Silverlens Laboratories Fraud
Report
Active
Domain
Don't Bear Internet Fraud
Home
Bobbear Icon

Silverlens Laboratories Logo.

Silverlens Laboratories is simply the 'old' Creovision and Neolenses frauds with the name changed to Silverlens. It's a glossy 'manufacturing based' money laundering fraud operation but otherwise no different to the others posted on this website.

The bogus website is a rip-off of the VividInteractive and Design produced website constructed for the genuine company Gelflex Laboratories who needless to say have nothing to do with this fraud - they are as much a victim as anyone else who falls for the scam.

The  Silverlens Laboratories website is hosted by a 'bog-standard' zombie botnet so often used by these criminals. The spam subjects usually include "Amazing job opportunity. Home-based.", "Real Job Offer with paid trial.", "Customer Service Representative vacancy. High salary!",  "Home-Based Job position. PAID TRIAL!",  but the one thing in common is the offer of a job as a money laundering mule that will lose you lots of money, get your bank account(s) and all your assets frozen and have you facing criminal charges - don't do it!
Current Zombie Botnet Host(s)


The ethical majority of service providers, (all credit to them), act within 1-24 hours of being informed of the criminal abuse of their system, (the best in less than 1 hour), but there are unfortunately a few that do not, for one reason or another.
Known Website Domains

silverlenslab.com (Parked)
silverlens-lab.com (Parked)
silverlenzlab.com (Active)
Nameserver Domains

listns.com (Parked)
betbiggreen.com (Active)

 		Registrar

Register.com (04-Feb-2008)
 Register.com (04-Feb-2008)
Spiritdomains/IA Registry (17-Feb-2008)



Register.com (25-Jan-2008)
Spiritdomains/IA Registry (14-Feb-2008)

Note for registrars
The criminal uses a zombie botnet to host all his website domains. That means that he has to register his own zombie botnet nameserver domain as he cannot use a legitimate DNS. It therefore follows that any domain in your database which has the current zombie botnet nameserver, (ns1.listns.com) in the whois data IS zombie botnet hosted and IS a domain registered by the same criminal for the same criminal purposes. Would you please search for all the criminals domains, suspend them and delete the DNS data. Thank you.
Zombie Botnets
DNS Data: (Valid for silverlens-lab.com, silverlenslab.com)

 Looking up at the 2 silverlenslab.com. parent servers:

ServerResponse
ns1.listns.com [38.101.159.50] 71.192.111.168 71.56.201.13 76.103.108.246 82.144.164.226 99.248.165.168
ns2.listns.com [38.54.91.15]Timeout

The DNS data shows a standard zombie botnet where the nameserver ns1.listns.com hosted by the frequent, (& unresponsive), host of these criminals, CogentCo (aka Performance Systems International) on IP 38.101.159.50 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT). The nameserver domain, (listns.com - REGISTER.COM, INC.) is by definition registered by the criminals as they cannot use a legitimate DNS server to host a zombie botnet.
Evidence of Criminal Fraud:

i) Site theft - the website content is stolen from the genuine company Gelflex Laboratories.

ii) The website is hosted by the usual zombie botnet(s) as demonstrated above.

iii) Spams received from the auscert.org.au mule distribution. Sample spam below.

iv) According to the 'About Us' page "Silverlens Laboratories is an innovative Contact Lens Manufacturer, researcher & developer based in Morrisonville, NY, USA.", (exactly the same rubbish as for the previous Creovision and Neolenses aliases), yet their bogus website contact address is 1540 19th Street, 90266 CA Manhattan Beach. Google also throws up no hits for that address.

v)  The so-called "Distributors" email addresses for Israel and Indonesia on the 'Contact Us' page are bogus - the domains silverlenslab.il and silverlenslab.id used for the email addresses are not registered domains - they do not exist.

vi) The Silverlens Laboratories website copyright footer shows © 2002, yet ALL the above scam website domains were only registered very recently.

vii) Considering they are "Widely regarded as one of the finest contact lens laboratories in the world" they have no internet presence other than as spammers and scammers.

viii) On the Application Form the CV is optional! What sort of company would recruit just anyone without even a CV? - A money mule recruiter, that's who.

ix) The registration data is hidden using 'Domain Discreet'. What sort of company does that? You guessed it - a criminal one.

x) They've even left the stolen Gelflex 'Gelcalc' calculating program intact on their cloned fraud site and not bothered to rename it!

