Posts Tagged ‘Site Administration’

« Older Entries
Newer Entries »

Another Bluehost Phishing Email

Saturday, September 2nd, 2017

Remember the previous Bluehost phishing attack I mentioned?

Today I got another one.

Here’s the raw source (with a few inserted line breaks to keep it from running into the righthand column).

Headers:

Message ID
Created at: Sat, Sep 2, 2017 at 12:50 AM (Delivered after 3 seconds)
From: Bluehost
To: lawrencepersonXXXXX@gmail.com
Subject: Request to reset your domain associated with this e-mail address
SPF: PASS with IP 74.220.222.232 Learn more

(XXXXX added to email address here and below to defeat spambot scrappers.)

Payload

Delivered-To: lawrencepersonXXXXX@gmail.com
Received: by 10.129.53.151 with SMTP id c145csp343693ywa;
Fri, 1 Sep 2017 22:54:47 -0700 (PDT)
X-Received: by 10.99.120.71 with SMTP id t68mr4941018pgc.177.1504331447706;
Fri, 01 Sep 2017 22:50:47 -0700 (PDT)
X-Google-Smtp-Source: ADKCNb5s73v956ds860PK1kR3YVGj/j+bLV2uYQNDDlbJ/kZIPjlLkqlSdvnwz3d/dZQs6C8Ug2m
X-Received: by 10.99.120.71 with SMTP id t68mr4941001pgc.177.1504331446972;
Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1504331446; cv=none;
d=google.com; s=arc-20160816;
b=QOjWmOjsvjB9+8HswySoFQOQ4lsCvpPME27NN9zJfx8
gZofrql3IwevgfSp0e1Btxg
aIL8DmnXCGllyd8AvPrBrN/Ly3+iKtBxdbk3oua+d9vYBYOgYWcLW
+kMvQAcV81hB1El
PXLWVLUV78BXenGJMUIs0voePL345QIlDhjigRRvOYs4/cOFXhr/
0nE0A+F45lneFaUx
oG7oYSk3QBVJtvwWUd2z1ksn24R8kTgwWfFZGqVEUm6fji4tA6J1Qv
1IwL7GWDtmI/ab
pdU/Dh9cvT3lR2bDOFQaSje0NQuibGyFY3ouNGDdRygJIJKjldi
EoUsqxE1zCoCrfZU1
l+Dw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:message-id:cc:from:content-transfer-encoding:mime-version
:subject:to:arc-authentication-results;
bh=pAtFnsm7hK/sCRTeHL/WZ2Afvt74elEbNil2YQ/rHSk=;
b=t9vALxsoLpH2sKGGjbqvx/KAJOGJQaT/2qVFWCaNXJOybuHwoMGmaRh1
eP62jnkD5s
nQXOsgK3wQfj/l2Nq1tuA05l+FfQgRlLFSFs/4YKSjcrIveLp/ht/ergUZGv1ydawsDk
PdNYonJnmlykTW7HQxAhtRbbFP5dohfLGcGcdUmOsV6XjUZQK+
9agN78MxBBfFj33V7j
aUCkZ/BINSFb2Jt4IzOaQdnnVzoBwY8R1aLg0+GdVf26wZuYLBiN
hAXOJY1SVCjGrrwd
GiGw2eMbMyG5V1VjGlhJPx8Wan7eA/lXr+hrwnuEalFaGk66Ni8lV7
nADN9StIh7AyMp
aY7Q==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) smtp.mailfrom=doorsofv@box1175.bluehost.com
Return-Path:
Received: from outbound-ss-1849.hostmonster.com ([74.220.222.232])
by mx.google.com with ESMTPS id a2si1461087pll.210.2017.09.01.22.50.46
for
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 01 Sep 2017 22:50:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) client-ip=74.220.222.232;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of doorsofv@box1175.bluehost.com designates 74.220.222.232 as permitted sender) smtp.mailfrom=doorsofv@box1175.bluehost.com
Received: from cmgw2 (cmgw2.unifiedlayer.com [67.20.127.202]) by soproxy7.mail.unifiedlayer.com (Postfix) with ESMTP id 84A09215C39 for ; Fri,
1 Sep 2017 23:50:46 -0600 (MDT)
Received: from box1175.bluehost.com ([50.87.248.175]) by cmgw2 with id 4Vqj1w00l3no00q01Vqmx1; Fri, 01 Sep 2017 23:50:46 -0600
X-Authority-Analysis: v=2.2 cv=IspuSP3g c=1 sm=1 tr=0 a=ZGpYF3R9av1KVggUQYjyig==:117 a=ZGpYF3R9av1KVggUQYjyig==:17 a=IkcTkHD0fZMA:10 a=2JCJgTwv5E4A:10 a=eLEXLPMnAAAA:8 a=cNaOj0WVAAAA:8 a=3gznCMWBZ5u3K-Cr9X4A:9 a=8jPl8b1L-dkswZAf:21 a=7g7r5GJnjx26k2DO:21 a=L4Rp5h-_gRjJhvEI:21 a=QEXdDO2ut3YA:10 a=TnA9z4vs7e96t_Vj_DNd:22
Received: from doorsofv by box1175.bluehost.com with local (Exim 4.87) (envelope-from ) id 1do1KN-003TIa-D2 for lawrencepersonXXXXX@gmail.com; Fri, 01 Sep 2017 23:50:43 -0600
To: lawrencepersonXXXXX@gmail.com
Subject: Request to reset your domain associated with this e-mail address
X-PHP-Originating-Script: 1982:mail.php
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Bluehost
Cc:
Message-Id:
Date: Fri, 01 Sep 2017 23:50:43 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box1175.bluehost.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1982 1982] / [47 12]
X-AntiAbuse: Sender Address Domain - box1175.bluehost.com
X-BWhitelist: no
X-Source-IP:
X-Exim-ID: 1do1KN-003TIa-D2
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender:
X-Source-Auth: doorsofv
X-Email-Count: 38
X-Source-Cap: ZG9vcnNvZnY7ZG9vcnNvZnY7Ym94MTE3NS5ibHVlaG9zdC5jb20=
X-Local-Domain: yes


