Financial Fraud Investigation (MISA) #1

Executive Summary

Primary Finding

This report consolidates and synthesizes evidence from multiple independent investigations, concluding with high confidence that the entities operating under the domains mirrox.com, savexa.com, profitpulseltd.com (and its active brand skadeva.com), vexawave.co, 24xtrade.com, internationalclearingex.com, and the operationally-linked rock-west.com constitute a single, coordinated, and actively fraudulent international financial network. The evidence demonstrates that these entities are not independent brokerages but are disposable brands deployed by a single, central operator as part of a resilient, long-term criminal enterprise designed to systematically defraud investors through a sophisticated architecture of deception.

Core Evidence Synopsis

• Systematic Regulatory Fraud: The network's entire claim to legitimacy is built upon licenses issued by the Mwali International Services Authority (MISA) of the Comoros Union. This investigation confirms that MISA has been credibly identified by industry observers and regulatory bodies as a "fictitious" and fraudulent entity whose licenses are "worthless," rendering all associated regulatory claims void and confirming the firms operate without any legitimate oversight.
• Official External Condemnation: A key brand within the network, savexa.com, has been explicitly blacklisted by the United Kingdom's Financial Conduct Authority (FCA), a globally respected Tier-1 regulator. The FCA issued a formal public warning advising consumers to "avoid dealing with this firm," which serves as an official, external validation of the illicit nature of the network's operational model and the worthlessness of its MISA license.
• The Irrefutable Operational Link: A direct and undeniable operational connection has been established between the Seychelles-regulated rock-west.com and the fraudulent Comoros network. An email communication sent on behalf of vexawave.co, a confirmed network member, originated from an email address belonging to a named executive at rock-west.com, Victor Avramenko. This definitively implicates Rock-West in the scheme, invalidating any assumption of its separation or legitimacy and revealing a hierarchical structure to the criminal enterprise.

Visual Evidence: Mirrox vs. Savexa Login

The operational cloning is most apparent when comparing the client login portals. The structure, fields, and links are identical, with only the branding and color scheme changed. This is a hallmark of a white-label platform deployed by a single operator.

Mirrox Login

Savexa Login

Shared Registration & Dashboard Infrastructure

Beyond the login page, the user registration process and the post-login client dashboard follow the same templated format. This indicates a shared backend infrastructure, further proving that these are not independent companies but reskinned versions of the same fraudulent service.

Registration Form

Client Dashboard

Overarching Recommendation

Engagement with any entity within this identified network presents an extreme and unacceptable risk of total and irrecoverable financial loss, potential identity theft, and unwitting participation in illicit financial flows. A complete and immediate avoidance of all named entities is the only prudent course of action for investors, financial institutions, and potential business partners.

Table 1: Consolidated Risk and Verdict Matrix

The following table provides a high-level overview of the final verdict for each entity, summarizing the core evidence that underpins the conclusions of this report.

Part I: The Anatomy of a Deceptive Enterprise

This investigation reveals that the network's success is not accidental but is built upon three strategic pillars of deception. These tactics are systematically employed across its portfolio of brands to create a sophisticated illusion of legitimacy, frustrate due diligence, and ensure the longevity of the core criminal enterprise. This section deconstructs the core strategic pillars that define the network's operational doctrine, demonstrating a premeditated and resilient criminal architecture.

1.1 The Mwali-MISA Nexus: A Foundation of Fabricated Regulation

The network's entire claim to legitimacy is built upon a foundation of sand: licenses issued by the Mwali International Services Authority (MISA) of the Comoros Union. A thorough examination of MISA reveals that it is not a credible regulatory body but a key component of the fraudulent ecosystem itself. The choice to use MISA was not a passive selection of a lenient regulator; it was an active partnership with a fraudulent credentialing service, a decision that underscores the premeditated nature of the criminal operation from its inception.