Spam (as received): 

Hello!

On behalf of Silverlens Laboratories I would like to thank you for taking the time to apply for a position of Customer Service Representative for our team in Australia.

After careful consideration of your qualifications, it has been decided that you meet our minimum selection criteria for the position offered. Now that we have taken your application further I would like to briefly clarify some of the key points related to the job offer. More detail will be revealed later in the employment agreement.

Company: Silverlens Laboratories is an innovative Contact Lens Manufacturer, researcher & developer based in Manhattan Beach, CA, USA. Widely regarded as one of the finest contact lens laboratories in the world, Silverlens Laboratories has approval from the US Federal Drug Administration (FDA) and the Australian Therapeutics Goods Administration (TGA) to manufacture contact lenses and intraocular lenses. To become familiar with our products and services please refer to our website at http://www.silverlenslab.com

Job Title: Customer Service Representative

Reporting directly to the Customer Service Supervisor, your duties will include the following:

.       Handle telephone enquiries (all expenses will be covered by the company)
.       Daily communication to customers regarding deliveries or goods on "backorder status"
.       Process phone and email orders (company phone will be provided upon completion of the trial period)
.       Prioritise and coordinate the data entry of customer orders and credits
.       Supporting the Financial Representative when required

Wages: AUD$65000 p.a. after tax + Super + Bonuses.

Working Hours: Mon - Fri, 9am to 4.30pm (1 hr for lunch) EST Australian Time.

Job Location: Travel/relocation is not required - it is a home based position.

Job Requirements:

.       Prior experience in customer service is preferable but not a must - full training will be provided.
.       Polite and confident telephone manner
.       Effective time management skills with the ability to multi task and meet deadlines
.       The desire to work for a progressive organisation
.       Intermediate Microsoft Office skills

Further Hiring Process: We are offering you a position within our company on a trial basis for two weeks starting from the beginning of the work. At the completion of the trial period, your supervisor can recommend continued employment, extension of trial period, or termination. During this trial period you will be receiving training and online support while working and being paid. (During the trial period you will be paid fortnightly AUD$1,000 per week after tax. The Employee is eligible for an individual bonus of AUD$500 when the trial is successfully over.)

Next Step: In order to proceed please submit your details via email (by replying to this message) once again and confirm that they are correct and up-to-date (your details will be treated in the strictest of confidence):

Current address:
Landline phone number:
Cell phone number:

I assume that you would be able to start working as soon as possible. Please confirm this. Also, during the next several weeks, please keep me informed of any deadlines that you may be facing (i.e. pending job offers, current employment obligations). Thank you once again and feel free to email me any questions that you may have at this point.


Yours sincerely,

Human Resources Manager
Silverlens Laboratories
HR_manager@silverlenslab.com
It is well disguised, but the actual function of anyone who applies for this position will turn out to be simply "Supporting the Financial Representative when required" and will consist of receiving stolen/counterfeit checks into your account and transferring them back to this criminal less 10% for yourself - the illegal money mule function.

Feedback, (in confidence), from anyone who has applied for this job would be appreciated.
Fraud Log

Webpage created 12th. February 2008
Later - The criminal has already moved his zombie botnet onto a Velcom IP after being shut down by colo4jax:

 DNS Data: (Valid for silverlens-lab.com, silverlenslab.com)
 Looking up at the 2 silverlenslab.com. parent servers:

Zombie Botnet NameserverBotnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.listns.com [64.86.17.185] 65.27.5.6 71.87.150.92 85.204.112.226 89.137.107.183 99.248.177.227
ns2.listns.com [38.54.91.15]Timeout - Fake nameserver, (never resolves).

The data shows a standard 5 IP site hosting zombie botnet where the criminal registered nameserver ns1.listns.com [64.86.17.185] hosted by Velcom, of Brampton, Ontario is acting as zombie botnet controller, 'herding' the rotating zombies, (as evidenced by IP RDNS data), in the 'A' records list which are hosting the fraud site (as evidenced by domain TRACERT data), using the listed domains.
***Latest News***  15th. February 2008
The criminal's zombie botnet controlled by nameserver ns1.listns.com is still active on the Velcom IP 64.86.17.185
Later - The criminal has moved his zombie botnet onto a new IP - 194.150.121.44
DNS Data: (Valid for silverlens-lab.com, silverlenslab.com)
 Looking up at the 2 silverlenslab.com. parent servers:

