Customize

Report: dumb osa tracking technique in use using email and spoofed sender names of friends

Discussion in 'Fair Game Reports and Personal Experiences' started by ArnieLerma, Aug 14, 2011.

  1. ArnieLerma Member

    I recognized a pattern which I felt I should share...
    I regret I did not save the prior emails, but hindsight is 20/20,

    Some time after I started posting about scientology again, after a hiatus, I started to receive emails that would contain some inane statement and a link...

    The link, I suspect would capture my IP address, providing some locational information for OSA on my recent travels...

    The emails have a sender that is someone I have corresponded with, or know, AND trust. One email said it was Mark Bunker, of course it was not, and I sent him a copy of this...(note amrlinks@lermanet2.com does NOT exist on my mail server)

    Dear Mr Bunker,

    Someone is spamming porn links using your name as the mailing name. here is full header and text of message, regards Arnie lerma
    PS: I have received ONE other like this but it was targeting Michael Cohen (the UFO guy's) name... and was porn spam

    regards
    Arnie Lerma

    Return-path: <SRS0=VD+ghg=2G=jennyburke.com=amrlinks@lermanet2.com >
    Envelope-to: arnaldolerma@lermanet2.com
    Delivery-date: Tue, 19 Jul 2011 16:03:53 -0400
    Received: from impinc02.yourhostingaccount.com ([10.1.13.102] helo=impinc02.yourhostingaccount.com)
    by mailscan08.yourhostingaccount.com with esmtp (Exim)

    id 1QjGWH-00019t-0Z
    for arnaldolerma@lermanet2.com ; Tue, 19 Jul 2011 16:03:53 -0400
    Received: from seo7.aseoserver.com ([64.247.178.178])
    by impinc02.yourhostingaccount.com with NO UCE
    id 9w3s1h0033rKy5s02w3sR5; Tue, 19 Jul 2011 16:03:53 -0400
    X-EN-OrigIP: 64.247.178.178
    X-EN-IMPSID: 9w3s1h0033rKy5s02w3sR5
    Received: from 189.214.89.29.cable.dyn.cableonline.com.mx ([189.214.89.29]:52522 helo=mail.jennyburke.com)
    by seo7.aseoserver.com with esmtpa (Exim 4.69)
    (envelope-from <amrlinks@jennyburke.com >)
    id 1QjFdB-0007s6-7W
    for arnaldolerma@lermanet2.com ; Tue, 19 Jul 2011 15:06:58 -0400
    From: "Mark Bunker" <amrlinks@jennyburke.com >
    Subject: Do you think =?UTF-8?B?aXTigJlz?= hot or =?UTF-8?B?aXTigJlz?= not?

    The answer is here, my =?UTF-8?B?ZnJpZW5k4oCm?=
    To: arnaldolerma@lermanet2.com
    Content-Transfer-Encoding: 8bit
    Content-Type: text/plain; charset="UTF-8"
    Reply-To: "Mark Bunker" <amrlinks@jennyburke.com >
    Date: Tue, 19 Jul 2011 22:06:51 +0300
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - seo7.aseoserver.com
    X-AntiAbuse: Original Domain - lermanet2.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - jennyburke.com

    --------------------END of spoof email supposedly by Mark Bunker

    And here is another, this is a spoof of my friend Thomas Padgett (and past fair game target of scientology), this is also NOT from him or his real email address

