Redirection spams sponsored by Namecheap

Post Reply
User avatar
MarkGiles
Posts: 2001
Joined: Wed Mar 30, 2011 2:40 am
Contact:

Redirection spams sponsored by Namecheap

Post by MarkGiles » Mon Feb 13, 2012 12:42 am

Namecheap is a reseller for Enom, which in turn is wholly owned by Demand Media.

Over the month of February 2012 we have seen a succession of short-use domains registered with Namecheap and appearing in spams. What characterizes these particular spams is that the raw domain URL returns an innocent looking opt-out request screen.

When spammed the URL is longer. The longer URLs will redirect via other domains which either track the URL usage for spammer affiliate payment systems, or act as an obfuscation of the eventual target site. They are also being used in click-jack fraud, where scammers claim rewards for driving traffic to web sites.

The redirections are often geography-sensitive. If the user's URL is in one geography it will redirect to a target for that geography. So a US user will see a US specific financial loan offering, whereas an Asian user will see some completely different offering.

Here is an example to illustrate the method

EXAMPLE:
spammed = contact.outcomeconsultants.com/t/c/1612/views/sz172432.html
1st redirect = tictacktrac.com/?a=760&c=11963&s1=
2nd redirect = traclogic.com/default.aspx?a=760&c=11963&s1=
3rd redirect =abperfect.com/abo/aboptimizer.php?eid=MzY=&var1=ca-non&var2=760
4th redirect = accuquotepromotion.com/path2/lp10_1.php?aid=ca-non&sid=760&cid=&eid=36&vid=43192947

Affiliate ID 760 is being paid to perform the spamming

User avatar
MarkGiles
Posts: 2001
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: Redirection spams sponsored by Namecheap

Post by MarkGiles » Mon Feb 13, 2012 12:47 am

Promoted by redirection spam
A selection of the domains that are at the end of the redirection chains:

bankruptcy.me
accuquotepromotion.com
plaqueattacksales.com
teststarte.com
thompsoncigar.com

User avatar
MarkGiles
Posts: 2001
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: Redirection spams sponsored by Namecheap

Post by MarkGiles » Mon Feb 13, 2012 12:49 am

These domains have been found to be performing geographically-specific redirections. They are all registered with Namecheap, a reseller for Enom

abilityeducate.com
actualsuccessstory.com
allowtruth.com
amendconsulting.com
answersarchive.com
attendsolutions.com
beliefaction.com
campmine.com
changeprimary.com
completeyour.com
conceptteacher.com
developmentinstitute.net
devservices.net
everyonesucceed.com
finallytruesuccess.com
findgreat.net
genuinesuccessstory.com
havereason.com
idealinsight.net
impressionperfection.com
justapproach.com
necessaryexcellence.com
necessaryresources.net
openannouncements.com
outcomeconsultants.com
patronreach.com
pleasantidea.com
primaryconcern.net
prolificplan.com
realreveal.com
suggestedconcept.com
throughthis.com
truelifevictory.com
truthfulsuccess.com
understandyour.com
userperception.com
vitalnotices.com
yourpossible.com

User avatar
A440
Posts: 2297
Joined: Sat Nov 20, 2010 1:56 am

RE: Redirection spams sponsored by Namecheap

Post by A440 » Mon Feb 13, 2012 6:20 am

What I have always found suspicious about this company is that "enom" in Korean is what you call a bad person and is a term of derision.

PuddinTame
Posts: 437
Joined: Mon Aug 15, 2011 7:09 pm

RE: Redirection spams sponsored by Namecheap

Post by PuddinTame » Mon Feb 13, 2012 7:39 pm

Been seeing a lot of these myself, but not with Enom. The problem is I generally don't click through on them because I don't want to count as a 'success' in their eyes. I've been thinking I could knock up an ncat script to follow the redirects though.

User avatar
MysteryFCM
Posts: 2486
Joined: Mon Jul 14, 2008 4:47 pm

RE: Redirection spams sponsored by Namecheap

Post by MysteryFCM » Mon Feb 13, 2012 8:55 pm

;o)

http://hphosts.blogspot.com/2012/02/crimeware-friendly-registrars-namecheap.html

User avatar
MarkGiles
Posts: 2001
Joined: Wed Mar 30, 2011 2:40 am
Contact:

RE: Redirection spams sponsored by Namecheap

Post by MarkGiles » Tue Feb 14, 2012 9:20 am

One of the tools out there that allow you to "peel" off the redirections one at a time is
http://linkpeelr.appspot.com/

PuddinTame
Posts: 437
Joined: Mon Aug 15, 2011 7:09 pm

RE: Redirection spams sponsored by Namecheap

Post by PuddinTame » Tue Feb 14, 2012 8:50 pm

Thanks MarkGiles that looks great, I'll check it out.

Guest

RE: Redirection spams sponsored by Namecheap

Post by Guest » Wed Feb 15, 2012 8:14 pm


One of the tools out there that allow you to "peel" off the redirections one at a time is
http://linkpeelr.appspot.com/


Thank you. Very useful. Bookmarked
I generally use http://www.urlvoid.com/extract-url/

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests