Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About
One of the common tactics used by spammers and black hat "SEO" is to use Doorway pages for their spam content. These pages get indexed by search engines and when visited by a real user (not a bot), redirect them to a different URL that they want to promote.

Most times, this is done using various automatic redirects. The redirect mechanism can be quite simple or very sophisticated, client-side (e.g. JavaScript) or server-side (PHP or/and .htaccess). What all of them have in common is they need to properly tell unneeded traffic from target traffic. To do it, the redirect scripts normally check a referrer, visitor's IP and User-Agent and then act accordingly.

However, these Chinese doorways for fake popular and luxury goods stores use a much simpler approach - they check visitors' time zone.

All the doorways include the same external JavaScript with the following code:



Which when deobfuscated looks like this:

This code checks if a visitor comes not from China (timezone is not GMT +8) and then redirects eligible visitors to the beneficiary (spam) site. Visitors from China and some neighboring countries (unneeded traffic) and bots without JavaScript stay on those gibberish keyword-staffed doorways pages.