Image Spam Sites Flooding Backlinks, Negative SEO?

This is an interesting case. Several months ago we started noticing some odd backlinks appearing for a high volume client account. At first, we ignored it and passed it off as a standard scraper site hotlinking our images. Several weeks later, we noticed several hundred more, which was a bit alarming. We checked a few other clients in Google Search Console to see if this was an isolated incedent. Nope, all of their backlink profiles were clean. Another month passed and we were auditing another high volume client and noticed the exact same backlinks we saw on our other client. Hundreds of them. So, of course, we started investigating.

Here’s the pattern of these odd backlinks:

  • they’re image aggregator websites and have hundreds of thousands of indexed pages
  • they are creating backlinks by hotlinking our images
  • they’re all hosted behind Cloudflare- and if your IP pings the site more than once, you get a 500 error (for roughly 12 hours)
  • if you follow the domain, you’ll see it’s ‘parked by GoDaddy’
  • all of them are re-registered expired domains, with relatively high authority

Some of the domains in question:

  • eddiecheever.net
  • kwalai.com
  • fullservicecircus.com
  • bahrainpavilion2015.com
  • stbarbmassillon.com

They seem to be all hosted with the same Cloudflare account, because after visiting one of the domains and visit another, you’re IP is immediately blacklisted. Digging deeper, our immediate thought was this is a large, somewhat sophisticated click fraud ring using monetized Godaddy parked pages. However, the parked domains aren’t monetized (CashParking). We figured they could be cloaked based on referral source or country, but that doesn’t seem the case. We’ve tried using various IP addresses, countries, and tried accessing the site non-directly. Below is a screenshot of the ‘GoDaddy Parked Domain’:

Godaddy parked domain backlink spam

Two things to note here: the domain isn’t actually up for auction, and secondly, all the links on this Godaddy parked page are using affiliate/coupon code ‘GPPTCOM‘. All the domains in question are using GPPTCOM, as well. You will see the big blank space near the left- where the Adsense ads are suppose to fill.

Examining GoDaddy Parked Domain Spam

As mentioned, all these domains were once expired, have decent domain authority, and looking at archive.org, have a long history. Looking through the actual site using Google cache, we can see how these domains are hotlinking:

Spam Backlinks from Parked Domain

The hyperlink is utilizing

target=”_blankrel=”noreferrer noopener nofollow“”

And the image hotlink is using:

class=”img-responsivereferrerpolicy=”no-referrer

Which is run of the mill image aggregator spam structure, but, it’s a lot more sophisticated.

Conclusion

I write this because in the last month, I’ve seen these backlinks grow extremely fast. When we first noticed them, we couldn’t find any other digital agency experiencing something similar- even on their largest client sites. There was no info popping up on Google or Webmaster Forums. Although, only in the last week, there’s been several blog posts about these links and discussion in various SEO groups. Which means, I’d assume, this will be a growing issue. We are still monitoring this development- but as stated at the beginning of this article, I believe this is some sophisticated click fraud bot using GoDaddy’s CashParking.

Reach out to us if you find yourself in a similar situation or if you have any insight on this topic. We’ll be updating this post as we gather more information.