Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday, 21 September 2016

WARNING: Apple phishes

Been yet another influx of Apple phishes, all seemingly registered to the same individual, all using those lovely new gTLDs (cheers for that ICANN!).

The vast majority are housed on:

AS: 36352 AS-COLOCROSSING - ColoCrossing, US

With the rest on;

ASN: 36352 AS-COLOCROSSING - ColoCrossing, US

ASN: 20150 SERVERCRATE - CubeMotion LLC, US

Personally I'd suggest firewalling both the IPs and ALL of the new gTLDs, but that's just me. I'll leave the decision to you.

Saturday, 27 August 2016


Just an FYI folks, the issue with producing an HTTP 500 has now been fixed. Sorry for the delay.

Saturday, 6 August 2016 A lesson in screwing your users

Not content with the previous actions which at least used ads that weren't quite, it seems the owner of has gone further down the "lets screw the users" path, in an effort to peddle crapware.

If you've been keeping up, you'll have seen the previous post I did on them, if not have wander, I'll wait;

Now however, it appears the owner has thrown ethics and morals out of the window, users be damned. Now, if you happen on a thread that has certain keywords in the post, such as drivers, you'll see a link - but not a link the poster has put there themselves. No, this link goes to another domain owned by the same person that owns (John Fairbrother, Designer Media Ltd) - This leads unsuspecting victims to (paying more than SysTweak are they?).

And not surprisingly, it's the same story on his other sites;


Only difference here, is it's not going via, but via, to;


And on;




The disgusting parts here of course are;

1. These are not clearly marked as affiliate links/ads, but are disguised as regular links as if the posters themselves included them
2. They're leading to crapware
3. This is supposed to be a security forums, helping users clean up their machine - not have them get more crap on their machines!

By far the most disgusting however, and embarrassing for the rest of us, is the owner is supposed to be a Microsoft MVP!

Not surprisingly, these activities have landed his domains in hpHosts, with the MMT classification, and there they'll stay until this is stopped. Those of us that work in the security community are doing so to help users clean up and secure their machines etc. Those engaged in activities such as the above are doing entirely the opposite, for their own personal gain - users be damned, and this can not be tolerated.

hpHosts: Updated Saturday August 6th 2016

The hpHOSTS Hosts file has been updated. There is now a total of 422,975 listed hostsnames.

If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)
  1. Latest Updated: 06/08/2016
  2. Last Verified: 06/08/2016
Download hpHosts now!


Sunday, 26 June 2016

Pixel Federation: Downside of no weekend working .....

.... amongst other things.

What do you get if you cross an extremely prolific pharma spammer, with a company that both doesn't have anyone working weekends, nor allows non-staff to moderate? A crap ton of errr, crap of course. In this case, over 900 posts spanning almost 4 pages, from a single user account;


I've already grabbed a copy of the offending domains involved, and they're all sitting on just 2 IPs (or were at the time of writing);

These IPs belong to AS394466 MyNetMojo (C02682025), aka Fiber Hosting Canada, leased to them by AS18451 Les.Net. Personally, I'd blackhole the entire /24, but I've got zero tolerance for this rubbish. At the time of writing, I'm only seeing badness on these two specific IPs, so I'll leave the decision to you.

Domains list for anyone wanting it (if you see any not on this list, and owned by the same bunch of miscreants, feel free to ping me);