Affiliate Fraud Through Adult Advertising Networks

Posted by on Jul 1, 2013 in Affiliate Fraud, Cookie-Stuffing, Wire Fraud

* This post links to adult content *

Spend a while browsing through pornsharia.com (Alexa Rank #1045) and you’re going to stumble across something other than free porn, adult ads and every kind of man or woman looking to “hook up” only a few miles away from you.

This packet trace highlights a rogue affiliate in the Amazon Associates program that is Cookie-Stuffing Pornsharia visitors through the adxpansion.com adult advertising network.

Here’s a screenshot of the rogue ad in action.

When going through the packet trace, note how the scammer uses adxpansion.com to display a Flash binary which looks like a legitimate ad. This same binary then routes the browser through a number of hosts (ovirfh9384.info, my-hosts.info) in an effort to blank the referrer and then make a final request to Amazon.

The net effect is that affiliate chablo0b-20 is essentially stealing revenue from honest affiliates competing for the same traffic by claiming unearned commissions from Amazon. Of course, you could argue that Amazon is not losing any money because Amazon is catching these fraudsters. That may very well be the case (and if so the honest affiliates still lose!), but keep in mind we are dealing with fraudsters who are spending money to run ads on sites with enormous traffic. This doesn’t come cheap, so why would a fraudster spend money if he wasn’t making any?

Because Amazon probably isn’t catching them.

I give this fraudster a 4/10

  • 1 point for basic Cookie-Stuffing
  • 1 point for using the Flash bandit. If you want the Flash binary then get in touch with me.
  • 1 point for spending his own coin
  • 1 points for targeting sites with enormous traffic volume

Unfortunately this scam is not too difficult to pull off properly. A fraudster with a bit of technical know how and a budget can slip past the quality controls of an advertising network and quite easily start Cookie-Stuffing at scale.

« »

3 Comments

  1. Joe
    September 20, 2013

    Could you send us also this Flash binary? Thanks

  2. wesleyb
    September 20, 2013

    Contacting you via email..

  3. Antonio M
    October 13, 2013

    Hi,Wesley,Do you still have the Flash Binary?I want to research it.Could you please send to me?Thanks,