If you’ve done any of the things in Situational Awareness you’re running some Talkwalker Alerts on things that interest you. Maybe you get yours via email, but I corral that stuff in Inoreader, so I have one coherent view across all my stuff. Every new project of substance gets a new persona, which has an email, and almost always a set of Alerts along with that.
Part of keeping an eye on Grifter: Richard Anderson Sharp III is a set of alerts on people and companies in his general vicinity. One of those people’s names, “Paul Massaro”, is subject to some sort of SEO effort that’s been crapping all over my alerts, so I dug into it.
Attention Conservation Notice:
This is going to be very technical, with Maltego, RiskIQ, and Python natural language processing. If you aren’t doing hands on work with tools like this you should do no more than note such things are possible, in case you need to commission an investigation of your own at some point in the future.
Background:
There were dozens of alerts showing up that all had to do with a tattoo museum starting four days ago. They were so numerous I finally opened one and it was immediately recognizable as SEO games, so I scanned it to see what was going on, and noticed Paul Massaro being mentioned. I did not assume that was the only thing in these, but it was a good starting point.
I opened the Talkwalker RSS feed which gave me raw XML, which I saved as a text file. I messed with it using MicroEmacs, the best text editor in the world for thirty eight years running, and I came up with a list of seventeen shithole domains participating in this scheme.
Some of these domains have thousands of subdomains associated with them, so I stuck to forty nine that were part of my problem. They were all hosted on Cloudflare, they used no martech at all that Maltego could see, so the only thing worth doing was checking out the technologies used. The outer ring are the domains, the green middle ring with the collections with counts are the subdomains themselves, and the blue items in the middle of technologies used. There are a tiny set employed, a quarter of what one would typically see, and they’re all very similar. This is one entity churning out low value content in a mechanical fashion.
I was curious to see who was benefitting from this so I downloaded the Trackers for all seventeen domains. There ere 9,401 total, here are the top 21 types by count:
2495,TwitterId
1023,TumblrId
750,SoupId
696,FacebookId
695,TwitterShortlinkId
548,YouTubeChannel
400,BitlyId
251,GooglePlusId
218,GoogleDocsId
205,LinkedInId
196,InstagramId
193,PinterestId
172,GoogleDriveId
146,VimeoVideoId
102,GoogleGroupsForumTopicId
87,BitbucketcomId
68,GoogleAnalyticsAccountNumber
60,LinkedinId
47,RedditId
45,GoogleAnalyticsTrackingId
43,GoogleGroupsForumId
I don’t think the social media IDs are worth much, but the Google Analytics IDs, which did not appear in the 49 URLs for the 17 domains, but which HAVE appeared elsewhere, included one that was prominent - UA-37472216. So this is a clue as to who might be running this mess. This is the report from BuiltWith on it.
So whatever is behind moneyrobot[.]com is of interest, it’s a ten year long effort, the other things have come and gone. Perhaps this was just a long term anchor client for the SEO effort - I have no deeply researched opinion here, it’s just the Google Analytics tag that showed up more than all the rest combined.
Forty Nine Posts:
I pulled the 49 posts that mentioned “tattoo museum”, extracted the text, and applied a Python script using NLTK to it. I did a manual review tossing the stuff that was definitely not of use - like the names of members of a band that dominated the airwaves in the 1970s. Eyeballing the hundreds of unique names it became apparent there were 44 of the 49 posts that had many commonalities, and these are the twenty three things that MIGHT matter from that set. Massaro’s is the only name I recognize from things to do with Richard Anderson Sharp III, Certified Shitbag.
komiuniti
Waterfront
Sā Sulu
Professor Don Brothwell
Paul Massaro
Pasefika
Owen Jensen
Niu Sila
Nifo
Fiti
Don Leslie
Doc Webb
Cloverdale
Cliff Raven
Chariton
Chadwick
Captain Don Leslie
Bellingshausen Station
Barbara Makuati-Afitu
Auckland Museum
Aotearoa
Anthony
Anna Felicity Friedman
Once I had this list, I decided to just Google “Massaro” and the other keywords, and I pretty quickly uncovered a simple name collision.
Conclusion:
This was odd right from the start, I’ve seen efforts to bury good links with bullshit, and this being so tattoo-centric was unusual. I was immediately thinking burial because I didn’t see anything being boosted related to the name that was of interest to me, but now in retrospect it’s a simple name collision.
A name collision that is a great big pain in my ass, because now I have to go around checking emails till I locate the one that’s got Richard Sharp/Ukraine related stuff in TalkWalker Alerts. I’m still using Brain as my desktop, so I don’t have access to many things.
Once I do find it, the solution is simple - the alert will be edited thusly, to skip the guy with all the ink.
“Paul Massaro” -tattoo
And that lack of access is in itself another story I will be able to tell fairly soon - I’ve been Exploring Hunchly Cloak on my own since some time in August, and late last week they issued me additional logins. Now my flying monkey, Spurious George, has one, and some others are going to join the fray. So I am trying to go 100% Mac and maybe retire this poor HP before it gives up on its own.