How to block IE Snare

How to block IE Snare

What is IE Snare?

IE snare is a web tool use by many of the online bookmakers for ‘reputation management’ in order to counter ‘fraud and abuse’. It tracks information about your computer and browsing habits including:

  • Websites visited
  • Time on websites
  • Unique information about your computer

All of this allows the bookmakers to track where you’ve been and and idea of what you’ve been doing there.


Why does this matter?

Online bookmakers are keen to identify anyone they might consider as a ‘sharp punter’ Ie: Anyone who is going to cost them money. Matched Betting is a great example of how some people are able to make money for themselves at the expense of the bookmaker’s profit and so they’re keen to catch us!

By tracking your internet history, bookmakers are able to spot people who constantly bounce between many different online betting sites and the big online betting exchanges (Betfair, Smarkets etc). If they suspect you of being a matched bettor or sharp punter who’s shopping round for the very highest odds on a bet; they’re likely to ban you.


How can I tell if I’ve been infected?

The easiest way to check is to run a search on your computer for “mpsnare”

If IE Snare has been installed on your machine then it will find one or more of the following folders:


Another way is to run a command prompt (Go to Start – Run – “CMD”):


Then in the black box type: dir mp*.com /s


How to remove IE Snare

Removing IE Snare is as simple as deleting the folders found from the above searches. This will remove all history that IE Snare has stored and so you be safe until it gets installed onto your machine again.

Given that many online betting sites are using IE Snare, there is a good chance your machine will become infected again and so you should block IE Snare before you get infected.


How to block IE Snare

Blocking IE Snare doesn’t stop it from being installed onto your computer, but it does stop it from reporting back any ‘findings’ to the betting site, thus making it useless at tracking your matched betting activities. In order to stop is from reporting back you need to amend your computer’s “host file”.

– Go to: Start – Run – Notepad – Right click on “notepad” and select “Run as Administrator”


Within Notepad go to: File – Open

Then in the drop-down box select “All Files”:


In the File Name box type: C:\Windows\System32\Drivers\Etc and then press ‘Open’


Right click on “hosts” and select “Properties” from the bottom of the list


Make sure that the box next to “Read-Only” is unticked


Click “Apply” then “OK”. Now double click on “hosts”. It will open up and look like this:

Copy and paste all of the below into the Notepad below the line “ localhost”:


So it now looks like:


Go to File and click “Save”


Now close notepad, restart your machine and you’re done!


How to check it’s worked

You can check the block has worked by going to:

Start – Run – CMD

Then in the black box type:


The reply should come back from and look like:

Pinging [] with 32 bytes of data:

Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128

Instructions for Mac computers

These are copied from another site so I am unable to verify or product screenshots however the method looks correct:


Instructions for Mac:

Step 1: Launch Terminal, found in /Applications/Utilities/ or launched through Spotlight

Step 2: Type the following command at the prompt to backup hosts file to documents folder:

sudo cp /private/etc/hosts ~/Documents/hosts-backup

Step 3: Type the following command at the prompt to open hosts file:

sudo nano /private/etc/hosts

Step 4: Enter the administrator password when requested – you will not see it typed on screen – then press enter/return

Step 5: Once the hosts file is loaded within nano, use the arrow keys to navigate to the bottom of the hosts file to make your modifications. We can then add the same lines as in the instructions above:

Step 6: When finished, hit Control+O followed by ENTER/RETURN to save changes to /private/etc/hosts, then hit Control+X to exit out of nano

91 thoughts on “How to block IE Snare

      1. Hello .. I really would like to give this a try . I’ve been researching it since I read about it . And I would like to know if you are in us can you do it. Are there ones you can start with that you don’t have to put your money in just so you can see if it will actually work for you .

  1. Thank you for this Guy,

    just so you’re aware, slight mistake on the hosts file path…unless maybe it has changed for W10 or something?

    In W7 it’s In the File Name box type: C:\Windows\System32\Drivers\Etc and then press ‘Open’

    Thank you again for this!

  2. Hey, this is brilliantly explained! Are there any programs that you would recommend to block it?

    I read a different article saying an anti spyware?

    1. I’d not trust any of the anti-spyware products enough with this. They are well known to accept payments from advertisers in order to allow their own spyware through the filters.

