Creovision Laboratories Fraud
Report
Active
Domain
Don't Bear Internet Fraud
Home
Bobbear Icon

Creovision

Laboratories

 Creovision Laboratories

Creovision Laboratories is simply the 'old' Neolenses fraud with the name changed to Creovision. It's a glossy 'manufacturing based' money laundering fraud operation but otherwise no different to the others posted on this website.

The bogus website is a rip-off of the VividInteractive and Design produced website constructed for the genuine company Gelflex Laboratories who needless to say have nothing to do with this fraud - they are as much a victim as anyone else who falls for the scam.

The  Creovision Laboratories website is hosted by a 'bog-standard' zombie botnet so often used by these criminals. The spam subjects include "Amazing job opportunity. Home-based.", "Real Job Offer with paid trial.", "Customer Service Representative vacancy. High salary!",  "Home-Based Job position. PAID TRIAL!",  but the one thing in common is the offer of a job as a money laundering mule that will lose you lots of money, get your bank account(s) frozen and have you facing criminal charges - don't do it!
 
Known Website Domains

creovision-lab.com (Parked)
creovision-lab.net (Parked) creovision-lab.biz (Parked) creovisionlab.com (Parked)
creovisionlab.net (Parked) creovisionlab.biz (Parked)
cvisionlab.net (Parked)
cv-lab.com (Parked)
creovision.net (Parked)

Nameserver Domains

aldemolay.com (Active)
nplsearch.com (Active) 		Registrar

Register.com (08-Nov-2007)
Register.com (08-Nov-2007)
Register.com (08-Nov-2007)
Register.com (08-Nov-2007)
Register.com (08-Nov-2007)
Register.com (08-Nov-2007)
Register.com (13-Nov-2007)
SPIRITDOMAINS/IAREGISTRY (13-Nov-2007)
REGISTER.COM, INC. (08-Nov-2007)



Spiritdomains (07-Nov-2007)
Register.com (12-Nov-2007) 

Note for registrars
The criminal uses a zombie botnet to host all his website domains. That means that he has to register his own zombie botnet nameserver domain as he cannot use a legitimate DNS. It therefore follows that any domain in your database which has either of the current zombie botnet nameservers, (ns1.aldemolay.com or ns1.nplsearch.com) in the whois data IS zombie botnet hosted and IS a domain registered by the same criminal for the same criminal purposes. Would you please search for all the criminals domains, suspend them and delete the DNS data. Thank you.
Zombie Botnets
DNS Data:

Looking up at the 2 cvisionlab.net & cv-lab.com parent servers:

Server (Botnet Controller) Response (Zombie site host IPs)
ns1.nplsearch.com [66.197.174.5]  194.0.253.229 78.55.238.192 79.114.77.87 85.181.17.224 89.132.30.123
ns2.nplsearch.com [67.74.18.77] Timeout - dummy nameserver

The DNS data shows a standard zombie botnet where the nameserver ns1.nplsearch.com hosted by SouthWest Technologies, Ltd of Coolard, Listowel, Co. Kerry, Eire on IP 66.197.174.5 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT). The nameserver domain, (nplsearch.com - REGISTER.COM, INC.) is by definition registered by the criminals as they cannot use a legitimate DNS server to host a zombie botnet.

Looking up at the 2 creovision.net parent servers:

Server (Botnet Controller) Response (Zombie site host IPs)
ns1.aldemolay.com [74.62.155.57]  74.12.228.48 82.52.184.62 87.205.178.212 87.248.69.112 87.68.76.188
ns2.aldemolay.com [70.14.44.98] Timeout - dummy nameserver

The DNS data shows a standard zombie botnet where the nameserver ns1.aldemolay.com hosted by Road Runner HoldCo LLC on IP 74.62.155.57 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT). The nameserver domain, (aldemolay.com - SPIRITDOMAINS/IAREGISTRY) is by definition registered by the criminals as they cannot use a legitimate DNS server to host a zombie botnet.
Evidence of Criminal Fraud:

i) Site theft - the website is stolen from the genuine company Gelflex Laboratories.

ii) The website is hosted by the usual zombie botnet(s) as demonstrated above.

iii) The 'job' consists of  accepting money into your account and transferring it out to the crooks via Moneygram or Western Union for a percentage - the usual illegal money mule function.

