Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday 26 March 2014

ALERT: Green Tech Software LLC

... and the crapware just keeps on a' comin'

This one was found on bayfiles.net, and yep, they're fully aware of it (impossible to miss). See if you can spot the two problems here;

Spotted it? What do you mean no!

Seriously though, the first is far more obvious than the second, for those not used to being able to spot this rubbish. See that lovely little "bar" at the top? Well that's the blatantly obvious one. This leads to utorrent.descargar.es.

The second is the download button that err - isn't. These lead to crapware from Green Tech Software LLC, via 1phads.com and fishcod.com, and guess what it actually delivers ........ Yep, "Codec Performer".

Offending URLs:

hxxp://bayfiles.net/file/Skpl/TUtckf/Black_Crusade_The_Tome_of_Excess.7z
hxxp://utorrent.descargar.es/en/down.php?p=UK-1phads
hxxp://1phads.com/afu.php?zoneid=5900
hxxp://bayfiles.net/img/download-button-orange.png
hxxp://1phads.com/uban.php?r=Tc1XgxDYp_BM-gXutIXN9MMspZxoXRS2yszKditYRtrfw7iRJ3cTj09oGH1-EfJUxjJJ_I1l5mRlgQ1Mob9jvGHLzXjdw0vJSAHcIhbfja09KBkxLi3DuPGJIcoLkNaCCpcJBDkjCoMP72bbNArxTC16Wkd4oSOhB58UQquMP729wp5mkVUoa5ipNFi1ooBY5AUMUWg94JiHoHeq8wKo3Ungr3i8HVwSWNOcJ4yRoQXRbslWdoi9dH75z7ngmfBr
hxxp://1phads.com/ck.php?oaparams=2__bannerid=85744__zoneid=4082__OXLCA=1__cb=8b22970bfc__oadest=hxxp%3A%2F%2Fwww.clkads.com%2FadServe%2Faff%3Foid%3D7526%26pid%3D2556%26subid%3D%24{SUBID}
hxxp://1phads.com/ck.php?ct=1&oaparams=2__bannerid=85744__zoneid=4082__OXLCA=1__cb=8b22970bfc__oadest=hxxp%3A%2F%2Fwww.clkads.com%2FadServe%2Faff%3Foid%3D7526%26pid%3D2556%26subid%3D%24{SUBID}
hxxp://www.clkads.com/adServe/aff?oid=7526&pid=2556&subid=4946299328
hxxp://www.fishcod.com/lp/codecperformer/?v=28&cid=4225&clickid=00002556p9087732588
hxxp://www.fishcod.com/lp/codecperformer/v28/?v=28&cid=4225&clickid=00002556p9087732588
hxxp://www.appfusu.com/download4/$rfwebpA3I0UlnA0p?v=28&cid=4225&clickid=00002556p9087732588&cert=grts


IPs:

192.121.121.44
93.189.35.250
93.189.35.248
78.140.173.146
78.140.173.147
108.168.157.82
96.45.82.133
96.45.82.5
96.45.82.197
96.45.82.69

FYI, ALL download pages on bayfiles.net display the same rubbish, leading to the same crap you really don't want anywhere near your machine.

Friday 21 March 2014

Updated: hpHosts 21-03-2014

The hpHOSTS Hosts file has been updated. There is now a total of 421,807 listed hostsnames.

If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)
  1. Latest Updated: 21/03/2014 11:03
  2. Last Verified: 16/03/2014 07:00
Download hpHosts now!
http://hosts-file.net/?s=Download

Friday 7 March 2014

Oi GoDaddy!

For the billionth time - retrain your staff so they are capable of identifying your own damn ranges!. Hint, if I send you a report, it's because the IP = YOUR ASN!, and these are checked with the various registries prior to sending. If your abuse dept/support staff (quite why the support staff reply to abuse reports instead of the abuse dept, is beyond me) are uncapable of learning something so basic - replace them with people that are, it's not rocket science.

I wish the following were a one off, but these are becoming rather frequent replies.

Customer Inquiry

Dear Sir/Madam,

Thank you for bringing this to our attention. At this time we have determined the reported website is hosted elsewhere. If you would like to take further action regarding the content on this website, we recommend you contact the hosting provider directly.

Please contact us if you have any further issues.

Regards,

Customer Security Advisors