Monday, March 31, 2008

Further Convinced IE6 is used for maliciousness

I am further convinced that users of IE6 or their computers are up to no good and that at least a part of your IE6 traffic is bogus and used for purposes other than for people to learn about and buy your products and services.

Not only do most IE6 users in general not upgrade their browser after being locked out of the site which was done as a test to see if this traffic is legit - most of the traffic is a one-off hit and not by users of these sites who are typically frequent visitors looking for updated information. Long time legitimate users are not typically the ones using IE6 - it is the random one-off visitor hitting odd sites that it is very strange they would be trafficking in the first place.

For instance, there's an IP in Brazil - a known big source of spam - hitting a site over and over again with different browsers probably trying to decipher how to crack through this blocking. They are looking at a site with Christmas related items. It is doubtful that at this time of year someone in Brazil is trying that hard to view Christmas decorations in the US that are not even for sale online.

As a side note a lot of people from Brazil travel to a location related to a travel booking site we run - could this be a travel agent or criminal in Brazil trying to copy the site and direct traffic to them instead of us?

Here's the IP:

inetnum: 201.77.0/20
aut-num: AS28650
abuse-c: RFS185
owner: Dilmar Antonio Simonetti
ownerid: 031.743.818/0001-28
responsible: Dilmar Simonetti
owner-c: RFS185
tech-c: RFS185
inetrev: 201.77.0/21
nsstat: 20080330 AA
nslastaa: 20080330
nsstat: 20080330 AA
nslastaa: 20080330
created: 20060607
changed: 20060607

nic-hdl-br: RFS185
person: Rogerio Ferreira dos Santos
created: 20010816
changed: 20060307