Sunday, January 13, 2013 12:56:28 AM
USGT Scam update:
I honestly haven't had much time to look into things thoroughly but here's what I have so far...
After looking at the headers from all of the emails I received on USGT I do not believe APS is behind it. This is a very poor attempt at impersonating them and here’s why…
If you look at the “fake” APS logo you can clearly see that there is a light blue outline surrounding the inside of the header image. The “real” APS header is crisp, clear, and doesn’t have a blue outline.
Whoever faked these emails took a “screen shot” of the APS image, used photoshop (or whatever program) to “poorly” manipulate it, and then used a third party site to store the image in order to incorporate it into “html”. Below is the link to the image I found in the emails source code.
Header - "http://s8.postimage.org/aj2nsajf=9/Screen_Shot_2013_01_11_at_3_29_13_PM.png"
Footer - http://s8.postimage.org/dc523syj9=/Screen_Shot_2013_01_11_at_3_29_26_PM.png
APS emails are fully editable in html. ALL text can be changed with very basic editing which includes changes to the header itself.
2. According to the APS “fake” email heading I received this email from IP address 173.212.242.202 from a newly registered website “gladlike.com” Below is the portion of the heading in where I found this information.
Received-SPF: neutral (google.com: 173.212.242.202 is neither permitted nor denied by best guess record for domain of bounce-117-25454@gladlike.com) client-ip=173.212.
When visiting “gladlike.com” you will see a very basic login page which gives access to their email marketing software provided by “lyris.com”.
Here's where things start to get interesting...
All of the spam emails come from the same source. Below is a list of all the websites spamming USGT illegally, including subdomains used for spamming and whois contact records.
Hottestpennystocks.net
Randal, Dimitri hosting.yellow@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
35725824569
Obscurestocks.com
moussett, philippe yellowsoul123@gmail.com
po boc 552
limassol, na 23521
Cyprus
23522234563
Stockcastle.com
Randal, Dimitri hosting.yellow@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
35725824569
wallstreetpennystockadvisors.com
Randal, Dimitri yellowsoul123@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
+357.25824569
gladlike.com (Fake APS)
Randal, Dimitri hosting.yellow@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569
openpresent.co (wallstreetpennystockadvisors.com)
Dimitri, Randal
z32q27tg4qj@networksolutionsprivateregistration.com
ATTN OPENPRESENT.CO
care of Network Solutions
PO Box 459
Drums, PA 18222
US
Phone: 570-708-8780
targetmean.com (Stockcastle.com)
Private registration
peekmax.com (obscurestocks.com)
Waltson, Rob yellowhosting1@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569
changedonline.com (Hottestpennystocks.net)
Randal, Dimitri hosting.yellow@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569
More to DD come...
I honestly haven't had much time to look into things thoroughly but here's what I have so far...
After looking at the headers from all of the emails I received on USGT I do not believe APS is behind it. This is a very poor attempt at impersonating them and here’s why…
If you look at the “fake” APS logo you can clearly see that there is a light blue outline surrounding the inside of the header image. The “real” APS header is crisp, clear, and doesn’t have a blue outline.
Whoever faked these emails took a “screen shot” of the APS image, used photoshop (or whatever program) to “poorly” manipulate it, and then used a third party site to store the image in order to incorporate it into “html”. Below is the link to the image I found in the emails source code.
Header - "http://s8.postimage.org/aj2nsajf=9/Screen_Shot_2013_01_11_at_3_29_13_PM.png"
Footer - http://s8.postimage.org/dc523syj9=/Screen_Shot_2013_01_11_at_3_29_26_PM.png
APS emails are fully editable in html. ALL text can be changed with very basic editing which includes changes to the header itself.
2. According to the APS “fake” email heading I received this email from IP address 173.212.242.202 from a newly registered website “gladlike.com” Below is the portion of the heading in where I found this information.
Received-SPF: neutral (google.com: 173.212.242.202 is neither permitted nor denied by best guess record for domain of bounce-117-25454@gladlike.com) client-ip=173.212.
When visiting “gladlike.com” you will see a very basic login page which gives access to their email marketing software provided by “lyris.com”.
Here's where things start to get interesting...
All of the spam emails come from the same source. Below is a list of all the websites spamming USGT illegally, including subdomains used for spamming and whois contact records.
Hottestpennystocks.net
Randal, Dimitri hosting.yellow@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
35725824569
Obscurestocks.com
moussett, philippe yellowsoul123@gmail.com
po boc 552
limassol, na 23521
Cyprus
23522234563
Stockcastle.com
Randal, Dimitri hosting.yellow@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
35725824569
wallstreetpennystockadvisors.com
Randal, Dimitri yellowsoul123@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
+357.25824569
gladlike.com (Fake APS)
Randal, Dimitri hosting.yellow@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569
openpresent.co (wallstreetpennystockadvisors.com)
Dimitri, Randal
z32q27tg4qj@networksolutionsprivateregistration.com
ATTN OPENPRESENT.CO
care of Network Solutions
PO Box 459
Drums, PA 18222
US
Phone: 570-708-8780
targetmean.com (Stockcastle.com)
Private registration
peekmax.com (obscurestocks.com)
Waltson, Rob yellowhosting1@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569
changedonline.com (Hottestpennystocks.net)
Randal, Dimitri hosting.yellow@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569
More to DD come...
Join the InvestorsHub Community
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.