BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Fraudsters found a use for a banned iframe


    Researchers from Malwarebytes described a campaign in which cybercriminals used porn site visitors to get money for showing ads, even if users had never seen those ads.

    Fraudsters used "popunder ad" - a pop-up ad that runs when a user opens the site. While the pop-up ad appears on the home page, the pop-under opens in a new window under the tab the user is working on.

    In the detected campaign, the pop-up ad looks like a real blog with articles stolen from other sites. But on top of this page is an "iframe" - a porn site that completely overlaps the original page.

    In addition, blog posts are regularly updated and generate new ads for further monetization in Google Ads. This happens without the user's knowledge as the tab is launched as a popunder.

    If a user clicks on a video in an iframe page, it will count as a click on a Google ad at the bottom of the page. On average, there were about 5 Google ads per popunder page.

    But clicks on ads are not the only way scammers make money. Simply loading an ad on a popunder page creates ad impressions that the attackers get paid for. In this case, the user does not even need to see a pop-up window.

    According to Segura, a sign that this was a fraudulent campaign was the presence of Google Ads on the iframe page. Google policy does not allow Google ads to be placed on websites with adult content.

    “It turned out to be a clever way to hide a fake blog loaded with a lot of ads, most of which are hidden behind a full-screen pornographic iframe. As unsuspecting visitors launch the pop-up landing page and continue browsing in another tab, the honeypot website is constantly updated with new content and new ads, generating millions of ad impressions per month,” Malwarebytes said.

    Malwarebytes researchers found almost 300,000 visits per month and over 50 page views per visit. The average time a visitor spent on the site was less than 8 minutes. The user may be on another active tab, and the popup page is constantly updating new articles along with Google Ads.

    For this campaign, the page generated an average of 35 ad impressions per minute. The total number of ad impressions was more than 76.4 million per month, and for one impression, the fraudsters received $3.5 (Average CPM), which amounted to almost $270,000.

    Malwarebytes notified Google of the ad campaign, which has now been fixed.

    Author DeepWeb
    Marijuana and withdrawal symptoms
    Grouping Vice Society armed with a custom ransomware

    Comments 0

    Add comment