Use Caution With Sedo Today (Updated)

Sedo malware

I saw the Domain Name News article about Sedo and the apparent malware warning some users are encountering when they visit the site, and I want to reiterate that you should use caution if you need to visit Sedo’s website today until it’s cleared up.

I am not sure what the issue is, but there is an error message in Google results when you search for Sedo that says “This site may harm your computer.”

I reached out to several people at Sedo a moment ago, and I will provide an update as soon as I have one. For now, I’d avoid visiting the website until you get the all clear. Hopefully the issue is resolved ASAP.

*** UPDATED – 8/24/12 – 12:52PM EDT ***

Sedo just issued a statement:

Sedo has been made aware that visitors attempting to access the Sedo.com or Sedo.co.uk websites using either the Firefox or Chrome web browsers have been receiving security alerts preventing entry. While the Sedo website is still accessible without warning on both Internet Explorer and Safari, we immediately began investigating the root cause of these warnings to ensure there was in fact no risk to our users or visitors to the site. At this time we can report that no threats have been detected and our technical teams are currently working with Google and others to ensure these false warnings are immediately removed.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

10 COMMENTS

  1. It is forwarding to the .de site, but when I tried to login I received the malware warning again. And another funny thing happened. At 1:26pm today I received an email from Sedo saying I received an offer for one of my domains…1 minute later at 1:27pm I get

    “Thank you for listing your domain “******” for sale with Sedo. Unfortunately we have been forced to cancel the recent bid thread as the buyer’s Sedo account has been closed.”

    Could this have something to do with Sedo being compromised?

  2. Heard about this earlier, hopefully it’s nothing too serious although I don’t use Sedo.

    Just a word of caution, someone I know said that they got a lot of offers for their domains today and knew something was going on – so maybe it’s a good idea to not get your hopes up if you’ve reviewed a few offers today 🙁

  3. Interesting. I knew something was up. I didn’t see any warning, but the site wouldn’t let me log on. I was certain I typed in the correct password (repeatedly), but I had to change it – twice – before I was able to log on.

  4. *

    I think I’ll stay off until we get the all clear.

    Somebody might have hacked the site– perhaps someone not happy with the results of the Great Sedo auction?

    Anyway, this is serious, and I hope Sedo solves the problem soon.

    *

  5. Something strange is happening or just happened at Sedo, where I have been a customer for 6 or 7 years. By chance about 12 hours ago (6 hours before this blog post) I was having a routine check for optimization purposes of my highest traffic domain which is parked there.

    I actually typed the domain in (to Safari) to look at the type of ads served, but instead of the usual Sedo parked page the browser bar went through several strange redirects, too fast to read, then settled on a completely unrelated ad, for a telco actually. Not a Sedo parking page, no message saying “this domain may be for sale by the owner” etc.

    I was totally baffled and was going to contact a tech friend today until I read this blog. But also today, the domain now resolves to the correct Sedo parked page so the problem may have been fixed. I’m not a tech person, but I guess someone may have temporarily accessed the DNS (ns1.sedoparking.com etc) to take temporary control of Sedo domains to earn some affiliate money.

    I tried two other domains at random, one went to a Sedo parked page as normal, the other went through the same fast maze of redirects, this domain was BeautyProgram.com (a low traffic name). I just took a look at yesterday’s browser history, and typing in that domain redirected (via several other redirect addresses) to: (can’t guarantee it’s safe to open it!)

    http://freesearchquick.com/search.php?q=Beauty&sid=567343397&sa=8&p=1&s=79064&cskey=blz62&qt=1345798508&q=Beauty&rf=&enc=&enk=prHmmYaZZsnm4wfjJuPmyQaxhuMmmYap5skHqQbBj4k%3D&xsc=&xsp=&xsm=&xuc=&xcf=&xai=&qxcli=08d239ef12f9ca62d80696f84517c239&qxsi=8a47c49af8f8779c&mk=1&pls_flag=&ScreenX=1024&ScreenY=768&BrowserX=1022&BrowserY=652&MouseX=0&MouseY=0&is_iframe=0&ifmref=0&script_start_time=1345849802.07&xtr_new_end_time=1345849802.22&ol=08d239ef12f9ca62b720b6b36b6b68f6

    This page contains affiliate beauty ads, and I suspect an unknown person took all the revenue. (I’m not complaining here about the revenue, I may have lost about five cents!) Maybe some tech person can see something in this code.

    I have absolutely no evidence or belief that “FreeSearchQuick” is involved in this situation.

    Today, BeautyProgram correctly opens a Sedo parking page.

    So in my opinion, Sedo security was compromised and Google’s warning was clever and appropriate, not “false”, and someone took control of an unknown number of Sedo domains for a period of time. I hope this information is useful to Sedo, who I have always found to be a good company. By chance, I currently have a sale in progress and everything in my Sedo account is working perfectly. I have accessed it twice in the last 12 hours.

    Sedo is welcome to contact me. Using my browser history, I was just now able to recreate the series of redirects exactly as they happened, though the perpetrator may act to remove the domain codes and links.

  6. Following my recent comment about Sedo parked domains being redirected, I had a second look at my Safari browser history, since the redirects are retained. I clicked on the record for BeautyProgram.com and managed to get a screenshot during the fast redirects, uploaded here:

    http://www.facuum.com/redirect.html

    …So the domain temporarily redirected to bumbalee.com, 79064.bestjiffysearch.com and then freesearchquick.com

  7. I didn’t get any warning message when I went to Sedo today. Re: receiving offers, I usually check with my manager if I want to know if it’s legitimate, esp. when it’s a minimum 4-figure first offer.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

What Does Atom Say Your Most Valuable Domain Name Is?

13
Yesterday afternoon, Atom.com released its updated automated domain name appraisal tool. The tool is free to use and offers some insight into its value...

Liquidity.com Sold for 7 Figures

3
Liquidity Group, a company that is billed "as a leading AI-driven direct lender operating a multibillion-dollar portfolio globally," made a significant domain name upgrade....

Failed Transfers Aren’t Automatically Refunded

11
I keep most of my domain names registered at GoDaddy because I find it is easier to manage a portfolio at one registrar. Throughout...

Updated: Escrow.com No Longer Supporting Payments To/From China and Israel

5
Update: After publishing this article, I heard from Freelancer.com CEO Matt Barrie (Freelancer is the parent company of Escrow.com). Matt told me the information...

Atom.com Shares Non .com Sales Distribution

3
I have spent more money on non-.com domain names this year than ever before. My perspective is that startups are using them as less...