ServerResponse
ns1.listns.com [194.150.121.44] 71.17.155.4 71.229.123.1 76.78.121.145 99.228.246.95 99.243.17.236
ns2.listns.com [38.54.91.15]Timeout

The data shows a standard 5 IP site hosting zombie botnet where the criminal registered nameserver ns1.listns.com [194.150.121.44] hosted by Tidyhosts.com is acting as zombie botnet controller, 'herding' the rotating zombies, (as evidenced by IP RDNS data), in the 'A' records list which are hosting the fraud site (as evidenced by domain TRACERT data), using the listed domains.
***Latest News***  17th. February 2008
The criminal is still active with his botnet hosted on the above Othello Technology Systems/Tidyhosts IP (194.150.121.44) using the three Register.com registered domains silverlens-lab.com, silverlenslab.com and listns.com.
Later - No response from Othello or Tidyhosts, but Register.com now appear to have parked all three of the criminal's domains which in one way is good, but on the other hand I would prefer to see a suspended notice.
***Latest News***  18th. February 2008
Response from Tidyhosts "We will look into this"
***Latest News***  20th. February 2008
New domain notified by site contact - silverlenzlab.com
DNS Data (silverlenzlab.com)

Looking up at the 2 silverlenzlab.com. parent servers:

ServerResponse
ns1.betbiggreen.com [76.76.6.232] 217.226.70.24 24.93.117.56 86.125.118.76 89.41.94.142 99.139.49.2
ns2.betbiggreen.com [38.54.91.15]Timeout

The data shows a standard 5 IP site hosting zombie botnet where the criminal registered nameserver ns1.betbiggreen.com [76.76.6.232] hosted by Carolina Internet is acting as zombie botnet controller, 'herding' the rotating zombies, (as evidenced by IP RDNS data), in the 'A' records list which are hosting the fraud site (as evidenced by domain TRACERT data), using the listed domains.
***Latest News***  22nd. February 2008

The criminal has now moved his botnet to Convergent Network Services/The New York NOC, Inc. - DNS Data:
 How I am searching:

Searching for silverlenzlab.com A record at g.root-servers.net [192.112.36.4]: Got referral to F.GTLD-SERVERS.NET. (zone: com.)
Searching for silverlenzlab.com A record at F.GTLD-SERVERS.NET. [192.35.51.30]: Got referral to ns2.betbiggreen.com. (zone: silverlenzlab.com.)
Searching for silverlenzlab.com A record at ns2.betbiggreen.com. [38.54.91.15]: Timed out. Trying again.
Searching for silverlenzlab.com A record at ns1.betbiggreen.com. [206.71.148.2]: Reports silverlenzlab.com. Response:
DomainTypeClassTTLAnswer
silverlenzlab.com.AIN180024.93.117.56
silverlenzlab.com.AIN180086.125.118.92
silverlenzlab.com.AIN180089.32.51.227
silverlenzlab.com.AIN180089.33.60.122
silverlenzlab.com.AIN180089.137.9.59
silverlenzlab.com.NSIN1800ns1.betbiggreen.com.
silverlenzlab.com.NSIN1800ns2.betbiggreen.com.
ns1.betbiggreen.com.AIN1800206.71.148.2
ns2.betbiggreen.com.AIN180038.54.91.15

Looking up at the 2 silverlenzlab.com. parent servers:

Zombie Botnet NameserverBotnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.betbiggreen.com [206.71.148.2] 24.93.117.56 86.125.118.92 89.137.9.59 89.32.51.227 89.33.60.122
ns2.betbiggreen.com [38.54.91.15]Timeout - Fake nameserver, (never resolves).

The data shows a standard 5 IP site hosting zombie botnet where the criminal registered nameserver ns1.betbiggreen.com [206.71.148.2] hosted by Convergent Network Services/The New York NOC, Inc. is acting as zombie botnet controller, 'herding' the rotating zombies, (as evidenced by IP RDNS data), in the 'A' records list which are hosting the fraud site (as evidenced by domain TRACERT data), using the listed domains.
***Latest News***  25th. February 2008
Convergent Network Services/The New York NOC, Inc. are continuing to host this criminal fraudster despite having been notified about it on the 22nd. 
***Latest News***  28th. February 2008
Domain silverlenzlab.com not resolving - DNS looped back to root servers