After The Mirror outed T3 Leads for being involved in hacking sites, some of the hackers have found themselves with nowhere to currently sell their leads to, but the sites still rank.
If you search for payday loans in Google UK (link direct to Google results) and then click on this result:
You will be redirected to 1000paydaycashloan.com which displays the following message:
Yet if you go visit Hourofthetime.com via a regular link, or by typing it into a browser, their normal site will load:
This hack allows the sites genuine owner (and its regular visitors) visit the site without realising there is anything strange going on. But if anyone clicks through from the search results for a ‘payday loan’ related keyword they are directed onwards to 1000paydaycashloan.com, which had been involved in dozens of hacking incidents linked to T3 Leads until The Mirror forced them to break that relationship off.
The exact same redirect hack is currently in place on Desipio.com:
Again if you click through to this site from a ‘payday loan’ search phrase you will be taken to 1000paydaycashloan.com, but if you visit the site directly then you’ll see what the legitimate owner intended:
Both of these hacked sites are hosted on Godaddy – multiple attempts to report the hack to them over the last month have gone unanswered, even although it has been pointed out that these sites have been involved in multiple types of crimes (hacking websites and illegally trading payday loan leads).
The problem of these hacked sites are partially solved if T3 Leads are refusing to process their leads any more. But why are Godaddy not removing the hacked sites themselves? They pose a danger to consumers as the hacker is actively looking to sell the traffic elsewhere.