While poking around in our shady-traffic logs Wednesday, I found a network big enough to be worthy of a blog post.
It's what we usually call a "spam/scam" network, although the spam aspect is a bit different, being based on Facebook rather than e-mail. Here's a sample page from Facebook:
The high number of "Likes" makes me suspect that the Bad Guys are using bots (or hacked accounts — same thing) to inflate their popularity a bit…
Anyway, our logs show that quite a few are people clicking on those womenshealth50.com links…
…and its "sibling sites" (courtesy of WebPulse's "SeeMore" big-data tool):
menshealth20.com
menshealth23.com
menshealth31.com
menshealth35.com
menshealth37.com
menshealth38.com
menshealth39.com
menshealth71.com
muscleworkoutgym.com
secretdietformula1.com
secretdietformula2.com
secretdietformula3.com
womanshealth5.com
womanshealth9.com
womenshealth10.com
womenshealth12.com
womenshealth31.com
womenshealth40.com
womenshealth42.com
womenshealth49.com
womenshealth50.com
womenshealth51.com
womenshealth55.com
womenshealth56.com
womenshealth57.com
womenshealth59.com
womenshealth60.com
womenshealth62.com
We've seen over 1300 of these URLs in the core WebPulse logs in the last week. And there are over 30 servers in this network, which made it a perfect snack to feed to our Spamnet Tracker.
–C.L.
Leave a reply
