Comments on websites
weirdness with possible blackhat SEO site
jeu 15 oct 2009 23:08:11 UTC — amishrabbitI've been looking online for the inevitable blackhat-SEO-promoted malware that's sure to appear any minute now in search results off of Falcon Heene's name (he's the little boy who everyone thought flew away in his father's weather balloon).
In my travels, I came across this site:
http://www.mywot.com/scorecard/3delight.com
It appears to be tweaking search results by screenscraping headlines based off of the boy's name, his family's names, and other details of the event, all internally linked to other pages containing screenscraped headlines. Classic SEO stuff.
Example page:
http://3delight.com/ZDoc/Falcon-Heene.htm
(I've checked, it doesn't appear to be involved in any weirdness other than the screenscraped text)
Well, twenty minutes ago, the site had zero ratings and was getting a grey circle; Now it has enough ratings to rate it green. Something fishy is going on here, and I'd like the admins to take a look at it, because it may reveal something about this particular blackhat SEO gang and how they operate. Perhaps they have an army of bogus accounts which rate websites they use to manipulate search results.
Could you please look into it?
-=A
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
Looks
ven 16 oct 2009 00:12:17 UTC — WarxasVery, very suspicious.
It looks like it is supposed to look like some kind of forum or something? But the forums of 3delight.com look nothing like this page.
It contains a lot of terms to boost it up to the top of Google searches. It is currently the bottom of the first page.
At the top of the page there are 4 links with these names;
cnn
balloon boy
heene wife swap
wife swap
richard heene
I have not allowed JavaScript on the page.
Something else, this page appeared out of nowhere in Google searches for falcon heene; hxxp://www.byroncrawford.com/2009/10/falcon-heene-rap-video.html
It currently has
77 in trustworthiness, 0 out of 4 people in reliability
0 in vendor reliability
94 in privacy 0 out of 4 people in reliability
82 in child safety 0 out of 4 people in reliability
Lets see if that gets rated really high.
Sorry that wasn't much help. :(
Any other feedback?
lun 19 oct 2009 20:31:52 UTC — amishrabbitI can see the site is still rated green. Just curious to find out if any WOT admins have taken a look at this case.
re: 3delight.com
lun 19 oct 2009 20:47:06 UTC — g7wConfused...
hxxp://3delight.com/ZDoc/Falcon-Heene.htm
The requested URL /ZDoc/Falcon-Heene.htm was not found on this server.
This domain is hosted on a shared server and is not referenced in any MX blacklists
We develop high quality, production ready, rendering software and tools. 3Delight is our full-featured, fast, fully mature and RenderMan®-compliant renderer. 3Delight for Maya is our solution for Maya users that wish to use the strengths of 3Delight in their Maya pipeline. 3Delight for Softimage is a rendering plug-in for Autodesk® Softimage® and the first fully-integrated RenderMan-compliant rendering solution ever to be available to Softimage users.
We have been promoting the RenderMan® standard since its early days and our aim is to continue doing so; that is why we offer the first license of 3Delight for free.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
It's gone now
lun 19 oct 2009 21:14:44 UTC — WarxasBut I copied exactly what it said, it's long. Should I post it here?
Google Safe Browsing detects
lun 19 oct 2009 21:34:36 UTC — osfijwoei390WEFw23sfGoogle Safe Browsing detects many pages of malware on that site, http://www.google.com/safebrowsing/diagnostic?site...
105 malicious pages out of 288. I think it should be flagged red.
Threat or victim?
lun 19 oct 2009 21:43:00 UTC — g7wThreat or victim?
According to the Google link
The last time Google visited this site was on 2009-10-19, and the last time suspicious content was found on this site was on 2009-10-16.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, 3delight.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
Simply means no suspicious content has been found in the past 3 days...
The link referenced does not exist.
IF Google flagged this site for malware, then FF would display the "Reported Attack Site" warning before entering; I received no such warning.
Are you sure they are a threat or could they possibly have been a victim themselves and cleaned up the mess?
You must admit that for a domain to be around the past 9 years with no prior malicious activity... why start now? Sites do get hacked now and then.
just a thought.
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W
I think you're right
mar 20 oct 2009 23:03:44 UTC — amishrabbitLook more like victims, especially now
It looks like they are a
lun 19 oct 2009 21:45:36 UTC — osfijwoei390WEFw23sfIt looks like they are a legit website, but with so many pages of malicious content detected just a few days ago signals a red flag in my book. Until it can be shown that there are no malicious pages being served from that domain for an extended period of time, it should automatically be flagged red because there was at least a security breach.
www.mydiscountmeds.net
mar 20 oct 2009 00:07:20 UTC — WingsAsEaglzThis is a fake site that will just take your money!
off topic
mar 20 oct 2009 00:23:11 UTC — g7wBut agree, it's been confirmed as rogue
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W