      Instead this method ensures that even if you do get IE Snare on your machine it still cannot communicate any details.

  3. Thanks for the heads up!
    I do most of my betting on my mobile phone, is this something I need to worry about if I don’t use a pc/Mac?

  4. Wow, this is interesting!

    I’ll block it anyway as it seems trivial to do so, but is this not limited to IE only (hence the name?) I searched my Mac and there was no sign of it, and also wondered if simply using Chrome would bypass this? (I’m guessing not otherwise you would have mentioned it already, but it might be worth stating that it’s not just an IE only issue)


    1. I’m not sure if Chrome is affected as it may handle the drive-by install from websites differently. This fix will also fix it for Chrome if you can get infected through that browser so I guess there’s no harm in everyone just doing it anyway considering it takes about 30 seconds to implement the block which then lasts forever regardless of browser.

      1. Great blog! really helpful, thanks for crystalising your experience.
        New domains used by Iovation (maybe after seeing this popular tutorial ) will need adding to host file. Maybe someone could use to keep an eye on newly registered domain? I also read that making the iesnare folders non-writable prevent re-installation.
        No data from iesnare (because we block it) is also a red flag surely?
        No iesnare data + winning account with £1500 in (after rolling your free bet) over = big red flag? Am i over paranoid? would you at least get your £1500 back with regulation complaint? Please email me after your honeymoon – as i have more info i would like to share with you about a mobile internet concern.

        1. I’ve seen this theory mentioned alot Gavin, but honestly it’s not been my experience or that of my friends & family. I was getting gubbed alot faster before I started blocking Ie Snare than after. There are many reasons why IE Snare might not be reporting back in so I dont think a bookie could really just assume you’d purposely blocked it.

      1. Thank You so much.
        It worked. Yesterday when I tried to control panel test it, It was not showing anything. Now it is. Whilst I am on a good role with blocking this, I am going to get my 2nd laptop that will soon be on a dongle and get iesnare blocked there.

    1. I suspect it will need to be updated in the future as they change their receiving URLs, however thats impossible to predict if/when it will happen.

  5. Fantastic article, and more so…excellent blog!

    Quick question regarding this, do you think that blocking IE SNARE would lead the bookies to being suspicious as to why your account isn’t pinging any information back to their server?

    Lastly, in your opinion d’yu reckon that blocking it will lead to less gubbings?
    Thanks in advance!

    1. Hi Sean, I’ve been blocking IESnare for months now and not noticed any bookies gubbing me because of it. There could be any number of reasons why it’s not pinging back to them.

      In my opinion it certainly can’t do any harm to block IESnare, and may do some good.. so why not.

    1. I don’t believe it can affect phones/tablets as they us a sandboxed environment which doesnt allow browser plugins to install flash software.

    2. would like to know how to protect my chromebook with your method but don’t know how to begin as it doesn’t have START?!

      1. Hello LouLou,

        I’ve never used a Chromebook before so it’s not something I’m familiar with I’m afraid. I suspect you may not be able to edit the hosts file on a Chromebook, instead try installing a privacy extension.

  6. thanks for the info 🙂 i would imagine using the tor browser with a vpn routed via uk server could work also – any thoughts on this?

    1. My thoughts would be to never use TOR for anything which requires you to enter personal details! You’ve no idea who is running the exit node and what content sniffing they may be doing.

      1. good point, thank-you 🙂 – isn’t it safe if the address bar says https? i will take your advice as i am a novice to these things… however it wasn’t clear from the above if chrome was actually safe too?
        just ran your process for iesnare and pinged and got the result you said i should….signed up with profit accumulator, just getting going now, many thanks 🙂

    1. I dont believe its possible for a flash file to be installed on iOS. They may install a tracking cookie instead though which will need to be either blocked or cleaned out regularly. Unfortunately I dont use an ipad/phone so cannot advise on how to do it.

  7. Hi! Thanks for a great post 🙂

    I got the tip to always use private surfing when using betsites.

    Do this give the same results or is private surfing not working?

    1. Private surfing will still install flash components from sites you visit. I’d recommend blocking IE Snare as well.

  8. HI,

    I have a few accounts closed as linked accounts. how can i stop the bookies (365) from doing this. I refresh the IP delete cookies and still have the issue

    Any help appreciated

    1. It’s impossible to totally avoid getting accounts closed. Best advice is to never take bets where the bookie odds are higher than on the exchange and never bet on really obscure matches.

  9. Hi, I know I have iesnare and mpsnare on my computer, but when I type dir mp*.com /s into the
    ‘Run’ box I just get a message saying ‘windows cannot find dir’.
    Please can you clarify: should I type in cmd before dir mp*.com /s?
    Is there a space between r and m, and a space between m and/?
    Thank you.

    1. Yes, you need to type “Cmd” in the box first to run Command Prompt.
      Then in the black box type: “dir mp*.com /s”

  10. I’m informed that bookmakers will know if you uninstall/block iesnare, an action which will surely flag you up as bad news to them?

    Can you shed any light on this?

    Finally, thanks for this very informative post.

    1. All they will know is that visitor X does not have any previous tracking data on them when they visit their site. Whether that is because it is a brand new user or because IE Snare is blocked they will not know. Many things could be blocking IE Snare, both intentional or as a result of network settings so I’d be extremely surprised if a lack of IE Snare data being reported was itself a red flag. Indeed; I’ve been blocking IE Snare on my machine and recommended all of my friends/family do the same and none of them have reported any noticeable increase in gubbings. Infact they seem to be getting gubbed at a much slower rate than I was when I first started (and didnt originally have IE Snare blocked).

  11. When i open host it shows like this:

    # localhost
    # ::1 localhost

    like everything you have but with that extra line saying ::1 localhost

    so when i do everything else properly and i restart my computer i don’t get the same results on cmd…i get instead of that you have


  12. Hi, I followed your instructions and could you please have a look below if this is normal? Thanks!

    Pinging [] with 32 bytes of data:
    Reply from bytes=32 time<1ms TTL=128
    Reply from bytes=32 time<1ms TTL=128
    Reply from bytes=32 time<1ms TTL=128
    Reply from bytes=32 time<1ms TTL=128

    Ping statistics for
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

  13. So I deleted snare and did everything you suggested. I get this when I test it (Like Kris above):

    Pinging [] with 32 bytes of data:
    Reply from bytes=32 time<1ms TTL=128
    Reply from bytes=32 time<1ms TTL=128
    Reply from bytes=32 time<1ms TTL=128
    Reply from bytes=32 time<1ms TTL=128

    Ping statistics for
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    I assume it's working but when I revisit sites and search for mpsnare again it's back on the system. Am I correct in saying this is fine and it won't be able to send information even though it's on the system?

    Thanks for your help

    1. Correct, a reply from means that it won’t be able to talk back in. Blocking it does not stop it getting installed on your machine, just stops it talking back in when it is installed. If you have blocked the communications it is harmless being installed and can be ignored.

  14. I have been using phones throughout and sometimes the PC from the cafes. Is it possible my account could be blocked?

    1. You’re more likely to get banned because someone else has previously used that shared IP address in the cafe for their accounts and they ban you for suspected multi-accounting. I’d never use a shared computer for matched betting. Guy yourself a 3G dongle and laptop. You can pickup cheap laptops for £150 and a dongle for £10-£20 per month.

  15. What if when entering all that under “ localhost” I have another line that reads “::1 localhost”

    Do I continue to enter the code under that or do I delete it?

    Or is there another thing I need to do?

    Im clearly no tech expert so help would be much appreciated, Thanks

    1. Very strange, It certainly shouldnt be blank. What happens if you just double click on the hosts file itself and select to open with Notepad when prompted?

  16. Your guidance very much appreciated – I have just removed and blocked ieshare, etc as above and have noticed my PC is running noticeably faster. The ‘lagging mouse’ issue with Windows 10 that is well documented elsewhere is also reduced.

    Could it be that iesnare and its related spyware is much more widespread and insidious and doing much more damage than first thought, including being part of the Windows 10 ‘mouse lag’ problem.

    PS. I’m NOT signed up to any bookmaker sites!

  17. Hey,

    Thank you for the post, this is really helpful information. I have a mac and have done what has been instructed. I wanted to ask that when i check back and ping it, is comes up with 64 bytes not 32 bytes, do you know why this is?

