Who Is Spamming the Heck Out of U.S. Legal Sites?

heat map

This is a data-rich deep dive investigating a large network of sites that are linking to a majority of top-ranking legal websites throughout the country. It is more technical in nature and has an expectation of some familiarity of SEO terminology. What we found was beyond our expectations. For those who are less tech-savvy, there is a section at the end in more plain language.

Several months ago, I received a call from an SEO friend of mine asking, “Are you seeing some weird domains linking to your client sites?” I responded, “We will take a deeper look and get back to you.” About the same time, a lawyer friend in New Jersey emailed me and said “Man, I am getting spammed to death.” Anyone who knows me, knows that I get a bit obsessive about data. We got the team together to dig in to see what was going on.  We started by compiling a list of example sites that had been hit.  What we found surprised us.

Gathering Initial Data

We began with a seed set of 13 legal sites that we had suspicions were being targeted with a potential negative SEO attack. These were collected from examples given by another agency, my lawyer friend in New Jersey, and a few of our client sites.  We pulled all the linking domains to each of the 13 seed sites using majestic.com (they were the only link tool at the time showing the domains).  Then we compiled all the links into a large spreadsheet to look for patterns.  What we found were sites similar to the ones below that tended to be newer sites and tended to link to a lot of legal domains:

  • http://lawyerconsider.com
  • http://lawyerrecords.com
  • http://attorneycell.com
  • http://attorneycomplain.com
  • http://attorneycover.com
  • http://lawyersuggestor.com
  • http://attorneypayment.com


The domains had a few similarities of note. First, many were registered with throwaway email addresses like ghostmail.com and rediffmail.com. But the vast majority were tied to the domain classicwebpages.com.  Classicwebpages.com is privately registered, but we were able to find a domain auction from several years ago that tied the domain to Hanish Arora of India. We were able to link the majority of the domains to six IP subnets (199.83, 107.154, 104.27, 104.18 , 184.168 , 50.63.202). The information in the overwhelming majority of domain registrations placed the owners of the domains as being from India.


We had some information that a large number of domains (we had no idea how large at this point) were being developed out of India  and probably tied to an individual named Hanish Arora.  We wanted to see just how large, and if we could find any other patterns based on a larger data set.

Getting More Data

We pulled website ranking information for five legal terms across 200 of the largest cities in the US using getStat.  With that data, we constructed a crawler that crawled the top 20 results for each search, pulled the linking domains from majestic, and cross-referenced the linking domains with the IP subnets listed earlier.  We also pulled whois information for each of the matched domains and tried to attribute the target sites to particular web vendors.  It is important to note that we took great pains to ensure that we omitted directory and non-law firm sites from the target sites that were crawled.

domain chart

We ended up with 1,865 matched domains that needed to be manually reviewed to ensure  accuracy. Of the matched domains, we were able to confirm 1,110 domains that were part of the same network.  Of the confirmed domains, 76.76% were indexed by Google.

We then reran the crawler using a new legal website rankings pulled from getStat. This time instead of using the IP subnets, we used our confirmed domains to match against the Majestic referring domains for each ranked website.

This is a heatmap of the cities with links from the network across the US:

heat map

Of the 2,994 websites in the top 20 in Google for our legal searches, 57% of them had links from this network and the average number of links per law firm domain from this network was 87.12.  Based on the size and reach of the network, we wanted to look at a couple of different factors, major directories and vendors associated with the domains.

Average number of network links of sites in legal directories

Average network links (in directory)85.4377.6555.8674.34
Average network links (not in directory)42.9236.5948.6633.53
Average of all sites87.1287.1287.1287.12

Percent of sites in legal directories with network links

Link from directory, has network links367680189846
Total link from directory4559333001163


Baseline for frequency of directories in top 20 search result domains

Count of sites with link from directory4559333001163
Count of sites without link from directory2539206126941831
Total sites2994299429942994
Directory share of top 20 sites15%31%10%39%


We also wanted to examine the number of network links by vendor.

domain vendor


There was nothing in the data that led us to believe that one vendor was using the network for benefit or detriment to other sites.

We also crawled three example network sites (attorneycover.com, lawyerconsider.com, and attorneychart.com) that were found to link to many of our ranking legal domains and compiled the frequency with which they tended to link out to specific external domains.

