Unraveling a baroque, snarled, multimillion-dollar porn-ad clickfraud scam


Panos Ipeirotis, who writes the aptly named "A Computer Scientist in a Business School" blog, describes how he made national news by unraveling a multimillion-dollar "clickfraud" enterprise that used hidden frames, pornographic traffic brokerages, clever misdirection and obfuscation techniques, traffic laundering, skimmed traffic, and other techniques from the shadier side of the Internet's ad-supported ecosystem to extract anywhere from $400K to $5M to date. The monetary losers were pornographic sites, but a number of high-profile "legit" sites were implicated, unwittingly used as "laundries" for the traffic. The scheme itself is awfully baroque, and Ipeirotis does an admirable job of laying it out, while introducing all these marvelously weird terms describing the modern practices of Internet grifters.

At this point, we now know how this person makes money. Clearly, there is click-fraud: the scammer is employing click-fraud services to click on the pay-per-click ads "displayed" in his parked domains. If some of the ads are also pay-per-impression, he may also get paid for these invisible impressions that happen within the 0x0 iframe.

Why the parked domains though? Why not doing the same directly within the porn site? The answer is simple: Traffic laundering.

What do I mean by "traffic laundering"? First, the ad networks are unlikely to place many ads within a porn site. On the other hand, they have ad-placement services for parked domains. Second, the publishers that get the traffic from the parked domains see in the referral URLs some legitimately-sounding domain names, not a porn site. Even if they go and check the site, they will only see an empty site full of ads. Nothing too suspicious. Hats off to the scammer. Clever scheme.

You think we are done? No. There is one more piece in the puzzle. How does the scammer attract visitors to the porn site?

The other interesting part: The porn website does not really contain porn! There are a few images but most of the links are to other porn website that actually host the video. In other words, the scammer does not even pay the cost of hosting porn!

Uncovering an advertising fraud scheme. Or "the Internet is for porn" (Thanks, Fipi Lele!)