spring Street is in the Soho, (South of Houston), area and not the "Midtown area". A genuine company would know this.
• - A US zip code lookup for the address 358 Spring Street New York returns the message "The address you provided is not recognized by the US Postal Service as an address we serve. Mail sent to this address may be returned". It is clearly a fake address.
• - The zip code 10019 is wrong for 358 Spring Street - if the address actually existed it would be 10013
• - There is no Google listing for this company at 358 Spring Street New York which is not surprising as the address does not exist.
• - A Reverse phone detective check shows that the number +18326327639 is located in League City, Texas and not New York.
• - A Google search for "152 Pitt Street, Sydney" shows no current listing for that address.
• - A Google search for "96 Kaiserstrasse, Dortmund" shows no current listing for that address.
• - The Australian telephone number 0292872888 Googles as the number of the Domain Property Group, Sydney.
You do not get a more clearly fake set of contact details than that - clear evidence of fraud.

v) The bogus job from the website:
Quality manager
Main responsibilities:

    * Reception/sending of the goods from service-center,
    * Examination of external damages and working capacity,
    * Documentary registration of process of transportation.

Requirements:

    * Minimal knowledge of document circulation
    * Higher education
    * Knowledge of personal computer

We offer:

    * Competitive salary
    * Bonuses according to the results of work
    * Social welfare
    * Medical insurance
    * Seminars and trainings at the expense of the company
The above 'Quality manager' job  is 'cloaked', but the phrase 'Reception/sending of the goods from service-center' betrays it is a part-time, work from home job accepting parcels to your private address and forwarding them on to these crooks. It is the well recognised function of "re-shipping fraud". There is no genuine requirement for such a service and what the unfortunate 'dupe' may not realise is that the goods he has reshipped have been purchased by fraud, e.g. stolen credit card details or auction fraud and he will be the only traceable link in the chain. This fraud is well documented by many authoritative agencies, e.g. the United States Postal Service detail it here in a press release dating back to February 2005.

It amounts to handling stolen goods and such criminal activity will get you a visit from the police and possibly a criminal record - don't be tempted. Such a job is clear evidence of fraud - no legitimate company is going to entrust the job of 'shipping agent' to any John/Jane Doe recruited at random from the general public. If you are lucky the packages will contain the goods obtained from fraudulent EBay auctions or credit card fraud. If you are unlucky they could be drugs or anything at all.
vi) The Job Website Spam:
job website spam
As you can see from this job website screenshot, the fraudulent Centurion Logistic Group job is a part-time, work-from-home position accepting goods and sending them on to these crooks, in other words a 'reshipping donkey', handling stolen goods which could end in a criminal conviction. Do not be fooled.
vii) This forum posting relates to these fraudsters.
viii) The Email Spam:
Date: Sat, 27 Dec 2008 15:45:55 -0500
Subject: We Found a Position for You

Company "Centurion Logistic Group” is a leader of modern logistic business. Our customers are companies that use effective advanced technologies of business management. We help them to develop their competitiveness on the market due to providing the whole set of individual logistic decisions during the whole chain of movement of the goods from production to customers. Based on the principles of complete satisfaction of the needs of our customers, “Centurion Logistic Group” provides for service of high quality, accuracy, reliability, security, individual approach and complex set of services, so that to allow our customers to concentrate on business development, decrease risks and costs increasing return of investments and increasing degree of competitiveness of their companies with the help of our experience.

Now our company is engaging employees for Quality Manager position for our service centre.

Why do we need this? Within the framework of different promotion actions which are carried out by our partners allows our customers to return the goods obtained by them during some particular period of time; as a usual the time period is 2 weeks. Or it happens in case the customer decides to return the goods for any reason. Besides the services of our service centre are necessary if our customers want to update their stock assortment. So all the returned goods arrive not in the shop but to our service centre which realizes these goods through its sales network.

The duties of the manager will include registration of goods acceptance, examination for external injury and for faulty functioning (they will just have to switch it on). After the examination you have to send the goods to the Sales Manager.

ATTENTION! The position does not mean a full-time job. We can indicate any address specified by you as a delivery address. The only provision is 8 hours a week free, full-time access to the Internet, telephone/fax.

If you are interested in this vacancy you may e-mail your resume to the address :
support1@centurion-logistic.info
The above evidence clearly demonstrates that the Centurion Logistic Group website is a fraudulent website set up with intent to deceive. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of criminal fraud - please don't delay - these criminals will not respond to any communication from you, (all their whois data is usually false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.

Known Website Domains

centurion-logistic.name
centurion-logistic.biz
centurion-logistic.info
centurion-logistic.com

 Registrar

PublicDomainRegistry.com (11-Sep-2008)
Enom Inc. (20-Nov-2007)
PublicDomainRegistry.com (09-Jan-2009)
PublicDomainRegistry.com (12-Jan-2009)

Nameserver Domains

22465623.com
34124734.com
newsitedomen.com
 Registrar

PUBLICDOMAINREGISTRY.COM (03-Jun-2008)
PUBLICDOMAINREGISTRY.COM (03-Jun-2008)
PUBLICDOMAINREGISTRY.COM (24-Jan-2009)

Active
Suspended/Disabled
DNS Data: (centurion-logistic.name)
How I am searching:

Searching for centurion-logistic.name A record at g.root-servers.net [192.112.36.4]: Got referral to D5.NSTLD.COM. (zone: name.)
Searching for centurion-logistic.name A record at D5.NSTLD.COM. [192.31.80.34]: Got referral to ns1.22465623.com. (zone: centurion-logistic.name.)
Searching for centurion-logistic.name A record at ns1.22465623.com. [78.47.60.17]: Reports centurion-logistic.name. Response:
Domain Type Class TTL Answer
centurion-logistic.name. A IN 600 212.16.129.198
centurion-logistic.name. A IN 600 62.242.114.253
centurion-logistic.name. A IN 600 77.248.56.229
centurion-logistic.name. A IN 600 85.10.57.247
centurion-logistic.name. A IN 600 89.103.235.134
centurion-logistic.name. NS IN 600 ns2.34124734.com.
centurion-logistic.name. NS IN 600 ns1.34124734.com.

