Long time no see, but I’m back.

I had my first solo trip - two weeks in Crete. It was amazing, and I would definitely do solo traveling again (maybe even go back to Crete. I still have to unlock the other half of the island)

Here is an image as an icebreaker.

And no, I haven’t forgotten my last project. So keep reading to find out how it’s going (and for more Crete photos at the end).

Performance Update

I’m approaching three months, but there’s still no breakthrough.

However, that doesn’t bother me much, keeping in mind I publish reports on random sites and haven’t spent that much time on it.

There are now 233 reports.

Here is how it looks from the GSC (Google Search Console) side:

Traffic does not correlate with adding new reports, which shows that it’s a hit or miss - some reports get searched for, and some get ignored.

See the performance and indexing charts below.

More reports ≠ more traffic.

During my last iteration I scraped https://www.reddit.com/r/Scams/ for websites that were suspicious or obvious scams. I ended up providing around 100 comprehensive reviews, all manually reviewed.

Some of these reports started receiving traffic immediately.

But as that batch is now done, I made a list of new targets that were already covered on other review websites. Let’s see how it goes.

Critical Vulnerability (Thanks to Vibe Coding)

Security is the thing I know best - it’s literally my daily job - so I’m very aware of how a single design flaw can introduce vulnerabilities.

My goal when building the site was to make it fast, and the architectural choice (static pages hosted on Vercel) means I’m not too concerned about my React app being vulnerable.

But at some point, I decided to ask AI to review my code and see if it could find any issues.

And here we go.

The first one is the most interesting.

My reports URL looks like this:

https://www.scamraven.com/reports/example

What this vulnerability means in theory is that an attacker can move up the directory from where the application is being served.

And this URL with a payload:

https://www.scamraven.com/reports/../../../../etc/passwd

…would give the attacker sensitive system files, which could eventually lead to remote code execution and full compromise.

Scary, and a good explanation of how Vibe Coders end up in this situation:

But as I mentioned, I run static pages on Vercel with no server-side logic, inside a sandboxed environment, so this vulnerability is unlikely to have any real impact. Still, I patched it anyway.

My Grand Idea of Getting Backlinks

My project relies solely on organic traffic. Success depends on how many keywords I can rank for since I target long-tail keywords with low search volume.

But even then, with a fresh domain, I’m not getting great rankings. According to GSC, my average position is 9.

Best way to improve this?

Backlinks. High-quality backlinks increase domain authority.

So I had this genius idea:

This would help me get backlinks from high-authority sources.

However, I gave up on the idea.

Why?

I started working on it and scraped over 2,000 real stories from people who either faced romance scammers themselves, or had friends/family who did.

Which is surprisingly high, to be honest.

It took effort to scrape and summarise it. But the end result looked like this:

“scam_type”: {
        “primary”: “Advance-fee scam”
      },
      “timeline”: {
        “initial_contact”: “Victim was approached by someone on Facebook claiming to send money.”,
        “trust_building”: “No specific trust-building actions were detailed in the comments.”,
        “early_red_flags”: “Commenters noted that believing someone on Facebook is giving away money is a red flag.”,
        “scam_hook”: “The hook was the promise of receiving money, introduced as a generous act.”,
        “money_request”: “Scammer requested a $90 enrollment fee to release the funds.”,
        “collapse”: “Victim suspected it was a scam when they had to ask if it was a scam, leading to blocking/reporting the scammer.”
      },
      “linguistic_patterns”: {
        “love_bombing”: [],
        “future_faking”: [],
        “trust_anchors”: [],
        “mirroring”: [],
        “guilt_trips”: [],
        “urgency”: [],
        “investment_pitches”: [],
        “grammar_style_notes”: []
      },
      “behavioral_red_flags”: [
        “🚩 Fast Intimacy”,
        “🚩 Investment Pitch”
      ],
      “scam_indicators”: [
        “Claims they can’t video call because of job.”,
        “Falls in love very quickly.”,
        “Insists on moving to WhatsApp immediately.”,
        “Uses profession that explains constant travel.”,
        “Introduces investment opportunity after emotional bond.”
      ],
...



I tried formatting it as a prompt for AI. And this is where things got hard.

I wanted the scenarios to be very specific, which ended up in a huge prompt. The chatbot (GPT-5) could follow it, but the struggle started when I (as a user) tried to respond.

Real users can say anything - from “ok” to “I spent the whole weekend making drugs.”

And in such cases AI either goes:

• “wow, that’s amazing, could you help me by sending me 50 dollars honey?”
  or

• gets stuck in small talk for too long.

Expanding the prompt with more instructions didn’t work.

The more you give to AI, the more likely it is to drift, ignore instructions, or hallucinate.

Then I switched my approach. I tried introducing a finite-state machine and a double AI-agent architecture (one model keeps the scenario, the other analyzes).

Didn’t fix anything. It just increased complexity. There’s no quick way to implement this using chatbots, and it’s time-intensive to get a reasonable outcome.

My Grand “Giving Up Moment” for the Backlink Strategy

I’m pretty sure that if executed correctly, this could still become a killer case study that gets links if published properly.

But right now, I don’t have the motivation to do it properly.

It’s also hard to justify. I’m getting no income from this, and it’s unlikely to become a service or paid tool. Best-case scenario, I could monetise traffic - but to increase traffic, I just have to keep pushing new reports.

Overall: I took a big bite, and I got sick working on this.

I’m putting this on hold. Maybe one day I’ll get back to it, but it’s hard to push when you don’t enjoy the work.

As a last straw, I talked with ChatGPT about this:

Thank you ChatGPT for the support <3.

How did I come up with this idea?

I wanted to rank for “romance scam,” so I created a static romance scam scenario quiz:

https://www.scamraven.com/quiz/romance

It took me a couple of days to build the basic scenarios.

But then I wanted to make it better. That’s how I ended up with this “grand idea.”

If I ever return to this (and knowing myself, I probably will), I’d create very strict scenarios with answer options (no open responses).

Basically, something similar to what I already built, just better, with more educational value.

Next Steps

My plan is simple: more reports.

Which should result in more traffic.

But shooting in the dark and creating long reports on sites that nobody checks (for “is X website a scam”) is a bad approach.

So I’m planning to start mass scanning and producing smaller reports (TLS checks, WHOIS info, blacklist checks, etc.)

And only if a page starts ranking or gets at least one organic user, I’ll expand it into a full manual report like before.

Hopefully Google won’t penalise my domain for this.

Thanks for reading to the end!

Here are the promised pictures from Crete.