Company Registers 100K+ Domains to Distribute Rogue Ads and Steal Traffic
I just found an interesting post on Sucuri.net, a globally distributed security company, that revealed that the company China Capital Investment Limited (CCI) is using an illegal method of making money by inserting malicious ads on other websites and stealing traffic.
According to DomainTools CCI is associated with 139,326 domains. That’s close to $1.5 million dollars in registration fees (assuming all of these got handregged). All of these domains have one thing in common: they have a good amount of backlinks.
This is how they operate:
- CCI has a system in place that analyzes expired domains and tries to register those which have multiple backlinks (an example of a domain they registered is twomediaxthemes.com).
- They then immediately park the domains to try to monetize them.
- CCI also created a script that injects ads on all sites that use a backlink to their newly purchased domains. It works like this: A lot of people that find a nice picture through a Google image search or on a website and decide to embed it on their site (if copyright allows it) will use a link like http://examplesite.com/image.png. Of course after the domain expires the image will seize to work. When CCI however buys and parks examplesite.com their script will then continue to reply to any image requests but instead of showing the original picture they will serve an ad instead. In other words websites of people who were having image links on their websites that pointed to expired domains (that CCI now acquired) will suddenly start to show ads on their website.
- CCI also offers all of their domains for sale on domain marketplaces for additional revenue.
- If after a year the domain is not sold but CCI generated more revenue from parking, injecting malicious ads and hijacking traffic compared to the cost of a renewal the domain will be renewed. Otherwise it gets dropped.
The best advice to avoid scenarios like this is to never hotlink images and other static resources from third-party websites. By hotlinking not only are you stealing resources (bandwidth) and potentially infringing on someone’s copyright but you are at risk that your site will be infected with malicious code at some point.