Blog for hpHosts, and whatever else I feel like writing about ....

Friday 25 June 2010

Searching a search engine, leads to a search engine that's not a search engine but a search scraper that's not a search .... you get the idea

Look at the image to the left, what does it look like?

No, that's not a trick question, it's a search engine right? A custom Google search perhaps? You'd be forgiven for thinking that, indeed, you could almost believe it's someones poor attempt at a parking page, given the domain is up for sale, courtesy of Sedo (more on that in a second).

However, this typo-squatter, is hiding something more nefarious than that. Normally when you want to go to a sites Home page, you'd click what?

A. Home?
B. Not My Home?
C. Someone's really cool collection of comics?

If you answered A, you've won absolutely nothing, but I'm afraid, had you chosen Home in this case, you'd not infact, be taken to the sites homepage, or at least, not as such - instead, you'd be taken to freeporn.gxxgle.com (you can see where this is going).

Yes folks, clicking "Gxxgle Home", will infact, present you, or your kids, with this (explicit images blanked out for obvious reasons);



Not the search engine you were expecting it to be now, was it? I'm still investigating this one, as there's alot of avenues to this (several ad networks make an appearance, some of which look highly questionable, to say the least, and require further investigation), but first and foremost, the IP range involved will be of no surprise at all;

IP: 75.126.137.162
IP PTR: 75.126.137.162-static.reverse.softlayer.com
ASN: 36351 75.126.0.0/16 SOFTLAYER - SoftLayer Technologies Inc.

What's interesting to note, is Sedo to my knowledge, don't provide privacy services such as those provided by GoDaddy and the likes - so what's going on here? Are they responsible for this?

Registrant:
   Sedo
   161 First St, 4 Floor
   Cambridge, Massachusetts 02142
   United States

   Domain Name: GXXGLE.COM
      Created on: 31-Jan-04
      Expires on: 31-Jan-12
      Last Updated on: 06-Apr-10

The WhoIs certainly seems to implicate them, but no, I don't actually believe that either. A quick lookup showed a possible connection to a Mr Mike Sigler from California, who also owns zerohighway.com. However, at present, this is just a suspicion, we'll have to see both what further digging turns up (I've done relatively little thus far as I'm very tired), and what Sedo themselves have to say.

Incase you're wondering where the site is pulling the search results from, a Fiddler log shows they're being pulled from Google themselves (rather cheeky if you ask me, but not surprising). If you'd like a copy of the Fiddler log, you can find it at;

http://temp.it-mate.co.uk/gxxgle.com_-_Fiddler_log.zip

No comments: