The scam

Referrers from a domain called have been filling up my logs lately. I initially believed it was visitors using an anonymizing service, but alas, it’s yet another referrer scam.

The scam plays out like this:

  1. You, the webmaster follows the bait (referrer) from your analytics.
  2. You get served some ads on an intermediate page.
  3. You get served with additional ads on the destination page, by way of clickjacking popups (if you’re executing JavaScript in your browser).

The scammer on the other hand gets paid by Mgcash Media, a CPA Affiliate Network providing monetization for trolls worldwide.

How to stop the spam?

Block the IP address used in the spam campaign (this is also the A record of the domain):

iptables -I INPUT -s -j DROP

Block the referring domain:

RewriteEngine on
RewriteCond %{HTTP_REFERER} anonymizeme\.pro [NC,OR]
RewriteCond %{HTTP_REFERER} anotherspammer\.com [NC]
RewriteRule .* - [F]

I’ll update this post with additional information in the event that the scammer adds new domains and IP addresses.

Just to clarify, I’m not saying the service is being abused. They provide no actual service other than the (not even convincing) ploy to generate ad revenue.

Roger Comply avatar
Roger Comply
Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed.