InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,173.50
(
-0.27%
)
US TECH 100
17,514.80
(
-0.56%
)
Dow Jones
38,871.35
(
-0.03%
)
Brent Oil
82.22
(
-0.78%
)
Bitcoin
61,882.24
(
-0.73%
)

Replies to post #38017 on DD Support Board and Research Team

Replies to #38017 on DD Support Board and Research Team

janice shell

01/12/13 2:10 PM

#38038 RE: DaReal #38017

Yes, that IS a real APS domain. They used it for VLNX, when they were briefly with Implix. Since then, they've used RedCappi, who evidently have their own email distribution system that doesn't require the client to create a specific domain.

But now there're problems with RedCappi. None of their https pages work.

Maybe they can't send email, either; I haven't heard from the real APS since Wednesday.

I think the email was spoofed.

Amazing Penny

01/13/13 12:56 AM

#38070 RE: DaReal #38017

USGT Scam update:

I honestly haven't had much time to look into things thoroughly but here's what I have so far...

After looking at the headers from all of the emails I received on USGT I do not believe APS is behind it. This is a very poor attempt at impersonating them and here’s why…

If you look at the “fake” APS logo you can clearly see that there is a light blue outline surrounding the inside of the header image. The “real” APS header is crisp, clear, and doesn’t have a blue outline.

Whoever faked these emails took a “screen shot” of the APS image, used photoshop (or whatever program) to “poorly” manipulate it, and then used a third party site to store the image in order to incorporate it into “html”. Below is the link to the image I found in the emails source code.

Header - "http://s8.postimage.org/aj2nsajf=9/Screen_Shot_2013_01_11_at_3_29_13_PM.png";

Footer - http://s8.postimage.org/dc523syj9=/Screen_Shot_2013_01_11_at_3_29_26_PM.png

APS emails are fully editable in html. ALL text can be changed with very basic editing which includes changes to the header itself.

2. According to the APS “fake” email heading I received this email from IP address 173.212.242.202 from a newly registered website “gladlike.com” Below is the portion of the heading in where I found this information.

Received-SPF: neutral (google.com: 173.212.242.202 is neither permitted nor denied by best guess record for domain of bounce-117-25454@gladlike.com) client-ip=173.212.

When visiting “gladlike.com” you will see a very basic login page which gives access to their email marketing software provided by “lyris.com”.

Here's where things start to get interesting...

All of the spam emails come from the same source. Below is a list of all the websites spamming USGT illegally, including subdomains used for spamming and whois contact records.


Hottestpennystocks.net

Randal, Dimitri hosting.yellow@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
35725824569


Obscurestocks.com


moussett, philippe yellowsoul123@gmail.com
po boc 552
limassol, na 23521
Cyprus
23522234563



Stockcastle.com

Randal, Dimitri hosting.yellow@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
35725824569



wallstreetpennystockadvisors.com

Randal, Dimitri yellowsoul123@gmail.com
agias fylexos 2
Limassol, none 4011
Cyprus
+357.25824569




gladlike.com (Fake APS)

Randal, Dimitri hosting.yellow@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569


openpresent.co (wallstreetpennystockadvisors.com)


Dimitri, Randal
z32q27tg4qj@networksolutionsprivateregistration.com
ATTN OPENPRESENT.CO
care of Network Solutions
PO Box 459
Drums, PA 18222
US
Phone: 570-708-8780


targetmean.com (Stockcastle.com)

Private registration


peekmax.com (obscurestocks.com)

Waltson, Rob yellowhosting1@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569




changedonline.com (Hottestpennystocks.net)

Randal, Dimitri hosting.yellow@gmail.com
2 Agias Fylexos
Limassol, Limassol 4011
Cyprus
3-572-582-4569


More to DD come...