Be careful searching for Top Gear episodes

Love Top Gear? I do to, can't wait for Sundays and Wednesdays, and tend to watch it on Dave through the week (seen them all hundreds of times since they're repeated around 5 times a day, but bah, there's normally nothing else on anyway). However, if you're searching for Top Gear episodes (thought everyone knew the official URL (http://bbc.co.uk/topgear), but obviously not), then you may find

Read More

Security: Could you recover your valuables if they were stolen?

There's lots been written on security for your machines and networks, be it routers, PCs, laptops, netbooks, iPads, Androids and Blackberrys and the likes - but all the security in the world isn't going to help you if these actually get stolen, either through a break-in or pick pocketing or the likes.Are you prepared for this? Could you tell the police how to identify and track your items, should

Read More

Part 11: Renos on the move

The chaps behind Renos are on the move again as of today, this time to Russia based, Eurobyte Llc (AS35415), or best known, as a customer of Webazilla. Both known bulletproof hosting.New domain as of 30 mins ago, is through UK2 (surprise surprise), though there's been one prior to that, through DirectI (suspended a few mins after being reported);fileyourextension.net/New-Video-Addon.48560.exeIP:

Read More

Part 10: Renos on the move (previously: Interserver, malware, and the Scottish weather)

I phoned HostNOC/Burst around an hour ago, regarding an IP that had been serving Renos for a while, and stayed on the phone until it was suspended. Expecting them to move to a new IP rather quickly, but sadly had to pop to the shops. Getting back however, I wasn't to be disappointed. The chaps behind Renos (still don't know who that is, but am working on it), had moved to a new IP yet again,

Read More

Part 9: Interserver, malware, and the Scottish weather

I love predictability, makes my job much easier (well, as far as these chaps are concerned anyway). 3 IPs as of today, same registrars (surprise surprise);UK2DirectINetEarthOne of the IPs is the same as yesterday (errr Burst.net/HostNOC - what happened to your 24 hour warning?).66.197.187.152 immovable.detectstakes.com AS21788 66.197.128.0/17 NOC - Network Operations Center Inc.193.105.171.120

Read More

Part 8: Interserver, malware, and the Scottish weather

Well, I said it would happen and it has - my friends at Leaseweb finally nulled the server housing Renos, and as with their previous pattern - they're back to HostNOC/Burst.They're now using 66.197.187.152 (latest domain: worldmediaplugins.org), same registrars and infection, so nothing else to report I'm afraid. As far as UK2 and DomainContext, the latter is still failing to reply, and I'm

Read More

Part 7: Interserver, malware, and the Scottish weather

Looks like they're on the move to a new host, this time it's Leaseweb (Rob and Jottie will hopefully be getting it down shortly, so they shouldn't be there long). As of a few minutes ago, the latest Renos domain is pointing to;82.192.79.49The URL;makepan.in/New-Video-Addon.48563.exeReferencesPart 5a: Interserver, malware, and the Scottish weatherhttp://hphosts.blogspot.com/2011/06/part-5-

Read More

Alert: Icky sticky, Facebook worm phishy

Facebook worms are nothing new, having been documented as far back as 2008, but after a tip from a friend, I dipped into the DNS records for a couple of IPs, and plucked out this lovely lot. All of which appear involved in the same Facebook worm/phish that others have blogged about;10gambling.com11likes.info12v-dc-motor.motorsforsales.us2003-microsoft.officediscount.us2010-

Read More

Part 6: Interserver, malware, and the Scottish weather

I've not worked out their obsession with HostNOC yet, but so far, the only two hosting companies they're flitting between, are CoolVDS (AS50669, well known to be criminal friendly) having until a few hours ago, been housed at 193.105.171.226 since their last stint on HostNOC (184.22.253.11) until July 7th.You'll no doubt not be surprised to hear, other than their flitting between the two hosts,

Read More

When is a 24 hour warning not a 24 hour warning? (aka HostNOC/Burst finally suspend Renos server)

64.120.151.73 was first reported to HostNOC/Burst, on July 2nd, both via e-mail and via telephone. When speaking to them on the phone, I was advised they'd give the customer a 24 hour warning.Watching the new domains popping up each day, I continued to send them reports, and resorted to a second phone call last week (Sunday if memory serves), to be told yet again, they'd give the customer a 24

Read More

Criminals part 2: AS56927 GOLDENIDEAS SC GoldenIdeas SRL

This was never intended to be multipart, but I figured after part 1, I may as well do the other IPs they're using. As it happens, one of the other IP ranges they've got is through AS56927.The /24 in question, similar to the previous one, is 188.229.97.0/24. What's curious here, is that AS records show something interesting - an invisible link (AS52366 that AS records says doesn't exist. If we

Read More

Notice: Planned outage

Just a note folks, the network housing the likes of fspamlist.com, mysteryfcm.co.uk and the Abelhadigital.com forums, will be down for around 2 hours tomorrow, to allow for maintenance. The exact time hasn't been finalized yet, but is expected to be between 15:00-17:00.Sites affected:*.mysteryfcm.co.uk*.

Read More

hpHOSTS - UPDATED July 1st, 2011

The hpHOSTS Hosts file has been updated. There is now a total of 154,282 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 01/06/2011 17:00Last Verified: 01/06/2011 12:00Download hpHosts now!http://hosts-file.net/?s=Download

Read More