iv) Numerous spams received from the auscert.org.au mule distribution. Sample spam below.

v) According to the 'About Us' page "CreoVision Laboratories is an innovative Contact Lens Manufacturer, researcher & developer based in Morrisonville, NY, USA.", yet their bogus website address is 6256 Provence Road 91775 CA San Gabriel - both totally fake, of course.

vi)  The so-called "Distributors" email addresses for Israel and Indonesia on the 'Contact Us' page are bogus - the domains creovision.il, creovision-lab.il, creovision.id and creovision-lab.id which are variously used for the email addresses do not exist.

vii) The Creovision Laboratories website copyright footer shows © 2002, yet ALL the above scam website domains were only registered on November the 8th. 2007.

viii) Considering they are "Widely regarded as one of the finest contact lens laboratories in the world" they have no internet presence other than as spammers and scammers.

ix) Multiple domain registrations for the same bogus website.

x) The registration data is hidden using 'Domain Discreet'. What sort of company does that? You guessed it - a criminal one.

Spam Headers: [awaiting headers]
Spam Body: 

From: home-based job offer
Sent: Sunday, 11th. November 2007 7:37 PM
To: xxxxxxxxxxxx
Subject: Real Job Offer with paid trial.

 

CreoVision Laboratories is one of the world's leading developers and manufacturers of contact lenses and intraocular implant lenses based in USA.

CreoVision currently have an exciting opportunity for a new Customer Service Representative to join an Australian distributors team on the "work from home" basis.
Working within a service team of eight other personnel, this is a fantastic opportunity to gain permanent employment after a two weeks trial period if you are able to prove your abilities and commitment to the position.

Working hours: Monday to Friday, from 9am to 5pm (EST Australian Time) 1 hour for lunch. Part-time positions are also available: Monday to Friday, from 9am to 1pm (EST Australian Time)

Wages: When benefits and bonuses are added to the base salary, the average total compensation for this position would be AUD$68,000 after tax annually.

Reporting directly to the Customer Service Supervisor, your duties will include the following:

. Handle telephone enquiries (all expenses will be covered by the company)
. Process phone, fax and email orders (all necessary equipment and software will be provided)
. Prioritise and co-ordinate the data entry of customer orders and credits
. Raise invoices
. Assist the Financial Representative as required
. Customer Service Representative may perform work of a similar type and level as that of subordinates.

We are looking for applicants preferably (but not a must) with prior experience in customer service and who display exceptional communication skills. If you consider yourself a genuine team player who is also able to work autonomously, have excellent written and verbal communication skills, strong attention to detail and a commitment to quality, not to mention a confident, professional and polite phone manner then this could be the opportunity you have been waiting for!

To the successful applicants we offer a position on a 2 weeks trial basis. During this trial period you will be receiving training and online support while working and being paid.
The evaluation of employees on a trial period is usually done at least 3 days prior to the end of their trial period. During the trial period, the supervisor can recommend termination. At the end of the trial period, supervisor makes his final decision.

If you are interested in this vacancy and you feel, that your qualifications correspond to our requirements, please follow this link http://cvisionlab.net/ to fill in an application form.

Thank you for your interest to this job.
Sincerely,

CreoVision Laboratories

Please do not reply to this email. This mailbox is not monitored and you will not receive a response.

© Copyright 2002 CreoVision Laboratories Phone +1 (518) 632-1001
Fax +1 (518) 541-1220
Address 6256 Provence Road
91775 CA San Gabriel, USA

Fraud Log

12th. Nov. 2007
All of the criminals main website domains listed above have been parked by Register.com
27th. Nov. 2007
Domain cvisionlab.net noticed in the wild.
***Latest News***6th. Dec. 2007

No known active domains - the domains creovision.net & cvisionlab.net have both been parked by the criminals on the Everyone's Internet IP 209.62.20.175 for some reason, using the criminal's nameservers ns1.bnmq.com and ns2.bnmq.com. The domain cv-lab.com on the other hand has been parked on the Direct Information FZC IP 209.85.51.151 using nameservers dns1.cnomy.com & dns2.cnomy.com using domains also undoubtedly registered by the criminals for this purpose. The criminal seems to have taken this one down himself - he's up to something.