Elite Jewelry Fraud
Report
Active
Domain
Don't Bear Internet Fraud
Home
Bobbear Icon
Elite jewelry website screenshot (23-Jan-2009)
Elite jewelry website screenshot (23-Jan-2009)
This Elite jewelry criminal fraud website should not be confused with any other company with the same or similar name. The above screenshot and the following evidence defines this criminal alone.

Elite jewelry is another fraud from the money laundering/reshipping fraud department of the well known 'Rockphish/Asprox' phishing criminals. It was spotted as a domain in DNS replication data on known rockphish zombies and is hosted on a 5-IP zombie botnet, so it is fraudulent without a shadow of a doubt, but its purpose is not yet clearly apparent. It appears to be a fraud in the making. It is rather reminiscent of the old High Level and Next Level frauds inasmuch as it is apparently a merchant site but it is not possible to buy anything. It appears to have a sister site of Audio Buy. They claim on their above page to have been founded in 1987, but their domain advertisingemsonline.com was only registered with REGISTER.COM, INC. on 11-Oct-2008 which is a clear indication of a fake website. There is a translation of the 'About Us' page text from the Russian in a Word document format here. All in all a strange site - clearly a 'Rockphish' site and clearly fraudulent, but what exactly is its purpose?

Elite jewelry : Evidence of Site Theft and Criminal Fraud

i) The Elite jewelry fraud website is hosted on a five-IP 'fastflux' zombie botnet as evidenced below - No legitimate company would use a zombie botnet to host their website - irrefutable evidence of criminality.

ii) Passive DNS data research on the zombies hosting the site show that the same zombies are currently used to host the Bullet Motorsports Speedlab (BMS) website, the Pacific Corporation website, the Duty Free Shopping, the Audio Buy website and other fraudsters, attack URLs and 'phishing' URLs, which clearly identifies this site as a 'Rockphish' site.

iii) A Google search for "Elite jewelry" returns loads of hits as you'd expect with a generic term like that, but nothing for these criminals - they have absolutely no web presence, so the claim "Elite jewelry Company was founded in 1987. The high quality of our products is well-known all over the world. The works of the company’s designers feature the thorough elaboration of the finest details that accentuate the elegant beauty of our jewelry." is clear nonsense.

iv) Fake merchant site - you can put stuff into your basket, but you cannot check out, which is probably just as well.....

v) The text and the products seem to have been stolen from the Zales jewelry website, for example the text "Program runs October 1, 2008, through September 30, 2009. Minimum donation: $100,000" is a Zales breast cancer promotion and the "1-1/2 CT. T.W. Diamond Solitaire Stud Earrings in 14K Gold" is a Zales product and so on and so forth.

vi) The undoubtedly fake location details from the website:

Contact
1221 Brickell Avenue
Suite 900
Miami, Florida 33131
United States
+1 (305) 675-0217

• - The street address "1221 Brickell Avenue" Googles as a Regus serviced office block with office space for rent and there is no evidence that it is the headquarters of these criminals. It is a common location ploy used by these criminals.
Well, it's a 'Rockphish' zombie botnet hosted fraud site without any doubt, but what its intention is is anyone's guess, but do not be misled - these are professional criminals with a long history of fraud as detailed on the General Information page and are the same criminals as the 'Rockphish/Asprox' phishing fraudsters.

Elite jewelry  Fraudsters hosting details.

Main Domains, Registrars and Hosts 
Domain


advertisingemsonline.com
thegemsonline.net
officialjewel.net
gioielloitalia.com
Registrar


REGISTER.COM, INC. (11-Oct-2008)
REGISTER.COM, INC. (11-Oct-2008)
 REGISTER.COM, INC. (11-Oct-2008)
REGISTER.COM, INC. (11-Oct-2008)
 		Host IP Network /Botnet Nameserver Host


Peer 1 Network Inc./H4Y Technologies LLC - ns1.ns1.torshtainer.net
Peer 1 Network Inc./H4Y Technologies LLC - ns1.ns1.torshtainer.net
Peer 1 Network Inc./H4Y Technologies LLC - ns1.ns1.torshtainer.net
Peer 1 Network Inc./H4Y Technologies LLC - ns1.ns1.torshtainer.net

 Host IP/Botnet Nameserver IP

64.34.217.40
64.34.217.40
64.34.217.40
64.34.217.40

Current Zombie Botnet Nameserver Domains and Registrars
Nameserver

torshtainer.net

 Nameserver Domain Registrar

REGISTER.COM, INC. 06-Nov-2008
 Host IP

64.34.217.40
The Zombie Botnet DNS Data (Valid for domain advertisingemsonline.com, thegemsonline.net, officialjewel.net, gioielloitalia.com)

Looking up at the 2 advertisingemsonline.com. parent servers:

ServerResponse
ns1.torshtainer.net [64.34.217.40]24.147.152.81 67.191.9.146 71.227.123.55 81.104.238.159 84.121.126.91
ns2.torshtainer.net [155.123.125.63]Timeout

The data shows a standard 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.torshtainer.net hosted by Peer 1 Network Inc./H4Y Technologies LLC on IP address 64.34.217.40 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT/NSLOOKUP). See The Zombie Botnet 'Host By Proxy' for an explanation of this method of hosting. This is the same botnet host as for the Audio Buy crook.
***Latest News*** Initial entry 23rd. January 2009
Thanks to Frank Bear for the 'heads-up' on this one.
***Latest News*** 27th. January 2009
Information from Frank Bear - another of these crook's domains - gioielloitalia.com  (Register.com - 11-Oct-2008), hosted on the above botnet.