Blog for hpHosts, and whatever else I feel like writing about ....

Friday 28 December 2012

hpObserver: v0.6.10

Updated hpObserver again today. Nothing spectacular, just changes to the DNS functions to bring them in line with the RFC ammendments (this also means, those no longer classed as NRIP, will no longer show as NRIP and thus offline, in hpObserver).

Download:
http://support.it-mate.co.uk/?mode=Products&p=hpobserver

Wednesday 26 December 2012

hpHosts: Updated 27-12-2012

The hpHOSTS Hosts file has been updated. There is now a total of 189,914 listed hostsnames.

If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)
  1. Latest Updated: 27/12/2012 03:00
  2. Last Verified: 25/12/2012 09:00
Download hpHosts now!
http://hosts-file.net/?s=Download

Need telephone answering services part 2: Don't ask eComm Angels

If you've been reading this blog for a few years, you may remember back in 2009, a post regarding Frontline. Since then, there's been one other company constantly attempting to spam the blog - eComm Angels.

The latest of these being just a few hours ago, containing;

thats a good kind of information i agree with you and i realy like your post thanks for sharing.eCommAngels


With "eCommAngels" linking to;

hxxp://www.ecommangels.co.uk/telephone-answering-service/

Needless to say, if a company is spamming - you really don't want to be using them, as it's got a very high chance of coming back to bite your company on the behind.

To date, there's been no response from the offending company.

References

Need telephone answering services? Don't ask Frontline!
http://hphosts.blogspot.co.uk/2009/12/need-telephone-answering-services-dont.html

Monday 24 December 2012

Happy Christmas!

Just a little note to say happy christmas ladies and gents.

Whilst things have been going rather hayward of late (blueray/DVD player died around 30 mins ago - bleedin typical), there have been some rather fantastic things of note - first of which, the hpHosts historical records, expected to hit 8 million records by the end of the year, actually past 8 million late last night (24th), very unexpected. No idea why that brings a smile to me, as it's rather insignificantly small in the grand scheme of DNS records, but it does.

I'm also happy to note, I finally got somewhere (well kind of), with Serverius, and the fake AV gang that decided to use abuzam.net VPS's to house their fake AV scanner and payload servers. Sadly, as is usually the case, they've just moved to another IP on the same /24 (though this has led me to launch an expanded investigation, to cover Abuzam.net themselves). The latest of the IPs is 46.249.42.168, and currently known to house;

stelspendingswow.name
stalkersniwse.com
siteswillsrockf.com
stalkersniwdesignsoutheast.com
adminerbizd.info
moniretsstates.info
bulkfillsdros.info
stelspendingswow.info
monicats5b.net
siteswillsrockf.net
domainswillsrockf.net
audiodevelop.net
organizationmeens.net
bisyregsmoors.net
libstringnets.net
finderpolicy.net
coderresidential.net
domains-winggge.com

Although some of the registrars these are through (namely, 0101 Internet Inc, TIERRANET INC/DOMAINDISCOVER), are proving to be extremely difficult to reach, others, such as DirectI (also dealing with abuse cases for BigRock/Public Domain Registry (PDR)), are as usual, fantastic and taking domains down extremely quickly.

The same can't be said for the likes of Moniker, NameCheap, eNom et al (aka the usual suspects), with moniker recently disabling their abuse@ address, eNom simply ignoring abuse reports, and as usual, NameCheap point blankly refusing to deal with abuse cases (still using the "we're not responsible" excuse).

It's not all bad though, the FoxxySoftware gang, one of a number responsible for Java drive-by's, are still woefully inept at producing a decent drive-by, which means it's still stupidly simple to both identify, and decode the drive-by's scripts etc, and more recently, I've been extremely successful in taking down a plethora of credit card etc fraud sites, and those they've been housing them through (e.g. hackersworld.bz, weblinkerpk.com), not all of this is down to me, a huge help in this, has been the hosts and registrars the domains have been both registered through, and hosted at (though SoftCom, the initial host, did take an awfully long time to both reach, and then action the reports).

I'm rambling again now though (big surprise there - I keep doing that), so will wrap this up and simply say thank you to all of you!

Tuesday 18 December 2012

ALERT: Emails purporting to be from mail/postal service

Received 13 emails between 16:36 on the 18th and 01:37 this morning, purporting to be from various postal/mail services. Already knew they were bogus and malicious, and as usual, checked the URLs. Only one of them is a 404, the rest, are still live and lead to a Bredolab variant.



Subjects thus far:

Tracking Detail (K)XC02 352 185 3167 5388
Tracking Number (M)EDQ71 831 499 0086 9924
Tracking Number (Q)KF39 182 711 5795 6369
Tracking Detail (P)NT81 928 334 6376 6899
Number (S)SG00 833 337 0817 7498
Tracking Detail (S)QW23 387 901 6971 9377
Tracking Number (H)IB91 904 026 1002 3217
Tracking ID (Q)BEK10 329 006 9946 9210
Number (Q)QQL16 967 179 3585 4866
Tracking Number (A)FP44 770 594 0959 9972
Tracking ID (A)PY97 617 807 8092 7680
Tracking Number (M)NMK28 719 620 1054 5035
Tracking Detail (X)MH62 726 378 8615 3988


Links so far (excluding the one that's now dead);

sinhlyyeu.com/TTSGZHXIIU.php?php=ceipt
manaadm.ru/XWVQLCRVWL.php?php=ceipt
anileboxingteam.altervista.org/NSKJMTHTBM.php?php=ceipt
www.borulukimya.com/RSFPLHAQZL.php?php=ceipt
brumund.de/OWEDUEGCSL.php?php=ceipt
apmtx.com/QGQZKZZJBS.php?php=ceipt

At the time of writing, VT is showing only 8/44 currently detect these;

https://www.virustotal.com/file/9cb9c43ec94898b8bde7529811ebd1f2477a31b04a9d340a6ca15e21c60479d5/analysis/1355882436/

Monday 10 December 2012

Google analytics code added to hpHosts

Just a quick update- we've recently added the google analytics code to our site. We're looking to gather a bit more information about our users so we can better target future updates and improvements to the site.

I know that many of you are not a fan of analytics, and that's okay with us- besides being able to use our hosts file to block it, you can also use the Google Opt-Out plugin ( https://tools.google.com/dlpage/gaoptout ) for your browser.

As a final note, we take your privacy very seriously. While we think this information will be helpful in aggregate, we have no desire or need to look at what specific users are doing. If you have any questions or concerns, please let us know!

Robert