InstantSSL flagged as "Engaged in malware distribution" by hpHosts

Hi there,
I noticed today at an AV company’s forums that they were not recommending COMODO Firewall due to it installing HopSurf toolbar, (blah blah blah…)
They also quoted an article from hpHosts blog…
And when I took a look at hpHosts database…

Database Record IP On Record: (3) IPOR PTR: Added: Not recorded Added By: hpHosts Updated: 12-12-2009 Classification: EMD (What is this?)

I honestly don’t know what to think of Comodo, Melih and everyone now…

(But I’m gonna stick with my beloved COMODO Personal Firewall, and nothing is going to change that)

Well I just took a look at hpHosts database too.

After reading your post I believe they updated their DB very quickly! (hpHosts query on

[attachment deleted by admin]

I supposed you’d say that ;D is NOT listed. is listed indirectly because it is the reverse pointer for the sites in the screenshots ???

[attachment deleted by admin]

Thanks for pointing that out.

Yet is not listed as EMD in hphosts too.

EDIT 1: and appear to be listed as EWD.

EDIT 2: and are not listed as EWD anymore.

EDIT 3: I’ve seen your screenshoots.

Yet strange I’m not able to find any application that can be downloaded on though I found a trusttoolbar topic in these forums and I come to understand was confirmed to be perfectly safe…

…thus the related domain appear to have bee erroneously classified probably like

Out of curiosity I checked as well since you mentioned the related toolbar in you first post…

…and I was not surprised to find no EMD classification for that domain as well.

That was exactly what I was thinking =)
For you, me and everyone here, that app may be perfectly safe, but for some people (aka hpHosts) it is malware/spyware/adware.
Do take a look at hpHosts blog, it seems to have quite a lot of articles about COMODO :wink:

It’s in other peoples interests (other companys) to bad mouth, find fault, or just plain put down another business. Can’t say I’ve seen/heard COMODO do the same, after all they help others in the security iindustry.

Regardless of anything, I’m happy with COMODO and will continue to trust them in their efforts to keep me safe.

Kind of off topic (don’t see it as a rant) but just as a general reply of opinion, I can’t go too technical like you can too much…yet.


Well I hope many will at least be aware of the difference between malware, spyware and adware before listening to anything they’re told anywhere by anybody. :-TU

I’m quite selective about my sources of informations but I might have taken a look hpHosts blog like you suggested if you would have considered it to be authoritative enough in that regard :wink:

Meantime I’ll get some spare time to read sure a noteworthy source of humor ([abbr=In My Humble Opinion]IMHO[/abbr]) ;D

EDIT: Interesting enough and featured in your screen-shots appear to be removed from hphosts.

EDIT: The “This site is not listed …” notice, applied to only, it didn’t apply to

Though I still see an EMD classification like that in your screenshot mentioned…
EDIT: It didn’t last long… :-TU

I’ll check again later:

EDIT: the appropriate query should have been

[attachment deleted by admin] got a red mark again…

[attachment deleted by admin]

Let’s clear this up shall we?

  1.,, secure.* aren’t listed in hpHosts (and haven’t been for well over 12 months if memory serves)

  2. If you look at the information provided, it clearly states “ is listed with the WWW prefix only”, which means it is NOT listed as simply “”.

Quite why this is, I’ve no idea as both and, were added prior to my taking over the project in 2006 (as shown by the lack of an “Added” date), however, I am satisfied that should not be listed, and it will be removed as soon as I’ve posted this.

  1. and are both listed in hpHosts (quite why you’ve got a screenshot showing otherwise, is puzzling), as shown here;

The reason they’ve not been removed is due to;

  1. Unless it states “This site is currently listed in hpHosts”, the site is NOT listed.

  2. IP PTR’s aren’t listed unless querying it explicitly states otherwise (i.e. the IP PTR for is, but is NOT listed in hpHosts, as shown by this).

Which means, the following, quoted from a post above, is incorrect, there is no “indirectly” with hpHosts, it’s either listed, or it isn’t (in which case, see #4). is listed indirectly because it is the reverse pointer for the sites in the screenshots
  1. If a domain is listed, but the “Added” field states “Not recorded”, then it was added before I took over the project, in which case, do feel free to point me to it.

I’m curious as to why no-one felt it necessary to contact me with these queries, and instead decided to speculate, but never the less, if you’ve got any further queries regarding this, or indeed, any other site listed in hpHosts, I’ll be happy to answer them.

Honestly, I never knew that hpHosts was not originally your project… that explains the weird “not recorded” about the adding date.
I could have contacted you when I got to know about this, but I didn’t know if I could PM you at MBAM’s forums about this (MBAM was how I got to know about’s blocking). That was the easiest way for me to do it ;D

My sincere apologies to you and everyone here for this situation. :a0

No apology necessary.

hpHosts was originallu ran by hpGuru.

Are the critera for inclusion publicly documented somewhere?

According to trusttoolbar.exe certificate the toolbar has been available since 2005. Yet 37 out of 41 virustotal featured Antiviruses still don’t list it yet. Wouldn’t be that a reason for removal?

The FSA criteria is published in the hpHosts forums, but I’ve not published the rest, other than here as I thought the rest were self explanatory.

I’ll make a note to test it on Monday and will base the removal decision on the results.

Though looks that while the query was run against the result matched

EDIT: The “This site is not listed …” notice, applied to only, it didn’t apply to

Can you please clarify further? was that match not supposed to occur? ???

That typically occurs when;

  1. Whoever added it, forgot to add it without the www. prefix
  2. It failed to resolve without the www. prefix at the time of addition

In either case, when you see a result like this, I’d appreciate a heads up as it either shouldn’t be listed, or needs to be checked to ensure it’s listed with and without the www. prefix (where both resolve)

Thanks for pointing it out though I would appreciate if you could confirm if in the above mentioned case the query successfully matched or not and if anybody should be discouraged to rely on a query result if that “is listed with the WWW prefix only” message is mentioned.

I never discourage replying/comments or suggestions, I just like to correct confusion when such occurs.

It’s possible matched, but if it displayed a message that it was listed when infact it was only listed with the www. prefix, then it’s a bug in the code and I’ll take a look when I get home (it’s in desperate need of a re-write anyway)

EDIT: The “This site is not listed …” notice, applied to only, it didn’t apply to

In that regard I’m still confused and I hope you could later confirm if the results of the query pertained (field host in the above screenshoot) or not whenever that www. prefix message was displayed.

I the result was actually erroneous I feel the posts featuring such screenshot should be edited to mention that though I gather such aspect could be confirmed only after checking the code.

The results displayed under “Database record”, are the results for the domain, if that’s what you meant? (sorry if I’ve mis-understood, I’m absolutely shattered)