External analysis from financial industry publications and watchdog groups unequivocally labels MISA a "scam" and a "fictitious entity". These reports allege that MISA was fabricated with the specific purpose of selling "worthless piece[s] of paper" to forex, CFD, and gambling companies seeking to avoid legitimate oversight from Tier-1 regulators like the FCA or ASIC. The cost for these fraudulent licenses is reportedly substantial, ranging from $65,000 to $70,000, indicating a lucrative business model that bears no resemblance to the fee structures of legitimate state regulators, which are designed to cover the high operational costs of supervision and enforcement.

Further damning evidence suggests that the legitimate financial regulator for the Union of the Comoros is, in fact, the Central Bank of the Comoros. The Central Bank has reportedly issued its own public warning identifying MISA as a fictitious structure, an official repudiation from the very government MISA purports to represent. This fact alone invalidates any claim of sovereignty or state authority made by MISA.

The fraudulent nature of MISA is corroborated by clear operational failures. Reports indicate that banking institutions established under MISA's authority lack fundamental, non-negotiable infrastructure, such as valid SWIFT codes. This renders them incapable of processing the international wire transfers that are the lifeblood of any legitimate international financial institution. An entity that cannot integrate into the global banking system cannot function as a legitimate brokerage. MISA's own online presence further undermines its credibility. Its websites feature paradoxical warnings about "cloned websites and fake licenses," a defensive posture more characteristic of a private entity protecting its brand from competitors than a sovereign regulator using its legal powers to shut down impersonators.

The evidence points to a conclusion that moves beyond MISA being merely a "weak" or "light-touch" offshore regulator. MISA's model—characterized by high fees for worthless licenses, a lack of integration into the global banking system, and the batch-issuance of sequential licenses to this network—suggests a fundamentally different purpose. It operates not as a regulator but as a for-profit enterprise whose business is the sale of fraudulent credentials to other criminal operations. In this context, MISA is not a passive bystander chosen for its leniency; it is an active co-conspirator, providing the essential infrastructure of false legitimacy that allows this network and others like it to operate with impunity.

1.2 The UK Shell Company Gambit: A Veil of Jurisdictional Arbitrage

A second core tactic employed by the network is the systematic use of parallel UK-registered shell companies to create a misleading veneer of legitimacy and a deceptive connection to a Tier-1 financial jurisdiction. This strategy of jurisdictional arbitrage is a sophisticated psychological ploy designed to manipulate the perceptions of potential victims by exploiting the credibility of the UK's corporate and regulatory environment. The investigation uncovered a consistent and deliberate pattern: for each Comoros-based operating company, a corresponding limited company was registered in the United Kingdom with a nearly identical name.

These UK entities are demonstrably not genuine businesses but are shell companies created for the sole purpose of deception. This is proven by several shared characteristics that recur across the network:

• Mismatched Business Purpose: The UK companies' officially declared "nature of business" (as defined by their Standard Industrial Classification or SIC code) is consistently and deliberately chosen to be something entirely unrelated to financial services. For example, PROFIT PULSE LTD is registered for "Non-specialised wholesale trade," and CAPITAL CREST LTD for "Buying and selling of own real estate". This is a calculated move to avoid attracting the immediate scrutiny of the UK's Financial Conduct Authority (FCA), which would investigate any new UK company declaring an intent to offer financial services or investment products. It is a clear act of evasion.
• Hallmarks of Shell Companies: These entities exhibit classic indicators of shell corporations. They are registered at known virtual office addresses, such as 128 City Road, London, a location that hosts thousands of other companies and offers no genuine physical presence. They file accounts declaring themselves as "dormant," a legal confirmation that they have no actual commercial activity or significant financial transactions. Most tellingly, some exhibit an extremely high turnover of directors. The UK shell for Savexa, TRADE TIDES LIMITED, saw five different directors appointed and subsequently resign within a few months of its incorporation. This is a textbook method for obscuring the identity of the true beneficial owners before the company is ultimately dissolved, making it difficult for investigators or victims to trace accountability.

This jurisdictional arbitrage is a sophisticated deception. The operators understand that a Comoros registration is an immediate red flag for any moderately informed investor. However, the mention of a "UK company" serves as a powerful psychological anchor. It allows the operators to vaguely reference their British entity in marketing materials or communications with potential victims, creating a false sense of security that their opaque Comoros registration could never provide. Victims are led to associate the brand with the stability and stringent regulation of the UK, a perception the operators have carefully engineered. The table below visually demonstrates the systematic and identical nature of this tactic across the network, making the pattern of deception undeniable.

Table 2: UK Shell Company Deception Matrix

1.3 The "Phoenix" Business Model: An Assembly Line for Disposable Brands

The network is not structured to build a single, lasting brand that accrues reputational value over time. Instead, it operates on a "phoenix" model, utilizing a portfolio of disposable brands that can be created, used, and discarded with minimal cost and effort, allowing the underlying criminal operation to persist indefinitely. This strategy transforms the act of fraud from a high-risk, short-term endeavor into a resilient and sustainable business enterprise.

This strategy is evidenced by the various lifecycle stages of the investigated domains: three are active trading platforms (Mirrox, Savexa, Skadeva), one is a dormant "coming soon" website being prepared for launch (VexaWave), and at least two are defunct, abandoned projects (24xtrade, internationalclearingex). This demonstrates a calculated process of brand rotation, where assets are prepared in advance to replace those that are inevitably exposed or "burned."

The engine driving this model is the use of a white-label brokerage platform. The striking uniformity of the active websites—Mirrox, Savexa, and Skadeva all offer over 160 CFD instruments, leverage up to 1:400, and feature login pages with an identical layout that differs only in color scheme—is a classic sign of this turnkey solution. A white-label provider handles the core trading technology, client-side interface, and back-end systems. This allows the network's operator to simply apply new branding (a "skin") and launch a functionally identical brokerage in a very short amount of time. This "brand-in-a-box" approach is further confirmed by the DNS history of mirrox.com, which shows its domain name was purchased from Squadhelp, an online marketplace for pre-made brand names. This proves that the brand identity is a superficial layer applied to a pre-existing fraudulent infrastructure.

This entire structure is more than just an efficient way to attract victims; it is a sophisticated defensive strategy. A single, large fraudulent brand represents a single point of failure. Once it is publicly exposed, as Savexa was by the FCA, its value as a tool for deception collapses. By operating a portfolio of smaller, disposable brands, the network insulates its core operators and infrastructure from the consequences of any single takedown. The loss of one brand is merely a calculated business expense, not a catastrophic failure. The operators can seamlessly activate a "sleeper" brand like VexaWave, which was registered in the same batch and is ready for deployment, to target a fresh pool of victims. This transforms the operation from a simple scam into an engineered, resilient, and sustainable criminal enterprise.

Part II: The MISA Network: A Portfolio of Fraudulent Entities

The following case files provide a detailed analysis of each of the core Comoros-based entities, meticulously integrating all available identifiers and evidence to build a specific and irrefutable indictment against each one. These files demonstrate a consistent application of the network's fraudulent playbook across its entire portfolio.

Part III: Irrefutable Evidence of a Single Operator

By synthesizing the evidence from the individual case files, a clear and coherent model of a single, fraudulent network emerges. The connections are not circumstantial; they are direct, technical, and irrefutable, pointing to a central operator managing these brands as part of a unified strategy. This section consolidates the "smoking gun" evidence that proves, beyond any reasonable doubt, that these entities are not independent but are managed by a single, central controlling entity.

3.1 The Sequential License Batch: Definitive Proof of Coordinated Registration

The single most compelling piece of evidence proving a single, coordinated controlling entity is the sequence of license numbers issued by the Mwali International Services Authority (MISA). When independent entities register with a regulatory body, they are typically assigned license numbers in a sequential order based on when their applications are processed and approved. The probability of seven supposedly independent companies, operating from different parts of the world, all having their applications processed and their licenses issued by an international regulator on the exact same day with near-perfectly sequential numbers is statistically zero. It is an impossibility under any scenario of organic, independent business development.

The only plausible explanation is a single agent or entity submitting a bulk application for a pre-planned portfolio of companies. This is definitive proof of a coordinated and premeditated effort to establish a portfolio of fraudulent brands, not the organic growth of separate businesses. This data point moves the assessment from "strong correlation" to "definitive proof" of a single operator. The table below lays out this "smoking gun" evidence in a clear, comparative format, consolidating data from the MISA public register.

Table 3: Comparative Analysis of MISA License Issuance

(Note: License BFX2024066 is not associated with this network in the provided materials, but its absence does not detract from the clear sequential pattern of the other six licenses issued on the same day.)

3.2 The Template-Driven Infrastructure: A Shared Operational Blueprint

The proof of a single operator extends beyond the initial registration to the ongoing operations of the network. The active brands (Mirrox, Savexa, Skadeva) share an identical operational blueprint, demonstrating that they are run from a common infrastructure and managed under a unified command.

The most damning evidence is the visual and functional cloning of their websites and client-facing platforms. The active brands share identical website structures, fonts, risk disclosures, and marketing copy, frequently advertising "160+ CFDs," "tight spreads," "high leverage," and "user-friendly trading". Most significantly, their client login pages are identical in layout and functionality, featuring a central sign-in box with email/password fields, an "open account" link, a "forgot password" link, and a CFD risk warning beneath. The only distinguishing feature is the color scheme and logo: red/pink for Mirrox, purple for Savexa, and green for Skadeva. This is the unmistakable signature of a single white-label platform being used to deploy multiple "skins."

This shared technical infrastructure is matched by a shared physical and corporate infrastructure. All of the Comoros-based operating companies—Capital Crest Ltd, Trade Tide Ltd, Profit Pulse Ltd, Tradex Limited, and others—list the same physical address: P.B. 1257 Bonovo Road, Fomboni, Comoros. This single point of contact for multiple "independent" companies is another clear indicator of a consolidated operation. The combination of simultaneous registration, shared physical address, and identical technological platforms creates an irrefutable picture of a single operator managing a portfolio of brands from a central hub.

Part IV: The Critical Connection: Implicating Rock-West.com

The investigation's most critical finding is the one that extends the boundary of this fraudulent network beyond the self-contained Comoros-MISA ecosystem to implicate a seemingly more legitimate, separately regulated entity: rock-west.com. This connection reveals a more complex and hierarchical structure to the fraud than initially apparent, with Rock-West acting as a potential "mothership" for the disposable Comoros brands.

4.1 The Façade of Legitimacy: Rock-West's Public Profile

On the surface, and to a standard due diligence check, rock-west.com presents as a typical, if high-risk, offshore brokerage. It is operated by MAIV LIMITED, a company incorporated in the Republic of Seychelles (Co. 8425341-1). Crucially, it holds a verifiable Securities Dealer license (SD044) from the Financial Services Authority (FSA) of Seychelles.

While Seychelles is an offshore jurisdiction with significantly weaker investor protections than Tier-1 centers, the FSA is a formal state regulator, which distinguishes it from the sham MISA. The operation appears mature, claiming to be founded in 2019, and offers sophisticated trading platforms, including the industry-standard MetaTrader 5 (MT5) and its own proprietary application. It maintains a public profile with an app on the Google Play Store, user reviews, and claims of industry awards. Based on these facts alone, Rock-West would be classified as a high-risk but plausibly legitimate offshore broker, suitable for sophisticated traders who understand and accept the risks of operating in such a jurisdiction. It would not, on its face, be flagged as an outright scam.

Crucially, Rock-West's own website openly advertises that it provides "institutional services and white-label solutions" to other brokers. This public declaration provides the initial circumstantial link and the business model through which it could service the Comoros network. This façade of legitimacy is what makes the discovery of its direct, operational connection to the Comoros network so significant.

4.2 The Irrefutable Link: The Victor Avramenko Communication

The façade of separation between Rock-West and the Comoros network is shattered by a single, definitive piece of evidence. An email, sent on July 28, 2025, to solicit a subscription confirmation on behalf of "Vexa Wave"—a confirmed fraudulent entity within the Comoros network—originated from the email address victor.avramenko@rock-west.com.