Average number chart

What we know at this point is:

  • An India-based person or company has built out more than 1,000+ domains recently that tend to link to legal sites throughout the U.S. The domains seem to be associated with a person named Hanish Arora.  We reached out to Hanish via LinkedIn, but have not received a response.
  • The highest percentage of domains with network links at 81% were attributed to sites that were listed in HG, although with HG’s 15% coverage of our sample sites and the fact that 57% of all sites had links from the network, we disqualified directories as a beneficiary of the links.
  • There is evidence of the same person or company building sites for other niches beyond legal.
  • There was no smoking gun in the whois information pointing to a specific person or company besides the individual already listed.
  • At 76.76% of the domains indexed when initially polled, Google seemed unable to properly identify the network as spam.  We sent the full list of domains to John Mueller at Google.
  • The sites all seem to have a similar structure and probably build content via scraped data.
  • Only a small portion of the sites have any link equity and of those, they tend to be from other network domains.
  • Several of the domains reviewed did show demonstrable traffic in SEMRush.
  • Many of the domains already have gone offline due to domain expirations or technical issues with the site or hosting.

More Perspective

Since we didn’t find anything definitive in our analysis at this point, we shared our data with a few trusted SEO’s in the legal space.

Conrad Saam


“We’ve seen an increasing level of sophistication and enterprise wide level of spam in the legal industry in the past 18 months.  This impacts both organic and increasingly local results.  It’s perpetrated both by opportunistic law firms, ‘winning’ business outside of their jurisdiction and ‘reselling’ that business back to the real local firms, as well as formal and informal marketing networks and organizations. Fighting spam has become a cornerstone of our product offering.”

Chris Dreyer


“A review of a client site (dolmanlaw.com) in the Florida market reveals 58 of the same ‘potential spam domains’ in the original Consultwebs spreadsheet. Many of them are attached to the same pattern of subnets outlined in the Google Doc you shared.  In other words, we can confirm that many of the same potential spam domains contained in the Google doc are pointed at one of our top ranking client sites in Clearwater.   They were hit with hundreds of thousands of spam links over a short period of time.

Negative SEO is definitely something attorneys should be aware of and it does happen.  They need to be constantly monitoring for activity like this. When it is caught early enough, links can be disavowed and any negative impact can be minimized.  If it’s left to fester though, it becomes a much larger problem.”

Mike Ramsey


“What I find interesting is that these spammy sites have touched most of the major players in the legal marketing field and a substantial list of top ranking websites. These law firm websites continue to rank which leads one to assume that 

1. The links have zero negative “SEO” effect

2. The link may actually be helping sites

I doubt the builder had any negative SEO intentions in mind and further research from Jr. shows as much. But, this is a good reminder of the biggest takeaway: Don’t waste time on negative SEO. 

As for spam, As we can clearly see here, Google still has a lot of work to do and seems to be fighting a losing battle.”

Other Insights of note

In one of the sites, we noticed a tremendous number of links to r.msn.com.  r.bat.msn.com is an ad redirect url for Microsoft.  This is basically the url that is responsible for collecting and recording clicks through their ad network.  We were only able to identify a few sites with these links and sent the domains and examples to Purna Virji of Microsoft to have their team review whether any manipulation was going on.  We have not heard back other than to say that their team was investigating.

In an early morning chat with Jono Alderson, of Distilled, as we sat racking our brains about where the money was, in the sites, he asked, “Does he [Hanish] have an account on Flippa?” That lead to the most likely reason for the sites.  Flippa bills themselves as “The Entrepreneur’s Marketplace – Buy and sell websites, domains and apps”.  We found an auction for a pre-built site from a year ago called wecustomers.com that is marketing the site with established traffic, social media, and even strategy and business plan.

Wrapping Up

After reviewing the data, it is hard to attribute this build-out to a specific company, and especially a specific company in the legal space, which was our initial thought.  Most likely, from our research, the goal of these sites is to either manipulate ads, or more likely, to sell as domains at auction with established traffic.  In Hanish’s own words:

“For the Auction winner, along with wecustomers.com I am offering 37 .com domain names (with exact match keyword searches more than 150000) mentioned below for free (all godaddy domains having more than 9 months renewal time left..enjoy :)”

With 1,100 domains in the legal space alone, out of potentially thousands, that leaves a tremendous amount of “pot sweeteners” for future domain auctions.  It also means that you need to be wary of domains with “established traffic”.  This is one of the top domains in this network based on traffic from semRush, divorceaccess.com.


