Well, I knew some scrapers were bad but this one takes the cake.
209.172.60.19 [ip-209-172-60-19.reverse.privatedns.com]The scraping was tracked to a page on umax-search.info.
User Agent: lwp-trivial/1.41
When I went to open the page in Internet Explorer I got this error instead.
umax-search.info may cause a breach of browser security.The proud owner of this lovely site is:
We blocked your browser from visiting this site.
In our tests, umax-search.info attempted to make unauthorized changes to our test PC by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your PC.
whois umax-search.infoThe site's information is as follows:
Domain Name:UMAX-SEARCH.INFO
Registrant Name:Sid Wongvorakul
Registrant Street1:979 Rutland Dr
Registrant City:Memphis
Registrant State/Province:TN
Registrant Postal Code:78243
Registrant Country:US
umax-search.info (66.199.247.42)The site is hosted by this now blocked company:
OrgName: EZZI.NETThe SCRAPING IP came from iWeb Technologies which I'll assume is hosting a proxy site that was used to scrape and is now also on my blocked list.
OrgID: EZZIN
Address: AccessIT - Hosting Services
Address: 75 Broad Street, Suite 1902
City: New York
StateProv: NY
PostalCode: 10004
Country: US
NetRange: 66.199.224.0 - 66.199.255.255
whois 209.172.60.19From Canada to Tennessee and finally landing in New York, my scraped data took a wild trip and ended with a McAfee warning, sheesh.
OrgName: Groupe iWeb Technologies inc.
OrgID: GIT-20
Address: 3185, rue Hochelaga
City: Montreal
StateProv: QC
PostalCode: H1W-1G4
Country: CA
NetRange: 209.172.32.0 - 209.172.63.255
NameServer: NS1.IWEB-HOSTING.COM
NameServer: NS2.IWEB-HOSTING.COM
Nastiest thing I've run into so far, but I doubt it will be the worst.
3 comments:
UMAX has been around for a few years. They got so bad he moved his spamming operation to another host in another country (last time I checked). He runs a so-called search script that ends up spamming guestbooks each time it's ran by the visitor - thus having the visitor's IP busted instead of his own. His referer urls have been blacklisted on my sites for a few years now (since 1999).
I'll give ya 3 guesses as to where he started out and the first 2 guesses don't count... EV1 - Good 'ol Everyone's Internet. They receieved so many complaints that FINALLY gave him the boot (can't remember his name right now)..
Sorry Icredibill, could find your email address anywhere, but wanted to alert you to something I've been seeing a lot of in my log files (until I blocked it of course!):
216.7.179.21 Syntryx ANT Scout Chassis Pheromone; Mozilla/4.0 compatible crawler
Wrong Umax company is getting a bad PR here. The spamming comes from UmaxSearch (see UmaxLogin.com and UmaxSearch.com), it is a website that uses PPC feed from a well-known firm.
They accept affiliates and split profits. Affiliates usually use doorways and spamming techniques. Well, this is a bad thing. The worse thing is that this well-known entity is selling legitimate guys this laundered traffic.
Enjoy.
Post a Comment