This is not a circumstantial or coincidental link; it is direct, technical, and irrefutable proof of a shared operational infrastructure and, more importantly, shared management. The use of a corporate Rock-West email address by a named executive to conduct marketing activities for Vexawave proves that the two entities are not operating at arm's length.

The identity of the sender deepens the connection. Rock-West's own website, on its "Meet our management team" page, lists Victor Avramenko as the company's "CD" (likely Chief Designer or Creative Director). His role is described as formulating "innovative marketing strategies to comprehensively enhance brand influence". The fact that the individual responsible for Rock-West's own branding and marketing is personally sending marketing emails for Vexawave is powerful evidence that Vexawave is not an independent client of a white-label service but is, in fact, a marketing project managed directly by the Rock-West team.

This link inextricably ties the Seychelles-regulated rock-west.com to a network that includes savexa.com—a firm officially blacklisted as fraudulent by the UK's FCA. Any claims of legitimacy or regulatory compliance by Rock-West are rendered meaningless by its direct association with and operational support for a confirmed criminal enterprise.

Email Evidence: Vexa Wave Communication

Definitive proof: Email sent by Rock-West executive Victor Avramenko on behalf of Vexa Wave.

4.3 A Hierarchical Model of Deception: The "Mothership" and its Disposable Fleet

The evidence, taken as a whole, suggests a sophisticated, hierarchical structure to the fraud. Rock-West, with its more credible (though still weak) Seychelles license, more sophisticated infrastructure (MT5), and established public profile, appears to function as the "mothership" or senior partner in the operation. It provides the core technology, marketing leadership, and likely serves as the ultimate destination for funds siphoned from victims.

The Comoros brands, which are cheap to create, built on a fraudulent regulatory foundation, and designed to be disposable, act as a fleet of lower-tier entities or attack vessels. This model is strategically brilliant from a criminal perspective. It allows the core operation (Rock-West) to maintain a cleaner public profile and handle more complex infrastructure, while outsourcing the high-risk, high-turnover scamming activities to its subordinate brands. The risk is compartmentalized in the disposable MISA entities. When one brand, like Savexa, is blacklisted by a regulator, it can be sacrificed without compromising the core operation. The financial and reputational damage is contained, and the mothership can deploy another vessel from its pre-registered fleet. This structure insulates the central command of the criminal enterprise, making it far more resilient to enforcement action. Rock-West is not merely complicit; it is the likely operational core and primary beneficiary of the entire network.

Part V: Final Verdict and Strategic Recommendations

5.1 Conclusive Verdict: A Coordinated International Fraud Operation

This comprehensive investigation concludes with a high degree of confidence that the entities operating under the domains mirrox.com, savexa.com, profitpulseltd.com/skadeva.com, vexawave.co, and the operationally-linked rock-west.com are components of a single, multi-faceted, and actively hostile fraudulent enterprise. The defunct domains 24xtrade.com and internationalclearingex.com are confirmed to be prior, discarded ventures of the same operation, created in the same batch.

This verdict is not based on a single point of failure but on a compounding and interlocking system of deception that has been proven through concrete, verifiable evidence:

• Regulatory Fraud: The network's core regulatory claims are predicated on licenses from the Mwali International Services Authority (MISA), an entity credibly exposed as a fictitious "scam" regulator. This renders all the Comoros-based firms as effectively unregulated and their claims of oversight as intentionally fraudulent.
• Corporate Deception: The network employs a sophisticated and deliberate strategy of using opaque Comoros-based companies paired with misleading UK-based shell corporations (with mismatched business purposes and dormant status) to create a false sense of legitimacy and obscure the true ownership.
• Verifiable Falsehoods: The operation has been caught engaging in direct, verifiable deception, including the use of fabricated contact information belonging to legitimate, unrelated businesses (Vexawave) and being officially blacklisted by a Tier-1 regulator (Savexa by the FCA).
• Interconnected Infrastructure: The near-sequential MISA license numbers issued on the same day, identical corporate structuring tactics, templated website designs, a shared physical address in Comoros, and shared email infrastructure provide irrefutable evidence of a common operator and a centrally managed portfolio of brands.
• Hierarchical Complicity: The direct operational link between Rock-West's marketing executive and the fraudulent Vexawave brand proves that the Seychelles-regulated entity is not separate but is an integral, and likely senior, part of the criminal enterprise.