That growth in traffic is built on scraped and spun content, and links from other network sites.  Paying thousands of dollars thinking that this will transfer to your new site and be sustainable is wishful thinking.

Keep in mind, that if your firm has seen these links (ask your SEO vendor), it is most certainly not the competitor down the street.  This strategy is large scale, shaky, and probably for the benefit of an individual in other areas beyond legal.  For peace of mind, we are sharing a file that you or your SEO can easily add to your website’s disavow file in Google Search Console.  It should minimize any risk from the links if any remain after the last Penguin update.


In Plain Language

An in-depth technical investigation by Consultwebs revealed a network of websites that are building suspicious links to many high-ranking legal websites in the United States.

We began by analyzing 13 legal websites that we suspected had been targeted with potential negative SEO attacks. We compiled a spreadsheet of the addresses of all the websites linking to the 13 law firm websites and then looked for patterns. We found that the websites all had numerous links from certain addresses.

They were registered with throw-away email addresses and the vast majority of these were affiliated with classicwebspages.com, a privately registered domain. An online domain auction record of a few years ago linked classicwebpages.com to an individual named Hanish Arora of India.

Our investigation found that a person or company, based in India, has recently built out more than 1,000 spam website addresses with thousands of links to legal websites in the United States, the investigation showed. The same individual or company appears also to be building websites for other commercial sectors besides the legal field.

The motive for creating the network of websites remains undetermined. The most plausible explanation is that they will be marketed for sale at some point as pre-built websites and domains with established web traffic and thousands of viewers.

Law firms should actively monitor their websites’ backlink profiles for spam websites linking their websites. These spam links, if ignored and allowed to accumulate, may eventually harm the rankings of your firm’s website. It may be part of a trend of increasingly sophisticated negative search engine optimization techniques.

Law firms should be extremely cautious about purchasing .com domain names that allege established traffic.

  • Russ Jones says:

    Freaking awesome work!

  • Gyi Tsakalakis says:

    Thanks for doing the work here JR! At the very least, you’ve given everyone a monster disavow file.

  • Michael Mogill says:

    Great write-up!

  • Harris Roberts says:

    Nice detective work!

  • Michael Dorausch says:

    Best thing I’ve read all week. I appreciate when people take the time to do research like this, especially when it’s shared.

  • Chris Dreyer says:

    Great work JR! The disavow file will be added to all our filings. Hopefully the crowdsourced data will help Google find and eliminate the network.

  • Michael Casper says:

    Hmmm, some of these domains seem to be serving google a different page then users. They seem to be detecting the google search redirect and directing traffic to specific domains with banner ads. So the system looks like a sort of churn and burn spamming of new domains that detect the google search redirect and leads traffic to a banner farm if it’s not a direct link.

    For example, if you grab the content from one of the domains in their active network and do a google search like for:
    “with almost 129,000 DPPO dentist locations”
    That search yields results for pages that have been indexed and cached by google, some of those domains are in your list. If you look at the links google has in that search, it’s odd. If you copy and paste the link that says the domain name it goes to a page identical to the page google has cached for that URL. But if you click the blue google search link to that page, the browser will take you to a different domain with no content besides banner ads. So one of the things they seem to be doing is detecting and misusing the google redirect system to send more traffic to google banner ads on completely different domains.

    So I’d guess they are pushing cheap domains up in search maybe by scraping popular articles, then misdirecting human search traffic to their banner farm, while at the same time probably selling links on the spam domains that will be quickly flagged. So keeping their banner farm clean while sacrificing domains and selling spam links.

    Regarding all the links you’re all seeing… The spammers also seem to have or have had banner ads on many of these spam websites which majestic may misread as a link to your website because your domain is in the url. The spammers are probably also both selling links and putting random links to lawfirms to mask their customer profile or simply to improve their link profile. So your website may be getting randomly linked as well.

    Overall it sounds to me like the footprint of a large semi-automated churn and burn SEO company and the damage they do is perhaps not intentionally negative SEO, but incidentally negative SEO. Also I think this is a good lesson that people should use Majestic SEO and generate your own disavow lists of domains based on trust scores to help google screen out stuff like this.