Warning, links are not work safe, and added some extra characters to break the urls
Interesting, I found this in my http logs today
riversideactiongroup.org 81.177.14.41 - - [05/Jun/2007:15:35:08 -0400] "GET / HTTP/1.1" 200 36822 "https://c4806.loladotraff.info/522567xx/" "Opera/9.00 (Windows NT 5.1; U; en)" *** "https://c4806.loladotraff.info/522567xx/"
So I did a wget on the url and got
hey! your Link a here : Blog
Given from:
https://www.riversideactiongroup.org/
The first thing that went through my mind was the site had been hacked and was redirecting to a porn site, then I added a browsers string to wget
wget -U "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4" https://
and got a screen full of html with an iframe that points to the porn I saw earlier.
So it looks like someone is creating a website that when viewed with a search bot will display a page mentioning https://www.riversideactiongroup.org but when viewed with a mainstream browser will display porn.
I am not sure why I saw the reference to the loladotraff site in the logs but makes me wonder if any real people are searching for riversideactiongroup and getting porn. I did a quick search on google, yahoo and ask but didn’t come up with anything obvious.
I got the same referer this morning (https://c12343.loladotraff.info/1326283xx/ and https://c12343.loladotraff.info/1326197xx/), and I got here searching “loladotraff.info” in google.
Anyway, thanks for the details (even if I’m not enough geek to understand it all..)
:]
I also have lots of loladotraff referers in my WordPress Stats. When I try to load the reffered Site, I got an “Server does not response” error. Mysteryous …
I still show the site being up and accessible for the url I orginally saw in my logs.