SEO

Are You Tired of the Google.com Domain?

Are you tired of typing into your browser “Google.com”? Would you like to enter something else, but still get the same results as if you went to Google.com? … How about XXXDisc.net?

Heather Paulson noticed something odd during a test of the SEM/SEO/AM research service Syntryx, which is currently in beta.

She stumbled across a site at the domain XXXDisc.net that shows weird stuff in the Who-Is records of domain name registrars. The other odd thing about the site is that it appears to be the search engine Google.com. The main part of the Who-Is record also seems to confirm that this site belongs to Google.

sej082007 googxxxdiscwhois Are You Tired of the Google.com Domain?

The site is hosted on a server with a number of other sites that have questionable content, to say it carefully. This is of course very unlikely. Another thing that is odd, is the fact that the site does not show the universal search navigation bar, but the old links above the search box to select the type of search you want to do (Web, Images, etc.). It also does not show a “sign-in” link to logon to your Google account and it has a link beneath the search box to http://www.google.com/ncr and the anchor text “Go to Google.com”.

sej goog 082007ani Are You Tired of the Google.com Domain?

You can do searches and browse around to most of the content of the Google.com website while actually being on the XXXDisc.net site. That this is confusing, even for search marketers is not surprising.

I think that there are only two possible explanations for this. The first and most likely one is that the xxdisc.net site IS pulling the code from Google.com. It looks like a simple DNS forwarder to Google’s data center 39-GV (IP 216.239.59.104). The sites DNS Server is DNS1.NAME-SERVICES.COM.

If you ping the domain, it shows the real IP, which is 69.25.142.3 and not he Google data center IP. “No reverse DNS set” for that IP is the response, if I try to do a reverse lookup via online tools like the ones from DomainTools.com or by using the Windows tool “nslookup” on my local machine.

You can do a domain forwarding to any other domain (website) you want to, even if you don’t own the domain. There are common uses for this, most of the times for sub domains. Like this one. It is a sub domain of cumbrowski.com and even looks like my site. However, it is not my site and actually hosted and operated by somebody else. The “Branded Feed” option from (now Google’s) FeedBurner is another example of that.

It is not limited to sub domains and can be done with the top domain as well. A common use for that is the domain forwarding of other domains you own (e.g. your brand names and/or trademarks or TLD variations of the same domain name (e.g. .org, .net, .info)) for your business to your primary website domain (e.g. YouBusiness.com).
The registrant of the xxxdisc.net domain is a person in Zimbabwe.

High Av Video co
cosomer lee (123user AT hiavgirl DOT net)
+263.123555777
Fax: +263.123456777
West wood street 213# linken road
mogan, 432229
ZW

It does not seem to be a malicious attempt by that person to do something sneaky. He just does not use that domain yet and instead of having a parking service throwing up some stuff (e.g. ads) does he simply redirect to Google.

However, that Google (the site code) allows that the Google.com site is pulled via a different domain name that is not owned by Google is a big oversight by Google. Somebody with malicious intentions could use it for bad things. The Google site uses relative URLs, which keeps the user on the different domain.

I checked the logins, they redirect to Google.com, which is good, and because that prevents that, the login cookie is being created on that non-Google domain.

In addition, a link appears on the Homepage that reads. “Go to Google.com”, but that is not enough IMO. Google should (301) redirect any request to their sites if the domain is not the real Google domain or at least if it is not one of their domain properties.

This is not that easy, if the second explanation is true. This explanation of the site would not explain the weird information in the Who-Is record for that domain though.

It could be the case that the a script is running on that domain that takes all requests, then does a HTTP request to Google in the background on the server side and then returns the results as is or as an altered version to the end user in his browser.

I doubt that this is happening though. It redirects to Google from some of the links, I mentioned already the login links and other links that do not refer to secured sections of the site, such as the links on the Google products page, link to the actual Google domain. A scripter would have caught those and changed to local URLs on his domain.

If there is another plausable explaination that explains these things and a reason why Google would allow this to happen, I am curious to learn about it. What do you think?

Update 8/5/2007 11:00 pm PST: Important! Read the comments to this post below. It is getting even fuzzier.

Cheers!

Carsten Cumbrowski

Free Internet Marketing Resources Portal.

e6149739a0ceadb8fde822225838bd26 64 Are You Tired of the Google.com Domain?
Carsten Cumbrowski has years of experience in Affiliate Marketing and knows both sides of the business as the Affiliate and Affiliate Manager. Carsten has over 10 years experience in Web Development and 20 years in programming and computers in general. He has a personal Internet Marketing Resources site at Cumbrowski.com. To learn more about Carsten, check out the "About Page" at his web site. For additional contact options see this page.

You Might Also Like

Comments are closed.

16 thoughts on “Are You Tired of the Google.com Domain?

  1. Great post Carsten, I found this using the new Syntryx.com beta which will be out in a month.

    I saw some amazing stuff, this XXXDisc.net is one of many interesting things I found using Syntryx… Total transparency ..

    Great post Carsten!

  2. Wow, now that is some information. xxxdisc.net? sounds like a spammy domain name. Redirecting, archiving? wat is tis exactly?

  3. Carsten – the IP address for “www.xxxdisc.net” is different than “xxxdisc.net”. The IP coming from the “www” subdomain is definitely hosted by Google’s infrastructure…is there a rogue somewhere.

