Wednesday, June 28, 2006

SCRAPER BUSTED #5 - Site is so bad McAfee SiteAdvisor blocked the page load!

Well, I knew some scrapers were bad but this one takes the cake.

209.172.60.19 [ip-209-172-60-19.reverse.privatedns.com]
User Agent: lwp-trivial/1.41
The scraping was tracked to a page on umax-search.info.

When I went to open the page in Internet Explorer I got this error instead.

umax-search.info may cause a breach of browser security.

We blocked your browser from visiting this site.

In our tests, umax-search.info attempted to make unauthorized changes to our test PC by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your PC.
The proud owner of this lovely site is:
whois umax-search.info

Domain Name:UMAX-SEARCH.INFO
Registrant Name:Sid Wongvorakul
Registrant Street1:979 Rutland Dr
Registrant City:Memphis
Registrant State/Province:TN
Registrant Postal Code:78243
Registrant Country:US
The site's information is as follows:
umax-search.info (66.199.247.42)
The site is hosted by this now blocked company:
OrgName: EZZI.NET
OrgID: EZZIN
Address: AccessIT - Hosting Services
Address: 75 Broad Street, Suite 1902
City: New York
StateProv: NY
PostalCode: 10004
Country: US

NetRange: 66.199.224.0 - 66.199.255.255
The SCRAPING IP came from iWeb Technologies which I'll assume is hosting a proxy site that was used to scrape and is now also on my blocked list.
whois 209.172.60.19

OrgName: Groupe iWeb Technologies inc.
OrgID: GIT-20
Address: 3185, rue Hochelaga
City: Montreal
StateProv: QC
PostalCode: H1W-1G4
Country: CA
NetRange: 209.172.32.0 - 209.172.63.255
NameServer: NS1.IWEB-HOSTING.COM
NameServer: NS2.IWEB-HOSTING.COM
From Canada to Tennessee and finally landing in New York, my scraped data took a wild trip and ended with a McAfee warning, sheesh.

Nastiest thing I've run into so far, but I doubt it will be the worst.

3 comments:

MP1 said...

UMAX has been around for a few years. They got so bad he moved his spamming operation to another host in another country (last time I checked). He runs a so-called search script that ends up spamming guestbooks each time it's ran by the visitor - thus having the visitor's IP busted instead of his own. His referer urls have been blacklisted on my sites for a few years now (since 1999).
I'll give ya 3 guesses as to where he started out and the first 2 guesses don't count... EV1 - Good 'ol Everyone's Internet. They receieved so many complaints that FINALLY gave him the boot (can't remember his name right now)..

ClosedGL said...

Sorry Icredibill, could find your email address anywhere, but wanted to alert you to something I've been seeing a lot of in my log files (until I blocked it of course!):

216.7.179.21 Syntryx ANT Scout Chassis Pheromone; Mozilla/4.0 compatible crawler

Anonymous said...

Wrong Umax company is getting a bad PR here. The spamming comes from UmaxSearch (see UmaxLogin.com and UmaxSearch.com), it is a website that uses PPC feed from a well-known firm.

They accept affiliates and split profits. Affiliates usually use doorways and spamming techniques. Well, this is a bad thing. The worse thing is that this well-known entity is selling legitimate guys this laundered traffic.
Enjoy.