Scammers grab expired domains, annoying Google – TechCrunch

The web is a living The thing – ever-evolving, ever-changing. This goes beyond just the content on websites; Entire domains can expire and be taken over, allowing corners of the internet to become a bit like your hometown: Wait, wasn’t the Dairy Queen here?

For example, if TechCrunch forgets to pay its domain registrar, will eventually expire (on June 10, to be exact). At that point, some adventurous humans could snipe the domain and do nefarious things with it. Now, if is suddenly red instead of green and selling penis-enhancement pills instead of being preoccupied with great news and equally shocking reviews, you’ll likely discover that something is up. But black hat SEO scammers are more subtle than that.

When they take over a domain, they often point the web domain to a new IP address, revive the site, restore it as close to the original as possible and leave it for a while. When the IP address changes, SEO experts claim that Google temporarily “punishes” the domain by dropping it in the rankings.

This is called “sandbox” or “protection period,” and during this time, Google puts the domain under observation. Once Google decides – sometimes mistakenly – that changing the IP address below the domain was just part of the transition from one web host to another, the theory is that the domain will start going up the rank again. This is the time when the new domain owner can start his hidden business: update links to send traffic to new places for example, or keep the traffic the same and add affiliate links to earn money from his visitors. At the far end of the fraud range, they can use the good name and reputation of the original work to deceive or deceive users.

Since the invention of PageRank in 1996, Google has relied in part on the portability of trust to determine what makes a good website. A site that is linked to by a large number of highly trusted websites can generally be trusted. Links from that page can, in turn, be used as a measure of trust as well. It is quite simplified, it boils down to this: the more links from high-quality sites a page has, the more trusted it is, and the better it will rank in search engines.

You don’t have to dig deep to find examples of domains that at first glance seem legitimate, but have been surreptitiously diverted to another purpose.

While bad actors can take advantage of this fact, it’s also just something that happens on the internet – sites move from one host to another all the time for perfectly legitimate reasons. As Danny Sullivan, Google Search Coordinator, pointed out when I spoke to him about expired domains last week, TechCrunch itself has had some changes to owners over the years, from AOL, to Oath, to Verizon Media, to Yahoo, which have been the same It was bought by Apollo Global Management last year. Every time that happens, there’s a chance that new corporate heads will want to move things to new servers or new technology, which means IP addresses will change.

“If you were to buy a site — even TechCrunch; I think AOL bought you guys — the domain registration could have changed, but the site itself didn’t change the nature of what it was doing, the content it was providing or the way it was working. [Google] It’s also possible for content to change without changing the infrastructure or topography of the network, Sullivan said. “A site can rebrand, but just because it’s rebranded doesn’t mean that the basic functionality of what it was doing has changed.”

Buy and sell expired domains

You don’t have to look far to find places to buy expired domains. Serp.Domains, Odys, Spamzilla and Juice Market are the most active activities in this field. (As a side note, I’ve commented a file rel = "nofollow" On all three of these links are in the HTML for this article. They don’t get TechCrunch’s sweet, sweet link juice on my watch; As Google notes in its developer documentation; Use the Do not follow The value is when… you’d prefer that Google not associate your site with the… linked page. “)

Screenshot from Serp Domains, which lists about a hundred sites for sale, noting that “old, expired domains are unaffected by the protection effect”. The company lists prices from $350 to $5,500, and the original recording years range from 1998 to 2018. Image credits: syrb fields

“Get the expired domains that naturally acquired (almost impossible to get) trusted backlinks since they were actual businesses,” Odys announces on its site, adding that they are “outdated and out of the 1 mile protection period, [and] You already have organic, referral, and direct type traffic.”

These domains are listed for sale for anything from a few hundred dollars to thousands of dollars. Seeing sites disappear from the “for sale” list and then appear online shows that some of these areas end up being ethical at best and deceptive at worst.

It’s pretty easy to see why so-called “black hat SEO” people are willing to take all the trouble: build a domain from scratch, fill it with quality content, wait for people to hook it up and do it all by taking the book for flippin’ ever. Are you looking for a shortcut that shaves months, if not years, out of the process and adds the ability to turn a quick buck? There will always be people willing to go into this kind of thing.

“Google has identified inbound links as one of the top three ranking factors,” explained Patrick Stokes, a product consultant at Ahrefs. “The content will be most important, but your relevant links will provide a measure of strength for them.”

What spammers do

Spammers buy a domain that has recently expired and use a search engine optimization (SEO) tool like Ahrefs to measure how valuable a site is; It checks how many links go to the site and how valuable those links are. A link from TechCrunch, BBC or would be very valuable, for example. The link from a random blog post on is likely less than that.

Once they find a domain and buy it, they’ll use something like the WayBack Machine to copy an old copy of the site, paste it on a server somewhere, and – voila! – The site is back. This is obviously trademark and copyright infringement, but if you’re in the market for spam or fraud, it’s probably the least of your offenses against public morals, regardless of what the law says.

Over time – sometimes weeks, sometimes months – Google removes the domain sandbox and is effectively tricked into accepting the domain as the original. The traffic will start picking up, and the black hat SEO wizards will be ready for the next stage of their plan: selling stuff or scamming people. There are full guides for what to do next in order to use these domains, including checking if there are registered trademarks and redirecting either the full domain or certain pages on the domain using what’s called a 301 redirect (“moved permanently”) .

When a website goes offline [Google is] I’m just going to drop all the mentions from the links. This usually happens anyway when the page expires. Where it will be more complicated is whether any of these signals will return to a new owner. I don “t think so [Google has] I really answered this in a very straightforward way,” Stokes explained. “But if the same site with the same type of content — or very similar content — comes back again, the links will likely start counting again. If you had a site about technology and suddenly it was a food blog, all of the previous things would probably be overlooked.”

As with all things SEO, not everything is cut and dried; It turns out that negative signals persist on expired domains, so it makes sense that positive signals do as well.

“It’s interesting because sometimes the sanctions will continue to apply, regardless of the new site’s content,” Stokes said. “So there may still be certain things to consider. There is a huge list of Google penalties – like spam in backlinks, spam, paid links, etc. They can move to the new site, and sometimes people buy… a domain.” Expired and they put up a new site. Nothing is in the rankings, and upon closer inspection, they will find a specific penalty within Google Search Console.”

Sullivan reassured us that the search engine giant knows what’s going on and can handle things.

“It is not fair to say that all purchased sites are spam and therefore should be treated as spam,” Sullivan said, noting that the company’s powerful spam filters are in place to protect searchers. “WWhen actual spam does occur, we have a large number of anti-spam systems in place. There are millions and millions, if not hundreds of millions of [pages and sites] Which we keep away from the most important search results. One metaphor I like to use for people to understand how much work we do on spam is this: If you go into your spam folder and go, “Wow, I haven’t seen all of those emails.” These are things that were there but didn’t show up because your system said, ‘No, that’s not really for you. This is annoying.’ This is what happens in research all the time. If we didn’t have strong spam filters, the search results would look like you see in your spam folder. There is a lot of spam and our systems are ready to catch it.”

There is no doubt that Google does a lot to defend us against spam, yet there is a thriving industry of high-value, expired domains available, whether for honest corner-cutting attempts or nefarious business.

booming industry

You don’t have to dig deep to find examples of domains that at first glance seem legitimate, but have been surreptitiously diverted to another purpose. Here’s a little I came across.

One example is the Paid Leave Project, which used to live on, but moved its site to at some point. Unfortunately, someone in the organization didn’t renew and/or redirect the old domain, and the site that used to work so hard to ensure workers in the US get paid family leave is now, well…helping families grow in different ways:

Screenshot of, which now appears to be some kind of affiliate site for erectile dysfunction pills. Image credits:

Another tragic story is Genome Mag, which ran from 2013 to 2016, expired, and then returned online as a different magazine that the original owner had no control over.

Leave a Comment

Your email address will not be published.