Skip to content

Latest commit

 

History

History
122 lines (111 loc) · 3.82 KB

Malicious_Activities.md

File metadata and controls

122 lines (111 loc) · 3.82 KB

Malwarebytes hpHosts

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad, tracking and malicious websites.

Malicious Activities

The following classifications are used to determine the reason for inclusion into hpHosts and have been published here for those wondering what the classification means when viewing the domain's information on the hpHosts Online website.

  1. ATS - Ad/tracking servers
  2. EMD - Sites engaged in malware distribution
  3. EXP - Sites engaged in the housing, development or distribution of exploits, including but not limited to exploitation of browser, software (inclusive of website software such as CMS), operating system exploits aswell as those engaged in exploits via social engineering.
  4. FSA - Sites engaged in the selling or distribution of bogus or fraudulent applications and/or provision of fraudulent services.
  5. GRM - Sites engaged in astroturfing (otherwise known as grass roots marketing) or spamming
  6. HFS - Special classification for persons caught spamming the hpHosts forums
  7. HJK - Sites engaged in browser hijacking or other forms of hijacking (OS services, bandwidth, DNS, etc.)
  8. MMT - Sites engaged in the use of misleading marketing tactics
  9. PHA - Sites engaged in illegal pharmacy activities
  10. PSH - Sites engaged in Phishing
  11. WRZ - Sites engaged in the selling, distribution or provision of warez (including but not limited to keygens, serials etc), where such provisions do not contain malware

Domain Name

  • Website
  • https://www.hosts-file.net/
  • Source
  • http://hosts-file.net/download/hosts.txt
  • Data
  • Domain Name
  • Format
  • Text
  • API/Token
  • None
  • Status
  • Ok
  • Comments
  • No comment
Sample Output of IntelMQ
{
  "source":{
    "ip":"1.34.139.38"
  },
  "time":{
    "observation":"2016-07-07T08:46:43+00:00"
  },
  "event_description":{
    "text":"IP reported as having run attacks on the service Apache, Apache-DDoS, RFI-Attacks"
  },
  "classification":{
    "type":"ids alert"
  },
  "raw":"MS4zNC4xMzkuMzg=",
  "feed":{
    "name":"BlockList.de",
    "accuracy":100.0,
    "url":"https://lists.blocklist.de/lists/apache.txt"
  },
  "protocol":{
    "application":"http"
  }
}

There's only Domain information in in http://hosts-file.net/download/hosts.txt. It looks like:

# hpHosts last updated on:      06/08/2016
# hpHosts last verified by Steven Burn: 06/08/2016
#
# IMPORTANT:    Rename this file to "HOSTS" (no .txt extension)
#
# Support:  http://mysteryfcm.co.uk/?mode=contact
#       http://forum.hosts-file.net
#
# Download: http://hosts-file.net/?s=Download
# Mirrors:  http://hosts-file.net/?s=Help#dlmirrors
#
# Intermittent updates:
#
#   Sites are also added between updates. If you are using a program such as Hostsman,
#   or are running a script or anything, or simply want to stay protected against sites
#   between updates, please put a watch on the following URL.
#
#   http://hosts-file.net/hphosts-partial.asp
#
# localhost address - DO NOT REMOVE! (unless on Windows 7)
127.0.0.1   localhost #IPv4
# IPv6 localhost - add "#" to the beginning of the line if using Windows XP or below, or a system without IPv6 support.
::1 localhost # IPv6
#
# Trusted Hosts - Insert your trusted hosts with their correct IP addresses below this line.
#
# 422,975 - BAD HOSTS BEGIN HERE!!!!
#
127.0.0.1   -sso.anbtr.com
127.0.0.1   0.gvt0.com
127.0.0.1   000-101.org
127.0.0.1   00000000080000000000000008000000000000000.com
127.0.0.1   0000663c.tslocosumo.us
#
## Append critical updates below ############################
#

But there's more information in https://hosts-file.net/?s=Browse&f=2016:

  • Hostname
  • IP
  • class