    Viewing Full Header - View message



    Return-path: <SRS0=hq1WM9=26=clearbluetenerife.com=richard.carver@lermanet2.com >
    Envelope-to: arnaldolerma@lermanet2.com
    Delivery-date: Fri, 12 Aug 2011 18:10:07 -0400
    Received: from impinc03.yourhostingaccount.com ([10.1.13.103] helo=impinc03.yourhostingaccount.com)
    by mailscan03.yourhostingaccount.com with esmtp (Exim)
    id 1Qrzva-0005cN-RS
    for arnaldolerma@lermanet2.com ; Fri, 12 Aug 2011 18:10:06 -0400
    Received: from server.clearbluetenerife.com ([109.203.105.4])
    by impinc03.yourhostingaccount.com with NO UCE
    id Ka971h00J05inH103a97q5; Fri, 12 Aug 2011 18:09:07 -0400
    X-EN-OrigIP: 109.203.105.4
    X-EN-IMPSID: Ka971h00J05inH103a97q5
    Received: from [190.238.195.135] (port=14696 helo=109.203.105.4)
    by server.clearbluetenerife.com with esmtpa (Exim 4.69)
    (envelope-from <richard.carver@clearbluetenerife.com >)
    id 1Qrz04-000181-PW
    for arnaldolerma@lermanet2.com ; Fri, 12 Aug 2011 22:10:42 +0100
    From: "Thomas C Padgett" <richard.carver@clearbluetenerife.com >
    Subject: Call me afterwards, Arnaldo
    To: arnaldolerma@lermanet2.com
    Content-Transfer-Encoding: 8bit
    Content-Type: text/plain; charset="UTF-8"
    Reply-To: "Thomas C Padgett" <richard.carver@clearbluetenerife.com >
    Date: Sat, 13 Aug 2011 00:10:51 -0700
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - server.clearbluetenerife.com
    X-AntiAbuse: Original Domain - lermanet2.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - clearbluetenerife.com







    Subject: Call me afterwards, Arnaldo
    From: "Thomas C Padgett" <richard.carver@clearbluetenerife.com>
    Date: Sat, August 13, 2011 3:10 am
    To: arnaldolerma@lermanet2.com
    Priority: Normal






    Arnaldo , my dear friend! I am really sorry, I did this, but I think you should see that: http://www.nannyservicesguide.com/pistol If you want to talk, let me know, ok? Regards, Thomas C Padgett ------------End of spoof email supposedly but not from my friend Thomas Padgett..


    I would appreciate an evaluation of the headers by someone who is familiar with spoofed emails, and wished to alert others that this nonsense is being done. I am assuming that they wished me to click the links to capture my IP addy to find out where I am today... which they will know shortly.. but I know how much the dwarf likes surprises and I aim to please. regards Arnie Lerma, Lermanet.com Exposing the CON.
  2. Anonymous Member

    Normal spam technique.

    Sounds to me like this is normal spam.

    What suggests Scientology involvement?
  3. Anonymous Member

    lame technic is lame
  4. Anonymous Member

    The fact that the spoofed from addresses are from sci critics could give that initial impression. Of course if Arnie are anyone Arnie has been in email contact with has had their address books haxed that could just be a coinkydink.
  5. Anonymous Member

    It's targetted spam. I've also seen it.
  6. ArnieLerma Member

    if merely targeted spam then what was being sold?
  7. Anonymous Member

    I got one like that from Chuck Beatty
  8. Lulzanne Member

    It just depends on whats sitting on that ling. Imma not going to lick it and find out. Typically crap like this is just a means of spreading trojans. It floats around in the wild infecting older non patched PC's, grabbing up more valid email addy's out of the Outlook address books of the infected PC's and then attempting to spread itself to those addresses. Since the emails appear to be coming from a known contact there's a greater likelyhood that the recipient will play along. Next thing the recipient knows, their PC is DDoSing Sony or some shit.

    Not to say that it could'nt be OSA sillyness, it is at about the level they're operating at these days.... so 1995.
    • Like Like x 3
  9. timthephoto Member

    so being a user of sandboxie, i felt compelled to clear it and then click the link..
    it redirects, to pharmacypilltablets.com - which does not load

    no drive-by-dowloads occured

  10. Anonymous Member

    I can only echo this wisdom. Arnie your apprehension is correct but your fears here are probably over-estimating the ability of the stupid sect of scilons.
    • Like Like x 1
  11. Demented LRH Member

    Somebody hacked my hotmail account and was sending idiotic messages to my contacts. It all stopped after I changed password. I do not think this has anything to do with CoS.
  12. Anonymous Member

    The dwarf doesn't give a rat about you these days. He has bigger things to deal with. He be all like, "Arnie WHO?"
  13. Anonymous Member

    At they were sending the same kind of messages you normally do.
  14. Demented LRH Member

    And you received them because those only messages you can understand. They know your level of thinking

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins