Advice needed on an unusual case

[petrosc]

Hello,

I regged a name a few months ago, that I found from bulk scanning a big list of names that were supposed to have some traffic. After registering it, I noticed to my surprise that this name is receiving 1,500-3,000 uniques/day. The domain name itself is search engine related, and the traffic appears to be SE related as well.

I wondered why this name is getting all this traffic, because the name is not a generic and in the archives I could not find any previous websites. Also, the fact that I've had it for months shows that it's not expired traffic because the traffic does not decrease over time(in fact, I feel it was increasing). I did some quick research in google and couldn't find the source of the traffic influx (which is type-in btw), so I left it parked and forgot about it.

Then, 2 days ago I got an email from a person who was asking "I would like to know why your search engine in on my computer with out my permission,"

At first I didn't pay attention to it, but then I gave it a second thought went back to do some more research and I finally realized that this domain name belonged to some spyware, adware or something of that nature, and that it's code was sending the traffic over to my domain name.

So now I'm worried. Can I get in trouble by owning this name? At the moment, it's parked and the landing page is SE related.

 

[domaingenius]

I guess as long as you can prove that you did not put the spyware on the computers then
you will be ok, but I would keep as much info as possible. It may be the complainer to you IS the spy"master" and he now realises he lost the domain ?. Either way if domain gets to hot
I will gladly look after it.

DG

 

[petrosc]

Thanks for the advice! But how does one prove that he has nothing to do with the spyware? The only thing I can think of as "proof" is to compare the registration date (2008) with the date of some posts in spyware forums (dating back to 2006), where the domain name is mentioned in the spyware description.

But can this me considered as proof ?

 

[EnricoSchaefer]

I would recommend dumping the domain if you can. You are incurring potential liability at least in the sense that someone might sue you for it or allege criminal liability. It takes a long time and lots of money to sort those things out in court. You might also consider removing commercial activity (ads) on the site so that you are not benefiting financially from the spyware. You also risk that either Google or yahoo will shut your site down from their ad programs (blacklisted) which could occur across your entire portfolio of domains under your, for instance, adsense account. Lots of bad things here. Who knows what else that spyware is doing?

 

[domaingenius]

Thanks for the advice! But how does one prove that he has nothing to do with the spyware? The only thing I can think of as "proof" is to compare the registration date (2008) with the date of some posts in spyware forums (dating back to 2006), where the domain name is mentioned in the spyware description.

But can this me considered as proof ?

Have you checked who owned the domain before you ?. If you PM me the name I will let you know. I have a feeling it MAY be something to do with someone that has been convicted and jailed in the USA perhaps . As I say, if it gets too hot for you I am quite happy to take it over.

DG

And yes proof could be something like date of registration perhaps.

 

[petrosc]

I couldn't find who owned the name before me... unfortunately. If you can help me find out I'd appreciate it. PM sent

I would recommend dumping the domain if you can. You are incurring potential liability at least in the sense that someone might sue you for it or allege criminal liability. It takes a long time and lots of money to sort those things out in court. You might also consider removing commercial activity (ads) on the site so that you are not benefiting financially from the spyware. You also risk that either Google or yahoo will shut your site down from their ad programs (blacklisted) which could occur across your entire portfolio of domains under your, for instance, adsense account. Lots of bad things here. Who knows what else that spyware is doing?

certainly an angle I would have to look at... thanks a lot for your post!

 

[Domagon]

I get the impression from OP's post that the domain went through the complete drop cycle and was deleted at the registry level - then sometime later the OP regged it.

In regards to monetizing, as long as the traffic is "real" and "productive", in my view, there's little to worry about in regards to parking. Ride the wave and enjoy the revenue

If the OP is getting many complaints, the OP may want to consider adding a promently visable notice / link somewhere explaining why some folks may unexpectedly be reaching the domain. I've actually had to do something similar on some domains I use wildcard dns on - some folks with faulty DNS resolvers occasionally reach my domains instead of their intended destination; the recent dns patch likely eliminates much of that, hopefully, but I digress.

Alternatively, if the domain is "too hot to handle", there's always the option of selling it - just be sure to disclose in writing to the buyer its past history and nature of its traffic prior to sale.

Ron

 

[petrosc]

Thanks , yes this is exactly what happened, I hand-regged it. I dont really think that I will ever have problems with the parking companies as the traffic is real and productive as you say, however I am worried that I might get in trouble because of the actual adware, I'm not 100% sure that I can provide sufficient proof that I have nothing to do with it.

 

[steveatvillas]

Log Files.... keep your log files.

 

[flamewalker]

I would do as others have suggested and put up a prominent notice. You might even link to a couple reliable antispyware sources (www.superantispyware.com, www.safer-network.com, www.malwarebytes.org, etc).

I have a domaintools.com gold/premium account so if you need whois registration and history information, I would be happy to help. I can usually get information that shows the domain was deleted from the registry before you registered it as well.

 

[BELLC1]

I'd be more worried about someone filing a delayed complaint that gets my DNS IP addresses blocked where that domain is stored.

 

[jberryhill]

You might even link to a couple reliable antispyware sources (www.superantispyware.com, www.safer-network.com, www.malwarebytes.org, etc).

That is precisely what Ultimate Search used to do with castoff spammer domains.

On the IP address blocking thing, it can happen. I once offered a $500 bounty for anyone who could show that spam was sent from a domain name *after* it was abandoned and then re-registered by ultimate search. The organization which had complained to the hosting company did not collect the $500, and moreover apologized for making the complaint once they saw how the domain name was being used.

In other instances, clients have picked up domain names previously used for illegal activities, such as child pornography and distribution of copyrighted material. On those occasions you can sometimes provide useful information to law enforcement authorities such as by turning on catch-all email and forwarding them what comes in, since there will sometimes be useful data resulting from former subscriptions to mailing lists, or from people intending to correspond with the former registrant. Being able and willing to provide that sort of assistance, which clients of mine have provided to the Hong Kong police, various US police departments, tax authorities, the FBI, the RCMP, the FTC, and so on goes a long way toward addressing the initial suspicion with which you might be approached.

 

[petrosc]

thank you all, for the valuable suggestions. This is why I love this community

 

[draggar]

I'd be more worried about someone filing a delayed complaint that gets my DNS IP addresses blocked where that domain is stored.

That's a good reason to move the domain to a registrar that you don't like. :lol:

That is precisely what Ultimate Search used to do with castoff spammer domains.

This is a double edged sword. Don't offer them help then you're part of the problem, offer them help then you're guilty. I've had pseudo viruses before and they've always pointed me to little known anti-spyware programs that cost an arm and a leg (even though Housecall, AVG, Ad-Aware, and Spybot usually kill them and some reconfiguration of IE / FF).

So, what if he directed them to some free services (like the above ones mentioned) or a site from a well known source (McCrappy, Norton etc..) discussing malware, how to treat it and how to fix it.

Petrosc - I'd suggest doing some research and find a way to "cure" the infected computers and maybe point people to a site, or include instructions on how to remove it (normally it is something as simple as changing the home page, default search engine, and removing an installed plug - simple to us but rocket science to many people). There is definately some malware pointing people to the site, which is good for your wallet but bad for your reputation.