Wednesday, August 09, 2006

SCRAPER BUSTED #9 - Umax is baaaack

This is déjà vu day in the scraper busting dept. as Umax is back with a new virulent website.

BTW, if you want to read some funny misguided shit, this guy wants people to boycott the UMAX the scanner company because of something unrelated, like this spamming virus site maker that's the topic of this post.

What a screwball, sheesh.

WARNING - DO NOT GO TO THIS SITE!

IT WILL ATTEMPT TO INFECT YOUR PC WITH AN EXPLOIT!

Remember, I'm a trained professional, so don't try this site at home as this is some nasty shit.

However, if you're stupid enough [and most of you are] to attempt to access this site then use some goddamn common sense and disable your javascript and maybe java in your browser first or you might end up in a world of hurt.

For those of you real dumb fuckers, I mean the dumb as a pet rock variety, you'll get Trojan.ByteVerify installed on your machine if you visit these sites [see list at bottom] without proper precaution so don't blame me as YOU HAVE BEEN WARNED!

Crawler Info:
IP Address: 209.172.60.19 [ip-209-172-60-19.reverse.privatedns.com]
User Agent: lwp-trivial/1.41
Site info:
umax-ppc.net (66.199.247.42)
This is on the same server and host as the last reported site, but just in case you're too fucking lazy to click the link about and look it up for yourself it's repeated below.

Not sure this is even real information about this asshole, as other registrations say Russia, there's a shock, but they all seem to have FREEYAHO LLC in common.

American asshole information:
Registrant:
Sid Wongvorakul
979 Rutland Dr
Memphis, Tennessee 78243
United States

Registered through: FREEYAHO LLC.
Domain Name: UMAX-PPC.NET
Created on: 15-Dec-04
Expires on: 15-Dec-07
Last Updated on: 12-Jul-06

Administrative Contact:
Wongvorakul, Sid sidfeehit@yahoo.com
979 Rutland Dr
Memphis, Tennessee 78243
United States


Technical Contact:
Wongvorakul, Sid sidfeehit@yahoo.com
979 Rutland Dr
Memphis, Tennessee 78243
United States


Domain servers in listed order:
NS1.NEED-SITE.COM
NS2.NEED-SITE.COM
Russian asshole information:
Domain Name: SEHUNTRESS.BIZ
Domain ID: D10559406-BIZ
Sponsoring Registrar: WILD WEST DOMAINS, INC.
Sponsoring Registrar IANA ID: 440
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: GODA-013273608
Registrant Name: DMITRIY SOLDATENKO
Registrant Organization: Freeyaho LLC.
Registrant Address1: a-n 262
Registrant City: Ulan-Ude
Registrant State/Province: Ru
Registrant Postal Code: 670042
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +790.25651263
Registrant Email: soldde@mail.ru
Host information:
OrgName: EZZI.NET
OrgID: EZZIN
Address: AccessIT - Hosting Services
Address: 75 Broad Street, Suite 1902
City: New York
StateProv: NY
PostalCode: 10004
Country: US