=09

=09=09

=09=09=09

=09=09

=09=09

=09=09=09

=09=09

=09

3D'Bluehost'
=09=09=20
=09=09=09=09

=09=09=09=09We received a request to reset your domain associated with this=
e-mail address.

=09=09=09=09This request was generated by a user clicking the 'Domain Reset=
' link. If you want it to be reset, then you can safely ignore this message=
.
=09=09=09=09

=09=09=09=09

=09=09=09=09If you did not request to have your domain reset, or do not wan=
t it to be reset, please protect your domain. You can refuse this request a=
nd securely reset your password by clicking the link below:=20
=09=09=09=09

=09=09=09=09=20
=09=09=09=09

=09=09=09=09https://my.bluehost.com/web-hosting/password/
=09=09=09=09

=09=09=09=09=20
=09=09=09=09

=09=09=09=09Alternatively, you can copy and paste the link into your browse=
r's address window, or retype it there.
=09=09=09=09

=09=09=09=09=20
=09=09=09=09Thank you,
=09=09=09=09Bluehost Support
=09=09=09=09http://w=
ww.bluehost.com/
=09=09=09=09For support go to http://bluehost.com/help
=09=09=09


Interestingly, even though all of that is in a code tag, part of it (including the link) is still rendered. (I don’t need to tell you not to click that, do I?) I wonder if the 3D class stuff bypasses standard rendering layers.

Here’s the important segment (opening and closing greater than and less than signs omitted):

a href=3D'http://my.bluehost.pazencore.com/web-hosting/?q=3DbG=
F3cmVuY2VwZXJzb25AZ21haWwuY29tDQ=3D=3D' target=3D'_blank'>https://my.bluehost.com/web-hosting/password/

Here’s the whois registrant and admin contact for pazencore.com domain:

Name: EDOUARD VAN DE VELDE
Organization: EDOUARDVDV
Mailing Address: BAKKUMMERSTRAAT 37, CASTRICUM 1901 HJ NL
Phone: +31.0615954306
Ext:
Fax:
Fax Ext:
Email:EDOUARDVDV@HOTMAIL.COM

More interestingly, here’s the tech contact:

Tech Contact
Name: BLUEHOST INC
Organization: BLUEHOST.COM
Mailing Address: 550 E TIMPANOGOS PKWY, OREM UTAH 84097 US
Phone: +1.8017659400
Ext:
Fax: +1.8017651992
Fax Ext:
Email:WHOIS@BLUEHOST.COM

So here we have a Bluehost phishing scam being run from a Bluehost domain.

