First Miami Cargo

First Miami Cargo Fraud

Don't Bear Internet Fraud

This fraudster should not be confused with any other company that may have a similar name. The website graphics and the evidence below identify this criminal.

First Miami Cargo is a re-shipping fraud job spamvertising website. It's got the usual irritating muzak background that these crooks like to use and as is usual for these criminals the site content has been stolen from various places, e.g. the 'About Us' page has been stolen in its entirety from the Aeronet 'International Services' and 'Logistics' pages. The posted part-time, work-from-home jobs on the website under the 'Careers' tab consists of firstly accepting parcels to your home address and forwarding them on the an address specified by the crooks. This is the classic re-shipping fraud function. The second post refers to the need for a Western Union office nearby and accounting duties so there is little doubt of the secondary money mule function. The criminals website is hosted on a 5-IP 'fastflux' zombie botnet which proves its criminality even without the rest of the evidence - no legitimate website is zombie botnet hosted. The website is also hosted using the same zombies that are also used for 'rockphish' related scams such as Sunreef Yachts, SNB Auctions etc. so it is probably a 'rockphish' scam.

Evidence of Criminal Fraud:

i) Despite this claim on their 'About Us' page: "Since its establishment in 1997, Service to clients through modernization and improvement have always been the hallmark of our company." The criminal's website domain fm-cargo.com and fm-cargo.net were only registered with BIZCN.COM, INC. on 19-Jun-2008 and his domain fmcargo.net was registered with BIZCN.COM, INC. on 30-June-2008. Clear evidence of misrepresentation and fraud.

ii) Despite this ludicrous claim on their 'About Us' page "The company has over 1000 employees and annualized revenues exceeding $100 million.", a Google search for "First Miami Cargo" picks up only the two criminal's websites http://fmcargo.net/ and http://fm-cargo.com/ and no other web presence whatsoever. Clear evidence of fraud

iii) False website Contact Details

Mail & Business Center

Address: 123 SE 3rd Ave, Miami, FL 33131

• - There is no Google evidence that First Miami Cargo exist at this address. It is listed as the address of Urban Mail Miami.

iv) The bogus jobs from the website:

The company is opening the following vacancies:

• Local Delivery Manager (all states)

This job gives a chance to take pleasure from the work and at the same time provides with high salary while having the convenient schedule for you.
The main requirement for this position is to receive and ship out products. It is also very important keep track of the already received and shipped items and to inform the company’s manager of the received packages instantly. That’s why it is required to be responsible and punctual, especially when giving the specific information on the package details (weight, product etc.) to your manager, always keep cell phone working and check your e-mail several times a day (not less then 2-3 times).
You will receive money or the prepaid labels to ship packages. It is also needed to be careful when repacking each package. Make sure that your manager receives your daily reports about the packages received or sent by you.

It is a unique opportunity to gain important working experience in the "products delivery" field which is highly needed today!

• Operators (AR, KS, ME, WV, WI)

This position requires the ability of computer application processing, registration of the orders, sorting and data processing. It also provides with the stable and high salary including seasonal bonuses depending on the amount of completed work.
The requirements for this position are the following:
- confident skills of working with PC and Internet
- ability to complete work in time
- confirming the orders and data with your manager
- responsibility and punctuality at work

Requirements:

- Home computer with e-mail
- USA resident
- Age not less than 22 years
- Quiet region (to exclude the possibility of stealing the parcels)
- 5-6 hours free during the day
- Western Union office in your state (for accounting)
- Fax machine (if possible)

You see, that it is easy job, but your help is very important for us and our clients. This job does not require any special education.This job wouldn't bring you millions, we do not suggest huge earnings. You wouldn't have look clients for us or sell our production. You wouldn't have to pay us for taking you on our list. However we guaranteee stable income.

The 'Requirements' list for this job are identical to the Cargo Logistics fraud job', which links the two together.

The above 'Local Delivery Manager' job could not be clearer - it is a part-time, work from home job accepting parcels to your private address and forwarding them on to these crooks. It is the well recognised function of "re-shipping fraud". There is no genuine requirement for such a service and what the unfortunate 'dupe' may not realise is that the goods he has reshipped have been purchased by fraud, e.g. stolen credit card details or auction fraud and he will be the only traceable link in the chain. This fraud is well documented by many authoritative agencies, e.g. the United States Postal Service detail it here in a press release dating back to February 2005.

It amounts to handling stolen goods and such criminal activity will get you a visit from the police and possibly a criminal record - don't be tempted. Such a job is clear evidence of fraud - no legitimate company is going to entrust the job of 'shipping agent' to any John/Jane Doe recruited at random from the general public. If you are lucky the packages will contain the goods obtained from fraudulent EBay auctions or credit card fraud. If you are unlucky they could be drugs or anything at all.

v) The criminals website is hosted on a 5-IP 'fastflux' zombie botnet using domains fm-cargo.com, fm-cargo.net and fmcargo.net which proves its criminality even without the rest of the evidence - no legitimate website is zombie botnet hosted.

The above evidence clearly demonstrates that the First Miami Cargo website is a fraudulent website set up with intent to deceive. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of criminal fraud - please don't delay - these criminals will not respond to any communication from you, (all their whois data is usually false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.

Known Website Domains

fm-cargo.com (Suspended)
fm-cargo.net (Suspended)
fmcargo.net (Suspended)
cargofm.com (Suspended)
cargofm.net (Suspended)

Registrar

BIZCN.COM, INC. (19-Jun-2008)
BIZCN.COM, INC. (19-Jun-2008)
BIZCN.COM, INC. (30-Jun-2008)
BIZCN.COM, INC. (05-Aug-2008)
BIZCN.COM, INC. (02-Sep-2008)

Nameserver Domains

22465623.com
34523245.com

Registrar

ESTDOMAINS, INC. (03-Jun-2008)
PUBLICDOMAINREGISTRY.COM (03-Jun-2008)

DNS Data: (fm-cargo.com, fmcargo.net, fm-cargo.net)
How I am searching:

Searching for fm-cargo.com A record at c.root-servers.net [192.33.4.12]: Got referral to M.GTLD-SERVERS.NET. (zone: com.)
Searching for fm-cargo.com A record at M.GTLD-SERVERS.NET. [192.55.83.30]: Got referral to ns1.thereload.com. (zone: fm-cargo.com.)
Searching for fm-cargo.com A record at ns1.thereload.com. [74.86.253.45]: Reports fm-cargo.com. Response:

Domain	Type	Class	TTL	Answer
fm-cargo.com.	A	IN	1800	85.187.0.226
fm-cargo.com.	A	IN	1800	193.219.119.4
fm-cargo.com.	A	IN	1800	70.250.147.140
fm-cargo.com.	A	IN	1800	81.98.65.62
fm-cargo.com.	A	IN	1800	82.33.40.108
fm-cargo.com.	NS	IN	1800	ns2.thereload.com.
fm-cargo.com.	NS	IN	1800	ns1.thereload.com.
ns1.thereload.com.	A	IN	1800	74.86.253.45
ns2.thereload.com.	A	IN	1800	203.95.52.56

Looking up at the 2 fm-cargo.com. parent servers:

Zombie Botnet Nameserver	Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.thereload.com [74.86.253.45]	193.219.119.4 70.250.147.140 81.98.65.62 82.33.40.108 85.187.0.226
ns2.thereload.com [203.95.52.56]	[Error: Port Unreachable] Fake nameserver - never resolves

The data shows a standard 5-IP site hosting zombie botnet where the nameserver ns1.thereload.com hosted by SoftLayer Technologies Inc. on IP 74.86.253.45 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT).

Fraud Log

Webpage created 31st. July. 2008

***Latest News*** 5th. August 2008
Domains fm-cargo.com, fm-cargo.net & fmcargo.net have all been suspended. Please notify me of any active website URLs/Domains.

***Latest News*** 28th. August 2008
New domain notified by site contact: cargofm.com (BIZCN.COM, INC. (05-Aug-2008))
DNS Data: (cargofm.com)
How I am searching:

Searching for cargofm.com A record at m.root-servers.net [202.12.27.33]: Got referral to J.GTLD-SERVERS.NET. (zone: com.)
Searching for cargofm.com A record at J.GTLD-SERVERS.NET. [192.48.79.30]: Got referral to ns1.thereload.com. (zone: cargofm.com.)
Searching for cargofm.com A record at ns1.thereload.com. [66.197.134.108]: Reports cargofm.com. Response:

Domain	Type	Class	TTL	Answer
cargofm.com.	A	IN	1800	86.122.55.239
cargofm.com.	A	IN	1800	212.139.86.18
cargofm.com.	A	IN	1800	84.110.139.110
cargofm.com.	A	IN	1800	84.245.209.56
cargofm.com.	A	IN	1800	86.121.111.75
cargofm.com.	NS	IN	1800	ns1.thereload.com.
cargofm.com.	NS	IN	1800	ns2.thereload.com.
ns1.thereload.com.	A	IN	1800	66.197.134.108
ns2.thereload.com.	A	IN	1800	203.95.52.56

Looking up at the 2 cargofm.com. parent servers:

Zombie Botnet Nameserver	Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.thereload.com [66.197.134.108]	212.139.86.18 84.110.139.110 84.245.209.56 86.121.111.75 86.122.55.239
ns2.thereload.com [203.95.52.56]	Timeout - Fake nameserver - never resolves

The data shows a standard 5-IP site hosting zombie botnet where the nameserver ns1.thereload.com hosted by HostNoc/Burst.net on IP 66.197.134.108 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT).

***Latest News*** 29th. August 2008
The criminals hosting appears to have been disconnected - please notify me of any active domains

***Latest News*** 3rd. September 2008
The criminal's domain cargofm.com appears to have been suspended. Please notify me of any active domains for this criminal.

***Latest News*** 1st. October 2008
New domain found in the wild - cargofm.net registered with Bizcn.com and hosted on the following zombie botnet:
DNS Data (cargofm.net)
How I am searching:

Searching for cargofm.net A record at m.root-servers.net [202.12.27.33]: Got referral to G.GTLD-SERVERS.net. (zone: net.)
Searching for cargofm.net A record at G.GTLD-SERVERS.net. [192.42.93.30]: Got referral to ns1.22465623.com. (zone: cargofm.net.)
Searching for cargofm.net A record at ns1.22465623.com. [78.47.60.17]: Reports cargofm.net. Response:

Domain	Type	Class	TTL	Answer
cargofm.net.	A	IN	600	87.206.206.106
cargofm.net.	A	IN	600	89.215.117.82
cargofm.net.	A	IN	600	90.150.229.117
cargofm.net.	A	IN	600	58.8.23.57
cargofm.net.	A	IN	600	86.104.43.98
cargofm.net.	NS	IN	600	ns1.34124734.com.
cargofm.net.	NS	IN	600	ns2.34124734.com.

Looking up at the 2 cargofm.net. parent servers:

Zombie Botnet Nameserver	Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns2.22465623.com [78.47.60.17]	58.8.23.57 86.104.43.98 87.206.206.106 89.215.117.82 90.150.229.117
ns1.22465623.com [78.47.60.17]	58.8.23.57 86.104.43.98 87.206.206.106 89.215.117.82 90.150.229.117

The data shows a standard 5-IP site hosting zombie botnet where the nameservers ns2.22465623.com and ns1.22465623.com hosted by ALEXANDER-RUZHENTSEV on IP 78.47.60.17 are acting as a zombie botnet controllers 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT).

***Latest News*** 2nd. October 2008
The criminal's nameserver hosting on IP address 78.47.60.17 appears to have been null routed. Please notify me of any active website URLs/Domains for this criminal.
Later: The criminal's botnet is now on a new IP with a new nameserver - ns2.34523245.com [213.157.190.170] (RO-RDS-IS-ALLOC12 (Block for Vaslui))
DNS Data (cargofm.net)
How I am searching:

Searching for cargofm.net A record at h.root-servers.net [128.63.2.53]: Got referral to b.gtld-servers.net. (zone: net.)
Searching for cargofm.net A record at b.gtld-servers.net. [192.33.14.30]: Got referral to ns2.34523245.com. (zone: cargofm.net.)
Searching for cargofm.net A record at ns2.34523245.com. [213.157.190.170]: Reports cargofm.net. Response:

Domain	Type	Class	TTL	Answer
cargofm.net.	A	IN	600	93.100.149.43
cargofm.net.	A	IN	600	124.122.226.231
cargofm.net.	A	IN	600	89.77.202.230
cargofm.net.	A	IN	600	58.8.99.134
cargofm.net.	A	IN	600	124.121.218.171

Looking up at the 5 cargofm.net. parent servers:

Zombie Botnet Nameserver	Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns2.34523245.com [213.157.190.170]	124.121.218.171 124.122.226.231 58.8.99.134 89.77.202.230 93.100.149.43
ns1.34523245.com [78.106.28.41]	Timeout
ns3.34523245.com [77.79.171.64]	Timeout
ns4.34523245.com [83.242.87.70]	Timeout
ns5.34523245.com [58.8.245.128]	Timeout

The data shows a standard 5-IP site hosting zombie botnet where the nameserver ns2.34523245.com hosted by RO-RDS-IS-ALLOC12 (Block for Vaslui) on IP 213.157.190.170 is acting as a zombie botnet controllers 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT). ns1, ns3, ns4 & ns5 seem to be non-working nameservers hosted on zombies for some reason.

***Latest News*** 20th. October 2008
Simon Bear reports that domain cargofm.net has been suspended. Please notify me of any active domains.