ReferralServer: rwhois://rwhois.s2.ezzi.net:4321
NetRange: 66.199.224.0 - 66.199.255.255
The rest of this prolific virus spamming assholes domains hosted on the same box:
1day.us
adsadult.com
adscom.us
adsname.com
alprazolam-xanax.com
art-xxx.com
baikal-guide.com
baikal-hotel.com
baikal-hotel.info
baikal-hotel.net
baikal-info.com
baikal-shop.com
baikal-tour.biz
baikal-travel.info
baikalguide.com
baikalhotel.com
baikalhotel.info
baikalhotel.net
baikalshop.info
baikalsk.com
baikalsk.info
baikalsk.net
bbsporn.com
board-online.com
board-online.net
dimattic.com
dsdomain.com
forum-online.biz
free-hit.com
free-virgin-pic.com
freeyaho.com
hotel-baikal.com
hotel-baikal.info
hotel-shop.info
hotelbaikal.com
hotelbaikal.info
hotelbaikal.net
info-baikal.com
lake-baikal.info
lakebaikal.info
need-site.com
nude-teacher.com
online-info.info
payday-loan-top.com
pharmacy-affiliate-program.com
popular-screen-savers.com
porn-samples.com
porn-teacher.com
porn-teen-pic.com
porno-sample.com
ppc-se.biz
ppc-se.com
ppc-se.info
ppc-se.net
qoclick.com
qoclick.net
reseller-porn.com
sampleclip.net
sehuntress.biz
sehuntress.com
sehuntress.info
sehuntress.net
seohuntress.com
sex--free.com
sex--x.com
sexy-teacher.net
showavailable.com
solo-teens.com
specific911.biz
specific911.com
specific911.info
specific911.net
specific911.org
top-10-shop.com
top-new-affiliate-programs.com
umax-forum.com
umax-ppc.com
umax-ppc.net
umax-se.biz
umax-se.com
umax-se.info
umax-se.net
umax-se.org
umax-search-ppc-se-board.com
umax-search-ppc-se.com
umax-search-ppc.com
umax-search-se.com
umax-search-search-engine.com
umax-search.biz
umax-search.com
umax-search.info
umax-search.net
umax.org
umaxforum-umax-forum.com
umaxppc.com
umaxppc.net
umaxppcsearch.com
umaxse.biz
umaxse.com
umaxse.info
umaxse.net
umaxse.org
umaxsearch-ppc-se.com
umaxsearch-ppc.com
umaxsearch-se.com
umaxsearch-search-engine.com
virgin-sexy.com
webmasterdiscuss.com
weekly-pay-ppc-se.com
weekly-pay.com
weekly-teens.com
work-at-home-top.com
xanax-shop.info
yula.us
arshan.info
If you think I have a bad attitude in this post, you're very perceptive, as this fucker really pisses me off more than the usual garden variety scraper and hosting companies that allow this shit on their premises make my blood boil.

I'm trying to resist calling the whole lot of them a bunch of cocksucking assholes, but I think I'm losing that battle..




7 comments:

GaryK said...

I've never been rude to you before Bill. But that's cause you've always directed your anger at the bots, not those of us who read your blog to gleam valuable information. So please pardon me while I tell you to fuck off! ;-)

willmacc said...

I commented on one of your posts and the person I could think of was this a$$hole - umax.
This is the only spammer I know of that EV1 finally booted off their system - he went to a russian server after that. He was running a hotel bait page last time I looked and still using the script to spam with from the bait page.

Anonymous said...

I commented in another thread, it is WAAAY larger than just one guy running this. This is a big business using PPC feed and affiliates who provide doorway/spam/malware traffic. Affiliates come mostly from Eastern Europe. The company that provides PPC feed (search around, there are only few) then launeres this traffic, basically.

Olliver said...

This guy is from Ukraine and is called Dmitriy Soldatenko:
source #1
source #2
The comments added by the spammer speak for themselves and give an idea why this guy wasn't able to find a job in real life ;-)

IncrediBILL said...

Olliver, dude, Source #1 is rude and tries to automatically download a file protending to be a service pack update, which it very well may be but I'm sure not letting it complete!

DONT CLICK SOURCE #1 above unless you want this to autodownload:
WindowsXP-KB835935-SP2-ENU.exe.

Sheesh, those guys are something else.

Try reading it via Google Cache

olliver said...

Bill,
Sorry for that automatic download on Lemat's guestbook site (# 1). I wasn't aware of it since I don't use Windows and have a proxy filter zapped unwanted ads and other things I don't wish to be bothered with.

Olliver

Anonymous said...

Source #1 in case of detecting misbehaviour is redirecting to the
http://download.microsoft.com/download/1/6/5/165b076b-aaa9-443d-84f0-73cf11fdcdf8/WindowsXP-KB835935-SP2-ENU.exe
and it is indeed SP2 for M$ Windows.
I thought somebody would check it before accusing me.

If you want to search for other Dmitriy Soldatenko web sites and poorly moderated webforums try to search for "FREEYAHO LLC"

Regards
Lemat