    David Wolf

  4. Hey Carsten – any ideas for the GWS server return on the HEAD request?

    HEAD http://www.xxxdisc.net/intl/en/ads/
    200 OK
    Cache-Control: private, x-gzip-ok=”"
    Date: Sun, 05 Aug 2007 20:14:31 GMT
    Server: GWS/2.1
    Content-Length: 0
    Content-Type: text/html
    Last-Modified: Sat, 06 Jan 2007 00:35:21 GMT
    Client-Date: Sun, 05 Aug 2007 20:14:36 GMT
    Client-Peer: 216.239.59.104:80
    Client-Response-Num: 1
    Set-Cookie: PREF=ID=450c2d0395e6ee65:TM=1186344871:LM=1186344871:S=rWjVMoL9wkaI1
    9FZ; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com

    Versus this:

    HEAD http://xxxdisc.net/intl/en/ads/
    200 OK
    Cache-Control: private
    Connection: close
    Date: Sun, 05 Aug 2007 20:15:26 GMT
    Server: Microsoft-IIS/6.0
    Content-Type: text/html; charset=utf-8
    Client-Date: Sun, 05 Aug 2007 20:14:43 GMT
    Client-Peer: 64.74.96.243:80
    Client-Response-Num: 1
    Client-Transfer-Encoding: chunked
    X-AspNet-Version: 1.1.4322
    X-Powered-By: ASP.NET

    Cheers,
    David Wolf

  5. You are right David. http://www.xxxdisc.net and xxxdisc.net have different IPs. The one without the www is the none Google IP and belongs to ENOM in BELLEVUE/WASHINGTON.

    IP: 69.25.142.3
    Country Code: US
    Country Name: UNITED STATES
    Region Name: WASHINGTON
    City: BELLEVUE
    Latitude: 47.6052
    Longitude: -122.17
    Zip Code: 98008
    ISP Name: ENOM
    Domain Name: NAME-SERVICES.COM

    http://www.domaintools.com/reverse-ip/?hostname=69.25.142.3

    That “site” does a 302 redirect to the http://www.xxxdisc.net address, which has the Google IP

    IP: 216.239.59.104
    Country Code: US
    Country Name: UNITED STATES
    Region Name: CALIFORNIA
    City: MOUNTAIN VIEW
    Latitude: 37.3956
    Longitude: -122.076
    Zip Code: 94043
    ISP Name: GOOGLE INC
    Domain Name: google.com

    http://www.domaintools.com/reverse-ip/?hostname=216.239.59.104

    The reverse IP shows that there are 21 domains using the same Google IP address.

    41341.com
    718casino.net
    718casino.org
    718games.net
    718games.org
    Archiekalepa.com
    Briankeaulana.com
    Buzzykerbox.com
    Centinal.net
    Ckopo.org
    Darrickdoerner.com
    Gaming718.com
    Gaming718.net
    Gaming718.org
    Ictssl.com
    Ictssl.net
    Jasmineprice.com
    Makoanilsen.com
    Petercabrinha.com
    Prowaterman.com
    Xxxdisc.net

    Look at the sites, especially Ckopo.org, that is another Google “clone”. Even better, that site, or better subdomains of the site are referenced by the Russian Wikipedia.

    1. from this article
    http://ru.wikipedia.org/wiki/%D0%94%D0%BE%D0%B7%D0%BE%D1%80%D1%8B._%D0%97%D0%B0%D0%BF%D1%80%D0%B5%D1%89%D1%91%D0%BD%D0%BD%D0%B0%D1%8F_%D0%B8%D0%B3%D1%80%D0%B0

    The article means in English: Dozory.Forbidden Games and references to http://dp.ckopo.org/, which looks like the “Russian Firefox” site.

    The second reference is from the Wikipedia article about Firebug.

    http://ru.wikipedia.org/wiki/Firebug

    That one references to http://dp-wiki.ckopo.org/manual/firebug

    Now Ckopo.org, which looks like the Russian Google has a funny registration record (It loads the English version of Google for me, probably because I am from the US and the site recognizes that. I have not tested it yet with a proxy, idealy a russian one. I don’t have a proxy server list handy at the moment hehe)

    Here is the Who-Is record for Ckopo.org.
    http://whois.domaintools.com/ckopo.org

    Domain ID:D144168060-LROR
    Domain Name:CKOPO.ORG
    Created On:22-Apr-2007 19:09:45 UTC
    Last Updated On:22-Jun-2007 03:51:32 UTC
    Expiration Date:22-Apr-2008 19:09:45 UTC
    Sponsoring Registrar:Directi Internet Solutions d/b/a PublicDomainRegistry.Com
    (R27-LROR)

    Organization:PrivacyProtect.org

    Sponsored by “Directi Internet Solutions”? Privacy protector enabled? What is that?

    I am not a DNS crack to be able to give you an answer to that mess. I know that you can do funny stuff with hacked/unsecured DNS servers…. Shoot, I am now back in Fresno. This would have been something for DefCon, where I just got back from. There were rooms full of wizkids from around the world, who would have taken this apart.

    I got Heathers call yesterday night asking me what the heck that is and I had not much time for deep digging. That’s why did I do some checking to realize that there is something fishy and posted it this morning.

    It did not look like a big deal to me, compared to what I saw at the conference, where a guy who is (maybe) legal drinking age showed a room full of hundreds of people “how cool” the new security add-ons to online banking are (enforced by governmental regulations). You might noticed that pretty much every bank changed their authentication forms and procedures over the last few months. Those changes, caused by the new regulations are basically aiding hackers to break into your online account. If I spent a few days with it, I would probably able to hack my bank as well. Its that bad (and I am not a hacker, trust me). Different story. I am sure that over the next weeks stuff will surface in the news. Too much people saw this, not the detailed instructions how to break in, but the way the system works, or better, not works (he would have broken the law and go to jail, if he would have hacked somebody elses bank account in front of hundreds of witnesses).

  6. Pretty weird stuff comes up if you investigate the domain at Alexa, Archive.org and if you just type “xxxdisc.net” into Google.
    Further, did you try to type “any-thing-that-pops-up-in-your-mind.xxxdiscs.net” in your address bar?

    What is that?