Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday, 3 January 2017

hpHosts: New PUP classification

Previously covered by the EMD classification, I felt it time to migrate those distributing PUPs (Potentially Unwanted Programs) to their own dedicated category (had been planning it for a while but never had time).

This has now been completed, and you can both download a new pup.txt file from the Downloads page, and have a look at them via either the Browse Database option, or by the individual sites pages.

Browse PUPs: https://hosts-file.net/?s=Browse&f=PUP
PUP Blocklist: https://hosts-file.net/pup.txt

If you have any questions, please feel free to stop by the forums.

Thursday, 3 November 2016

Updated: hpHosts - 4th November 2016

The hpHOSTS Hosts file has been updated. There is now a total of 498,048 listed hostsnames.

If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)
  1. Latest Updated: 04/11/2016
  2. Last Verified: 04/11/2016
Download hpHosts now!
http://hosts-file.net/?s=Download

Enjoy!

Wednesday, 26 October 2016

Ten Years of Cybercrime & Doing Time

Very little is left worth celebrating any more (Christmas, Halloween, birthdays, Easter, the new Star Wars film, they're all over-rated rubbish), but this is one of those that you have to celebrate.

http://garwarner.blogspot.co.uk/2016/10/ten-years-of-cybercrime-doing-time.html

Dear Tagged, still not learned?

I've been getting Tagged spam on and off for years (sometimes it stops coming in). Seems they've still not learned to act like an ethical and honest company, and instead have decided that acting like complete unethical wankers is a better idea.



For those wondering, no, I don't usually have HTML email enabled (picture wouldn't have made as much sense in plain text).

As Tagged still haven't learnt, I've expanded the block on them ........ let's see if they work it out (I'll not hold my breath).

References

Tagged spam - with a difference
https://hphosts.blogspot.co.uk/2009/10/tagged-spam-with-difference.html

Tagged.com being sued - and about bloody time too!
https://hphosts.blogspot.co.uk/2009/07/taggedcom-being-sued-and-about-bloody.html

Tagged.com pays $750,000 over deceptive emails
http://www.theregister.co.uk/2009/11/10/new_york_ag_fines_tagged/

Dear Tagged .... weren't you already being sued for this?
https://hphosts.blogspot.co.uk/2009/07/dear-tagged-werent-you-already-being.html

Microsoft, Google, Facebook, Tagged et al - they never learn
https://hphosts.blogspot.co.uk/2010/04/microsoft-google-facebook-tagged-et-al.html

Wednesday, 21 September 2016

WARNING: Apple phishes

Been yet another influx of Apple phishes, all seemingly registered to the same individual, all using those lovely new gTLDs (cheers for that ICANN!).

uk_iosapplecareupdate.saf1.cloud
uk_iosAppleCareupdate.vefy1.support
uk_iosAppleCareupdate.vefy1.cloud
uk_iosAppleCareupdate.upd1.cloud
uk_iosAppleCareupdate.sgn1.support
uk_iosAppleCareupdate.sgn1.cloud
uk_iosAppleCareupdate.set1.support
uk_iosAppleCareupdate.set1.cloud
uk_iosAppleCareupdate.serv1.support
uk_iosAppleCareupdate.serv1.cloud
uk_iosAppleCareupdate.saf1.support
uk_iosAppleCareupdate.saf1.cloud
uk_iosAppleCareupdate.reg1.support
uk_iosAppleCareupdate.reg1.cloud
uk_iosAppleCareupdate.prof1.support
uk_iosAppleCareupdate.prof1.cloud
uk_iosAppleCareupdate.pro1.support
uk_iosAppleCareupdate.pro1.cloud
uk_iosAppleCareupdate.int1.support
uk_iosAppleCareupdate.int1.cloud
uk_AppleCarevalidate.vefy1.support
uk_AppleCarevalidate.vefy1.cloud
uk_AppleCarevalidate.upd1.cloud
uk_AppleCarevalidate.sgn1.support
uk_AppleCarevalidate.sgn1.cloud
uk_AppleCarevalidate.set1.support
uk_AppleCarevalidate.set1.cloud
uk_AppleCarevalidate.serv1.support
uk_AppleCarevalidate.serv1.cloud
uk_AppleCarevalidate.saf1.support
uk_AppleCarevalidate.saf1.cloud
uk_AppleCarevalidate.reg1.support
uk_AppleCarevalidate.reg1.cloud
uk_AppleCarevalidate.prof1.support
uk_AppleCarevalidate.prof1.cloud
uk_AppleCarevalidate.pro1.support
uk_AppleCarevalidate.pro1.cloud
uk_AppleCarevalidate.int1.support
uk_AppleCarevalidate.int1.cloud
uk_AppleAssistverifylog_in.vefy1.support
uk_AppleAssistverifylog_in.vefy1.cloud
uk_AppleAssistverifylog_in.upd1.cloud
uk_AppleAssistverifylog_in.sgn1.support
uk_AppleAssistverifylog_in.sgn1.cloud
uk_AppleAssistverifylog_in.set1.support
uk_AppleAssistverifylog_in.set1.cloud
uk_AppleAssistverifylog_in.serv1.support
uk_AppleAssistverifylog_in.serv1.cloud
uk_AppleAssistverifylog_in.saf1.support
uk_AppleAssistverifylog_in.saf1.cloud
uk_AppleAssistverifylog_in.reg1.support
uk_AppleAssistverifylog_in.reg1.cloud
uk_AppleAssistverifylog_in.prof1.support
uk_AppleAssistverifylog_in.prof1.cloud
uk_AppleAssistverifylog_in.pro1.support
uk_AppleAssistverifylog_in.pro1.cloud
uk_AppleAssistverifylog_in.int1.support
uk_AppleAssistverifylog_in.int1.cloud
ukappleverify.sub1.link
ukAppleAssistverify.int1.link
ukAppleAssistverify.ap1.link
uk_applesecurelog_in.int1.link
uk_applesecurelog_in.ap1.link
uk_applesafeauth.sub1.link
uk_applesafeauth.int1.link
uk_appleglobalupdate.sub1.link
uk_appleglobalupdate.int1.link
uk_applecarevalidate.sub1.link
uk_applecarevalidate.ap1.link
uk_iosAppleCareupdate.upd1.support
uk_AppleCarevalidate.upd1.support
uk_AppleAssistverifylog_in.upd1.support
ukappleverify.int1.link
ukappleverify.ap1.link
ukAppleCareverify.sub1.link
ukAppleCareverify.int1.link
ukAppleCareverify.ap1.link
ukAppleAssistverify.sub1.link
uk_applesecurelog_in.sub1.link
uk_applesafeauth.ap1.link
uk_appleglobalupdate.ap1.link
uk_applecarevalidate.int1.link


The vast majority are housed on:

IP: 23.95.37.25
AS: 36352 23.95.36.0/22 AS-COLOCROSSING - ColoCrossing, US

With the rest on;

IP: 104.232.32.18
ASN: 36352 104.232.32.0/22 AS-COLOCROSSING - ColoCrossing, US

IP: 216.126.225.145
ASN: 20150 216.126.225.0/24 SERVERCRATE - CubeMotion LLC, US

Personally I'd suggest firewalling both the IPs and ALL of the new gTLDs, but that's just me. I'll leave the decision to you.