Company Registers 100K+ Domains to Distribute Rogue Ads and Steal Traffic

Company Registers 100K+ Domains to Distribute Rogue Ads and Steal Traffic

July 16, 2016 Domaining Stories 4

stealing trafficI just found an interesting post on Sucuri.net, a globally distributed security company, that revealed that the company China Capital Investment Limited (CCI) is using an illegal method of making money by inserting malicious ads on other websites and stealing traffic.

According to DomainTools CCI is associated with 139,326 domains. That’s close to $1.5 million dollars in registration fees (assuming all of these got handregged). All of these domains have one thing in common: they have a good amount of backlinks.

This is how they operate:

  1. CCI has a system in place that analyzes expired domains and tries to register those which have multiple backlinks (an example of a domain they registered is twomediaxthemes.com).
  2. They then immediately park the domains to try to monetize them.
  3. CCI also created a script that injects ads on all sites that use a backlink to their newly purchased domains. It works like this: A lot of people that find a nice picture through a Google image search or on a website and decide to embed it on their site (if copyright allows it) will use a link like http://examplesite.com/image.png. Of course after the domain expires the image will seize to work. When CCI however buys and parks examplesite.com their script will then continue to reply to any image requests but instead of showing the original picture they will serve an ad instead. In other words websites of people who were having image links on their websites that pointed to expired domains (that CCI now acquired) will suddenly start to show ads on their website.
  4. A similar thing happens with JavaScript files. Websites linking to old JavaScript files (.js) that were hosted on expired domains that CCI acquired (for example expired domains that used to belong to theme developers) can now serve malicious JS code that will redirect all your traffic to CCI’s parked domains in order to increase their own revenue.
  5. CCI also offers all of their domains for sale on domain marketplaces for additional revenue.
  6. If after a year the domain is not sold but CCI generated more revenue from parking, injecting malicious ads and hijacking traffic compared to the cost of a renewal the domain will be renewed. Otherwise it gets dropped.

The best advice to avoid scenarios like this is to never hotlink images and other static resources from third-party websites. By hotlinking not only are you stealing resources (bandwidth) and potentially infringing on someone’s copyright but you are at risk that your site will be infected with malicious code at some point.

And finally, theme developers should always include all their JavaScript files and other static resources inside the theme package instead of linking to them. This also will avoid security issues like these.

About the author

Bram C.:

4 Comments

  1. Doron Vermaat

    July 16, 2016
    Reply

    Wow. This really is some next level. I am impressed. Shame they can't use this "out of the box" thinkig to build a legit business.

    • Bram C.

      July 16, 2016
      Reply

      Indeed :-)

    • ANTHONY

      July 17, 2016
      Reply

      Exactly Doron!

  2. Anon

    July 17, 2016
    Reply

    I am impressed too. :D

Would you like to share your thoughts?

Your email address will not be published. Required fields are marked *

Leave a Reply

Pin It on Pinterest

Share This