What Is IE Snare And How To Remove It

IESnare

There is a lot of mistrust in the matched betting community, and the wider gambling community in general, about IE Snare, a fraud protection system developed by Iovation. IE Snare is used by a number of online betting sites to counter fraud and abuse of their terms and conditions which has raised concerns that customers may be being spied on from their own computers.

What is IE Snare and what does it do?

Iovation is a big player in the world of online fraud management and actively target the online gaming sector who they see as vulnerable to online fraud and abuse. IE Snare is often referred to as spyware which is used to protect online businesses by matching distinct device identities to online accounts and sharing the information with other organisations on the IE Snare network.

For legal reasons, it cannot store any personal information about you but can share a lot of details about your computer and its browsing habits. Among the many details taken from your device are:

  • Identification data about your computer
  • Browser and operating system information
  • Information about your registry
  • Web pages visited
  • Time spent on websites

Basically, it creates a ”fingerprint” which allows bookmakers to track activity from the computer. It is designed to be used to help stop customers who have engaged in undesirable activity such as credit card fraud, collusion, claims fraud among other security breaches. It is done by giving the device a score, much like a credit rating, which can be used to refuse account applications.  

Should matched bettors be worried about IE Snare?

As intrusive as IE Snare is, it doesn’t stop you from having accounts with as many bookmakers as you want. What it can do is detect multiple accounts being used from the same PC, which is against the terms and conditions of many betting sites.

Theoretically, your device can be tagged for arbing and trading restrictions but it is unlikely since it’s understood that Iovation makes the decision to flag a device automatically based on its score, which could be for any number of violations of terms and conditions.

There is no evidence to suggest that bookmakers are using the data stored by Iovation to monitor bonus abuse, arbing or unprofitable business as they have more than adequate in-house data management solutions for this. It’s highly unlikely they share this information with each other as it is illegal and far too big a corporate risk.

What may be more of a concern is that Iovation can sell the data about your device to just about anyone and this study at the University of California shows it is largely being sold on for the purpose of malware and spam.

How can I tell if IE Snare is installed on my computer?

The easiest way to check if IE Snare has been downloaded onto your computer is to use the file search function on your device.

Type “mpsnare” into the search box and if IE Snare has been used on your computer it will be found in one of the following folders:

  • #mpsnare.iesnare.com
  • #ci-mpsnare-iovation.com
  • mpsnare.iesnare.com
  • ci-mpsnare.iovation.com

To remove IE Snare from your system, simply delete any of the above folders found in your search.

There are so many gambling websites using IE Snare that if you’ve found it, there is a chance it will install on your device again and you may want to take steps to block it.  

mpsnare search

I’ve run this check and not found any mpsnare folders or files on my computer. The following information is therefore, not thoroughly tested by me and should be followed at your own risk.

How to block IE Snare

You can block IE Snare by fooling your computer into thinking that the IE Snare website is actually hosted on your own computer. So every time it tries to connect with one of the IE Snare sites the connection is made to your computer where it is rendered harmless because you are not running a web server (or the scripts required to understand what’s going on).

You do this by modifying your hosts file on Windows pc, as follows:

Make sure you are logged in as administrator

Click the Start button, click Notepad (or type Notepad in the search box)

Right-click on the Notepad item which appears at the top of the list

Choose “Run as administrator” which opens an “Untitled” file

Go to File and click Open

all files

In the File name box, enter “C:\WINDOWS\system32\drivers\etc”.

In the drop down box, select “All Files” and click “Open”

hosts search

Right click on “hosts” file (make sure it only says hosts, not hosts.bak or hosts.txt)

Go to “Properties” and uncheck “Read-only” box at bottom beside “Attributes”

Click “Apply” then “OK”

Now double click “hosts” to open the file

hosts file

Copy and Paste the following lines in the next line below where it says “127.0.0.1 localhost”

127.0.0.1 iesnare.com

127.0.0.1 iesnare.co.uk

127.0.0.1 www.iesnare.co.uk

127.0.0.1 mpsnare.iesnare.com

127.0.0.1 mpsnare.iesnare.co.uk

127.0.0.1 www.mpsnare.iesnare.com

127.0.0.1 www.mpsnare.iesnare.co.uk

127.0.0.1 ci-mpsnare.iesnare.com

127.0.0.1 ci-mpsnare.iesnare.co.uk

127.0.0.1 www.ci-mpsnare.iesnare.com

127.0.0.1 www.ci-mpsnare.iesnare.co.uk

127.0.0.1 admin.iesnare.co.uk

127.0.0.1 www.admin.iesnare.com

127.0.0.1 www.admin.iesnare.co.uk

127.0.0.1 iovation.com

127.0.0.1 iovation.co.uk

127.0.0.1 www.iovation.com

127.0.0.1 www.iovation.co.uk

127.0.0.1 www.iesnare.com

127.0.0.1 admin.iesnare.com

127.0.0.1 dra.iesnare.com

127.0.0.1 impsnare.iesnare.com

127.0.0.1 mpsnare.iesnare.com

127.0.0.1 mx.iesnare.com

127.0.0.1 snare.iesnare.com

127.0.0.1 iovation.com

127.0.0.1 accountlock-demo.iovation.com

127.0.0.1 admin.iovation.com

127.0.0.1 bam-pilot.iovation.com

127.0.0.1 batch.iovation.com

127.0.0.1 ci-accountlock.iovation.com

127.0.0.1 ci-admin.iovation.com

127.0.0.1 ci-mpsnare.iovation.com

127.0.0.1 ci-snare.iovation.com

127.0.0.1 dv-fw-a-nat.iovation.com

127.0.0.1 ioit.iovation.com

127.0.0.1 mx.iovation.com

127.0.0.1 p.iovation.com

127.0.0.1 rm-admin-demo.iovation.com

127.0.0.1 soap.iovation.com

127.0.0.1 test.iovation.com

127.0.0.1 testgw.iovation.com

Go to “File” and click “Save”

Close Notepad, restart your computer and your are done.

Check IE Snare is blocked

You can check your changes to the “host” file have worked as follows:

Type “cmd” in the search box and left click cmd.exe to open

Type “ping mpsnare.iesnare.com”

You should see a reply from 127.0.0.1 as follows

Pinging mpsnare.iesnare.com [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Instructions for Mac computers

Launch Terminal, found in /Applications/Utilities/ or launched through Spotlight

Type the following command at the prompt to backup hosts file to documents folder:

sudo cp /private/etc/hosts ~/Documents/hosts-backup

Type the following command at the prompt to open hosts file:

sudo nano /private/etc/hosts

Enter the administrator password when requested – you will not see it typed on screen – then press enter/return

Once the hosts file is loaded within nano, use the arrow keys to navigate to the bottom of the hosts file to make your modifications. Add the same lines as in the instructions above:

127.0.0.1 iesnare.com

127.0.0.1 iesnare.co.uk

127.0.0.1 www.iesnare.co.uk

127.0.0.1 mpsnare.iesnare.com

127.0.0.1 mpsnare.iesnare.co.uk

127.0.0.1 www.mpsnare.iesnare.com

127.0.0.1 www.mpsnare.iesnare.co.uk

127.0.0.1 ci-mpsnare.iesnare.com

127.0.0.1 ci-mpsnare.iesnare.co.uk

127.0.0.1 www.ci-mpsnare.iesnare.com

127.0.0.1 www.ci-mpsnare.iesnare.co.uk

127.0.0.1 admin.iesnare.co.uk

127.0.0.1 www.admin.iesnare.com

127.0.0.1 www.admin.iesnare.co.uk

127.0.0.1 iovation.com

127.0.0.1 iovation.co.uk

127.0.0.1 www.iovation.com

127.0.0.1 www.iovation.co.uk

127.0.0.1 www.iesnare.com

127.0.0.1 admin.iesnare.com

127.0.0.1 dra.iesnare.com

127.0.0.1 impsnare.iesnare.com

127.0.0.1 mpsnare.iesnare.com

127.0.0.1 mx.iesnare.com

127.0.0.1 snare.iesnare.com

127.0.0.1 iovation.com

127.0.0.1 accountlock-demo.iovation.com

127.0.0.1 admin.iovation.com

127.0.0.1 bam-pilot.iovation.com

127.0.0.1 batch.iovation.com

127.0.0.1 ci-accountlock.iovation.com

127.0.0.1 ci-admin.iovation.com

127.0.0.1 ci-mpsnare.iovation.com

127.0.0.1 ci-snare.iovation.com

127.0.0.1 dv-fw-a-nat.iovation.com

127.0.0.1 ioit.iovation.com

127.0.0.1 mx.iovation.com

127.0.0.1 p.iovation.com

127.0.0.1 rm-admin-demo.iovation.com

127.0.0.1 soap.iovation.com

127.0.0.1 test.iovation.com

127.0.0.1 testgw.iovation.com

When finished, hit Control+O followed by ENTER/RETURN to save changes to /private/etc/hosts, then hit Control+X to exit out of nano

By

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

James Ragen says

Hello Graham,

Thank you for this very eye opening post, it is very useful! I have a question in regards of the mac instructions. When i check if it's working on mine, it comes up with exactly the same stuff as you have displayeed but 64 bytes and not 32. Do you know why this could be?

And also, if i wanted to undo this, do you know how this can be done?

Thank you

James

says

Hi James

64 bytes is the packet size transmitted across the network and is a variable which can differ from OS to OS. Microsoft's defaults at 32 but it doesn't matter too much if it's 32 or 64.

To undo the block on IE Snare simply delete the entries you made to the hosts file.

Best regards
Graham