Unraveling a baroque, snarled, multimillion-dollar porn-ad clickfraud scam

Panos Ipeirotis, who writes the aptly named "A Computer Scientist in a Business School" blog, describes how he made national news by unraveling a multimillion-dollar "clickfraud" enterprise that used hidden frames, pornographic traffic brokerages, clever misdirection and obfuscation techniques, traffic laundering, skimmed traffic, and other techniques from the shadier side of the Internet's ad-supported ecosystem to extract anywhere from $400K to $5M to date. The monetary losers were pornographic sites, but a number of high-profile "legit" sites were implicated, unwittingly used as "laundries" for the traffic. The scheme itself is awfully baroque, and Ipeirotis does an admirable job of laying it out, while introducing all these marvelously weird terms describing the modern practices of Internet grifters.

At this point, we now know how this person makes money. Clearly, there is click-fraud: the scammer is employing click-fraud services to click on the pay-per-click ads "displayed" in his parked domains. If some of the ads are also pay-per-impression, he may also get paid for these invisible impressions that happen within the 0x0 iframe.

Why the parked domains though? Why not doing the same directly within the porn site? The answer is simple: Traffic laundering.

What do I mean by "traffic laundering"? First, the ad networks are unlikely to place many ads within a porn site. On the other hand, they have ad-placement services for parked domains. Second, the publishers that get the traffic from the parked domains see in the referral URLs some legitimately-sounding domain names, not a porn site. Even if they go and check the site, they will only see an empty site full of ads. Nothing too suspicious. Hats off to the scammer. Clever scheme.

You think we are done? No. There is one more piece in the puzzle. How does the scammer attract visitors to the porn site?

The other interesting part: The porn website does not really contain porn! There are a few images but most of the links are to other porn website that actually host the video. In other words, the scammer does not even pay the cost of hosting porn!

Uncovering an advertising fraud scheme. Or "the Internet is for porn" (Thanks, Fipi Lele!)


  1. Think you’re wrong about the monetary losers. To quote from the blog:

    Effectively, the only one hurt in this chain are the big brand advertisers, who feed the rest of the advertising chain.

  2. The term “parasite” is used in the description of the scammer. It’s interesting to see how economic systems eventually take on the characteristics of biological systems. 

    1.  Economic systems are biological systems for the most part – like an ant colony or a beehive but on a larger scale.  Emergent behavior from a biological system.

        1. Both economic systems and Soylent Green(tm) are comprised of people.

          wait.. also disco flash mobs.

          Economic systems, Soylent Green and disco flash mobs are comprised of people.

          ..and possibly robots. 

          Careful chewing the tasty Soylent Green Metallic(tm)

          This message has secretly subscribed you to six different, quasi-religious self-help mailing lists while you were reading.


  3. “For the technically curious: reading the address of the top frame is a challenging problem. For security reasons, browsers do not allow cross-domain scripting. So, it is not possible to just call the “top” object and read its properties. We have a proprietary solution for this.”

    In other words, AdSafe is using exploits to violate cross-domain javascript security policies and snoop on the sites you visit. I’m in the process of de-obfuscating their javascript so I can report this to the browser vendors, I’d encourage others (who are less easily distracted than me) to do the same.

      1. Yes, here you go:


        The relevant function is called P, and tries various tricks to figure out the top frame URL, although it doesn’t seem to work in the versions of Chrome and Firefox that I have.

    1.  I think it has been known for as long as there has been ad banners online…

      What i find really funny is a supposed Swedish kid that raked in around a million SEK a year by basically running a page that linked to free porn sample galleries (this was back before *tube).

Comments are closed.