I think it’s time to have an interesting discussion with BlueHost support…

Tags:, , , , ,
Posted in Uncategorized | No Comments »

Hit the Wrong Button

Sunday, October 9th, 2016

Nothing to see here. Enjoy your weekend.

Tags:
Posted in Uncategorized | No Comments »

Welcome Empower Texans To The Blogroll

Thursday, September 8th, 2016

Here’s another link I’ve been meaning to add to the blogroll for a while: Empower Texans. Michael Quinn Sullivan’s group (a companion organization to Texans for Fiscal Responsibility) does a good job of covering Texas political news and drawing attention to government abuses.

Well worth checking out.

Tags:, , , ,
Posted in Texas | No Comments »

Mickey Kaus Resigns From Daily Caller, Sets Up Own Site

Saturday, March 28th, 2015

If you hadn’t heard, Mickey Kaus resigned from the Daily Caller over them spiking a piece that slammed Fox News for supporting illegal alien amnesty.

Kaus is now blogging at his own site http://kausfiles.com/.

Update your bookmarks accordingly.

(Hat tip: Instapundit.)

Tags:, , , , ,
Posted in Border Control, Media Watch | No Comments »

Blogroll Addition: Social Justice Warriors: Do Not Engage

Tuesday, January 13th, 2015

Today’s blogroll addition is Will Shetterly’s Social Justice Warriors: Do Not Engage blog (or SJWar for short).

Will is fellow science fiction writer, and not only is he a leftist, he’s an actual socialist. But he’s done a fine job documenting and opposing the ant-free-speech agenda of the SJW set, especially in the realm of science fiction.

I kept meaning to add SJWar to the blogroll for a while, but every time I was about to, Will would go “That’s it, I quit, blog’s over!” only to start it up again a few days later to document the latest SJW offense logic or the principles of a free society. Here’s a bon mot on the Charlie Hebdo killings today: “Saying the speech of someone who was murdered went too far is like saying the clothes of a rape victim were too provocative.”

I’ve created a new Victimhood Identity Politics category to list SJWar under, and have moved The Other McCain (which has featured R. S. McCain’s masterful dissections of core feminist texts and dogmas for quite a while) there as well.

Tags:, , , , , , ,
Posted in Democrats, Media Watch | No Comments »

Having An Intermittant Database Connection Problem

Monday, December 29th, 2014

I seem to be having an intermittent database connection problem for old posts. Not seeing it right now, but if you see it crop up again, let me know.

Tags:,
Posted in Uncategorized | No Comments »

Blogroll Addition: Pension Tsunami

Wednesday, October 15th, 2014

Since they linked to me yesterday, I’ve finally done what I’ve meant to do for a long time, namely get up off my ass and add Pension Tsunami to the Blogroll. They offer a great daily news roundup on the looming unionized public sector pension crisis that threatens to bankrupt cities and states across the country (especially California).

I’ve also added the new “California/Pensions/Unions/Etc.” link category and moved Kausfiles there as well.

Expect more additions to that blog category Real Soon Now.

Tags:, , , , , , ,
Posted in Budget, Democrats, unions, Welfare State | No Comments »

Administrative Note: Amazon Widgets Temporarily Disabled

Wednesday, April 30th, 2014

I’ve temporarily disabled the Amazon widgets in the right sidebar since one was automatically redirecting the entire page to Amazon upon load. What the hell, Amazon?

My apologies if anyone ran into this problem.

Tags:
Posted in Uncategorized | No Comments »

This Day Eaten By Locusts BlueHost

Friday, August 2nd, 2013

BlueHost was down for most of the day, so no blogging.

Expect your normally scheduled political rants to resume on Monday.

Tags:,
Posted in Uncategorized | No Comments »

Warning: Graphic Content

Saturday, November 10th, 2012

I know I’m lazy and all, but I’m beginning to think that I should change the look of this blog off the WordPress default. I’m been putting this off mainly because my skills lie in the realm of words rather than graphics, but I think I’m going to bite the bullet.

I’m going to experiment with a few themes to get started, so don’t be shocked if things look weird every now and then.

Tags:
Posted in Uncategorized | No Comments »

« Older Entries
Newer Entries »