  18. Great article. Thank you.

    I have been using 3 different machines for 3 sets of accounts until now. I am looking to increase this but would like to be able to use my Chromebook for several accounts. I see you mentioned that a sandboxed environment won’t allow for iesnare to be installed – so I expect that Chrome OS would fall into this category too?
    The only thing I can find on my Chromebook is a cookie “token”:

    Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef
    Content: yIrbkgPyppjufHpqDaVWsdYn1HqNcOeVbYKspqVyYmk=
    …[plus others]

    Do you know how this cookie would be used in this case? As I expect this would affect mobile users also?

    I am expecting that a history of browsing habits would not get stored on a locally stored cookie?

    Thanks in advance!

    1. My guess is that it would act like a cookie does on windows; ie: allow pages to fingerprint your machine so they know when you return to their site. The issue will be if these sites then share their ‘hits’ from you visiting them and build up a pattern suggesting matched betting. I’d delete/block any cookie like this if possible.

  19. Cheers for the above Guy. Also thanks for being so generous in sharing your tips with Huw Davies on Youtube, and here on your blog. I’ve just started out and really appreciate hearing from somebody with the benefit of experience.

    Just to add, in the above guide you might want to mention when navigating to
    You have to change the document type in Notepad to ‘All Files’, otherwise you will not be able to see the hosts file etc.

    Cheers mate!

  20. I keep getting blocked on a ticket site and noticed the words iesnare come up briefly when it was changing pages. Do you think they would be used by ticket websites to prevent fraud? Im not trying to commit fraud, just trying to buy tickets and site is busy so i refresh, try mutiple cards etc!

  21. Hi,
    very well pointed out on all of this. been profitting from betting recently and have been attempting to get clued up on preventing info being collected, accounts being banned etc as a matter of concern.

    maybe you could add to your post how to ping on the mac side using ‘network utility’ then ping tab then doing 5 pings to ‘’

    Thought id just point this out as I became concerned having read your post and as a user of both oses for gambling i wanted to verify both.

    Big up, keep doing what your doing!

    – Rick

  22. to add to above I think using your mac instructions has worked and the results from the ping (via network utility) were as follows:
    Ping has started…

    PING ( 56 data bytes
    64 bytes from icmp_seq=0 ttl=64 time=0.036 ms
    64 bytes from icmp_seq=1 ttl=64 time=0.044 ms
    64 bytes from icmp_seq=2 ttl=64 time=0.047 ms
    64 bytes from icmp_seq=3 ttl=64 time=0.052 ms
    64 bytes from icmp_seq=4 ttl=64 time=0.074 ms

    — ping statistics —
    5 packets transmitted, 5 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.036/0.051/0.074/0.013 ms

  23. Hi there. Having a bit of difficulty with this… Firstly when going to the notepad and right clicking I’m not getting the option to edit as administrator. Also the text on mine doesn’t end at ‘’ etc, I have another line underneath ‘: : 1’ so I wasn’t sure whether to copy and paste under the one you said (and then the one underneath ends up right at the bottom) or under the last one?? Anyway, once I copied and pasted and pressed ‘save’ I’m getting a message come up saying ‘You don’t have permission to save in this location. Contact the administrator to obtain permission.’… I’m not sure what I need to do?? Hopefully you can help me :o)

  24. I’ve blocked IE Snare on my mac but I’d like to check if it worked. Can you please let me know how to check it? Instruction for this was only mentioned for windows in this blog. Thx

  25. Hi MatchedBettingGuy
    Can Iesnare detect the mac adress of smartphones (I use my smartphone as wifi modem to run internet on my computer) ?

  26. do these urls effective while i input. them in pc to antispy bookmakers in asia?
    if not,what urls should i input?
    in fact,asia has a great gambling market,y u guys not introduce ur software to asian?
    do u know that an matchingbet software cost almost €150~300 per month here ,for example,in my country China
    i know its illegal in my country,but in fact,there are many people finding surebet and police seldom catch

  27. Dear,
    What in case that some site requires iesnare.js and for example wont to proccess your (bookie) withdrawal request?

    Is it possible to override existing token with some random value, because probably bookies only stores a hash (token) and do not know what beneath data (user-agent, OS, and other stuff)

Leave a Reply

Your email address will not be published. Required fields are marked *