These entities collectively represent a significant and calculated risk to any potential investor or partner. Their entire public-facing persona is an elaborate construction designed to lure individuals into a fraudulent investment scheme where the risk of total and irrecoverable loss is exceptionally high.

5.2 Strategic Recommendations for Mitigation and Protection

Based on the conclusive findings of this report, the following actions are strongly recommended:

Immediate Actions

• Cease All Contact and Avoid Engagement: Under no circumstances should any funds be deposited with, personal information be provided to, or any form of engagement be initiated with any of these entities (Mirrox, Savexa, Skadeva, Vexawave, Rock-West) or their representatives. They should be treated as actively hostile and fraudulent operations.
• Action for Exposed Individuals: For any individual or organization that has already deposited funds, it is imperative to act immediately. Contact your bank, credit card company, or payment provider to report the transactions as fraudulent. Initiate any available chargeback, recall, or fraud recovery procedures without delay. Preserve all records of communication (emails, chat logs), transactions, and website interactions as evidence for reports to authorities and financial institutions.

Reporting to Authorities

To help protect others and contribute to potential enforcement actions, it is recommended to report these entities to the appropriate authorities:

• Financial Regulators: File a report with the national financial conduct authority or securities regulator in your country of residence (e.g., FCA in the UK, SEC in the US, ASIC in Australia). Reference the existing FCA warning against Savexa as evidence of the network's illicit nature. Even though the entities are offshore, regulators track complaints about firms targeting their citizens.
• Cybercrime Agencies: Report the websites to national cybercrime reporting centers (e.g., Action Fraud in the UK, the Internet Crime Complaint Center (IC3) in the US). Provide domain names and any details of financial loss.
• Domain Registrars: File an abuse complaint with the domain registrars for each active website (mirrox.com, savexa.com, skadeva.com, vexawave.co, rock-west.com). Registrars have terms of service that prohibit using their services for illegal or fraudulent activities, and sufficient complaints can lead to domain suspension.

Future Due Diligence Checklist

The methods employed by this network serve as a valuable case study. The following red flags identified in this report should be used as a checklist when evaluating any future online investment or trading platform:

• Verify the Regulator, Not Just the License: Do not take a license claim at face value. Investigate the regulator itself. Is it a recognized, Tier-1 authority (e.g., FCA, CySEC, ASIC, BaFin, FINMA) with a history of enforcement? Be deeply skeptical of regulators in small, offshore jurisdictions with no international standing, especially those, like MISA, that are flagged as suspicious by industry watchdogs.
• Scrutinize Corporate Structures: Investigate the stated operating company. Search for it in multiple jurisdictions. Be wary of mismatches between a company's registered business purpose (SIC code) and its actual activities. Look for red flags such as addresses linked to known company formation agents or virtual offices that host thousands of other entities.
• Cross-Reference Global Warning Lists: Always check the public warning and investor alert lists of multiple major international regulators before investing. The absence of a firm from a list is not an endorsement, but its presence is a definitive warning.
• Verify Contact Details: Conduct simple, independent checks. Do the phone numbers work? Does the listed address exist and belong to the company when checked on a map service? A quick online search can often reveal blatant falsehoods, as was the case with Vexawave's use of a dentist's and restaurant's details.
• Analyze Brand Origins: Look for signs of a "brand-in-a-box" setup. Is the brand name generic? Does a DNS history search show it was recently purchased from a brand marketplace like Squadhelp? Is the website a template used by other, similar brokers? These are signs of a disposable, non-serious operation.
• Treat Operational Links as Contamination: If a seemingly legitimate entity is found to have a direct operational link to a confirmed fraud, it must be considered equally contaminated and high-risk, regardless of its own regulatory status. The link from the Seychelles-regulated Rock-West to the fraudulent Vexawave is a perfect case study for this principle. Complicity through shared infrastructure or management is as dangerous as direct fraud.