Wednesday, June 28, 2006

SCRAPER BUSTED #5 - Site is so bad McAfee SiteAdvisor blocked the page load!

Well, I knew some scrapers were bad but this one takes the cake.

209.172.60.19 [ip-209-172-60-19.reverse.privatedns.com]
User Agent: lwp-trivial/1.41
The scraping was tracked to a page on umax-search.info.

When I went to open the page in Internet Explorer I got this error instead.

umax-search.info may cause a breach of browser security.

We blocked your browser from visiting this site.

In our tests, umax-search.info attempted to make unauthorized changes to our test PC by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your PC.
The proud owner of this lovely site is:
whois umax-search.info

Domain Name:UMAX-SEARCH.INFO
Registrant Name:Sid Wongvorakul
Registrant Street1:979 Rutland Dr
Registrant City:Memphis
Registrant State/Province:TN
Registrant Postal Code:78243
Registrant Country:US
The site's information is as follows:
umax-search.info (66.199.247.42)
The site is hosted by this now blocked company:
OrgName: EZZI.NET
OrgID: EZZIN
Address: AccessIT - Hosting Services
Address: 75 Broad Street, Suite 1902
City: New York
StateProv: NY
PostalCode: 10004
Country: US

NetRange: 66.199.224.0 - 66.199.255.255
The SCRAPING IP came from iWeb Technologies which I'll assume is hosting a proxy site that was used to scrape and is now also on my blocked list.
whois 209.172.60.19

OrgName: Groupe iWeb Technologies inc.
OrgID: GIT-20
Address: 3185, rue Hochelaga
City: Montreal
StateProv: QC
PostalCode: H1W-1G4
Country: CA
NetRange: 209.172.32.0 - 209.172.63.255
NameServer: NS1.IWEB-HOSTING.COM
NameServer: NS2.IWEB-HOSTING.COM
From Canada to Tennessee and finally landing in New York, my scraped data took a wild trip and ended with a McAfee warning, sheesh.

Nastiest thing I've run into so far, but I doubt it will be the worst.

2 comments:

Anonymous said...

Sorry Icredibill, could find your email address anywhere, but wanted to alert you to something I've been seeing a lot of in my log files (until I blocked it of course!):

216.7.179.21 Syntryx ANT Scout Chassis Pheromone; Mozilla/4.0 compatible crawler

Anonymous said...

Wrong Umax company is getting a bad PR here. The spamming comes from UmaxSearch (see UmaxLogin.com and UmaxSearch.com), it is a website that uses PPC feed from a well-known firm.

They accept affiliates and split profits. Affiliates usually use doorways and spamming techniques. Well, this is a bad thing. The worse thing is that this well-known entity is selling legitimate guys this laundered traffic.
Enjoy.