Looking up at the 2 centurion-logistic.name. parent servers:

Zombie Botnet Nameservers Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns2.22465623.com [78.47.60.17] 212.16.129.198 62.242.114.253 77.248.56.229 85.10.57.247 89.103.235.134
ns1.22465623.com [78.47.60.17] 212.16.129.198 62.242.114.253 77.248.56.229 85.10.57.247 89.103.235.134

The data shows a standard 5-IP site hosting zombie botnet where the nameservers ns1.22465623.com and ns2.22465623.com hosted by ALEXANDER-RUZHENTSEV (Dedicated, VPS and virtual hosting) on IP 78.47.60.17 are acting as zombie botnet controllers 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT).
Fraud Log

Webpage created 01-Jan-2009 - acknowledgements to MGD and this thread for the heads-up on this one. Refer to the thread for more detailed information, including reshipping data.
***Latest News*** 12th. January 2009
Info. from Frank Bear - domain centurion-logistic.name has been suspended. Replacement domain is centurion-logistic.info registered with Public Domain Registry and still hosted on the following ALEXANDER-RUZHENTSEV zombie botnetwork (updated to show latest zombies):
DNS Data: (centurion-logistic.info)
How I am searching:

Searching for centurion-logistic.info A record at l.root-servers.net [199.7.83.42]: Got referral to d0.info.afilias-nst.org. (zone: info.)
Searching for centurion-logistic.info A record at d0.info.afilias-nst.org. [199.254.50.1]: Got referral to ns2.22465623.com. (zone: centurion-logistic.info.)
Searching for centurion-logistic.info A record at ns2.22465623.com. [78.47.60.17]: Reports centurion-logistic.info. Response:
Domain Type Class TTL Answer
centurion-logistic.info. A IN 600 82.131.46.35
centurion-logistic.info. A IN 600 85.27.109.95
centurion-logistic.info. A IN 600 89.34.34.86
centurion-logistic.info. A IN 600 89.114.53.86
centurion-logistic.info. A IN 600 78.97.42.202
centurion-logistic.info. NS IN 600 ns1.34124734.com.
centurion-logistic.info. NS IN 600 ns2.34124734.com.

Looking up at the 2 centurion-logistic.info. parent servers:

Zombie Botnet Nameservers Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.22465623.com [78.47.60.17] 78.97.42.202 85.27.109.95 89.109.36.8 89.114.53.86 95.28.81.67
ns2.22465623.com [78.47.60.17] 78.97.42.202 85.27.109.95 89.109.36.8 89.114.53.86 95.28.81.67

The data shows a standard 5-IP site hosting zombie botnet where the nameservers ns1.22465623.com and ns2.22465623.com hosted by ALEXANDER-RUZHENTSEV (Dedicated, VPS and virtual hosting) on IP 78.47.60.17 are acting as zombie botnet controllers 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT).
Later: Info. from Frank Bear, action has been taken by the host & the registrar to disable ns1.22465623.com and centurion-logistic.info no longer resolves. Please notify me of any active domains for this criminal.
***Latest News*** 4th. May 2009
New domain notified by site contact - centurion-logistic.com registered with PublicDomainRegistry.com (12-Jan-2009) and zombie botnet hosted as a follows:
DNS Data: (centurion-logistic.com)
How I am searching:

Searching for centurion-logistic.com A record at i.root-servers.net [192.36.148.17]: Got referral to A.GTLD-SERVERS.NET. (zone: com.)
Searching for centurion-logistic.com A record at A.GTLD-SERVERS.NET. [192.5.6.30]: Got referral to ns1.newsitedomen.com. (zone: centurion-logistic.com.)
Searching for centurion-logistic.com A record at ns1.newsitedomen.com. [94.103.83.180]: Reports centurion-logistic.com. Response:
Domain Type Class TTL Answer
centurion-logistic.com. A IN 600 79.113.220.142
centurion-logistic.com. A IN 600 89.42.249.111
centurion-logistic.com. A IN 600 190.31.255.68
centurion-logistic.com. A IN 600 190.246.17.208
centurion-logistic.com. NS IN 600 ns2.34124734.com.
centurion-logistic.com. NS IN 600 ns1.34124734.com.

Looking up at the 2 centurion-logistic.com. parent servers:

Zombie Botnet Nameservers Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns2.newsitedomen.com [94.103.83.180] 190.246.17.208 190.31.255.68 79.113.220.142 89.42.249.111
ns1.newsitedomen.com [94.103.83.180] 190.246.17.208 190.31.255.68 79.113.220.142 89.42.249.111

The data shows a standard 4-IP site hosting zombie botnet where the nameservers ns1.newsitedomen.com and ns2.newsitedomen.com, ('stealthed' through ns1.34124734.com and ns2.34124734.com), hosted by MCHOST-NET(McHost.Ru VPS) on IP 94.103.83.180 are acting as zombie botnet controllers 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT).
***Latest News*** 5th. May 2009
News from Simon Bear - the domain centurion-logistic.com has been suspended - please notify me of any active domains for this criminal.