Affiliate Movie Streaming Scam Service

Dear readers,

I’m sharing some information here wondering if anyone can identify the criminal affiliate program at the root of this scam service.

The scam begins with what seems to be an automated bot-response posted on Facebook.  One of the outstanding questions — can anyone identify a bot that is making these spammy posts?  These are a few examples from many thousands observed over the past week.

Step One: Unknown malware uses stolen Facebook credentials to post a spammy comment link.

We’ll just do one walk through here, but each of these functions in the same way.  The spam post, which often will be added as a comment to a publicly shared post that mentions a movie, links to a Facebook page.  Let’s walk through the Ogbani Wanyu post first.

Step Two: The Spam link points to a Facebook page created to share a shortened URL.

Recently popular movies have Facebook pages created that claim to offer the ability to watch full movies and share a shortened URL, usually bit.ly links, but we’ve also seen Goo.gl links.

Step Three: A shortened URL redirects to a Blogspot page (sometimes other types of pages)

The bit.ly shortened URL on the fake IMDB page has received 4,298 clicks as of this writing.  Important to note that we’ve seen A COUPLE HUNDRED of these pages so far!  Each shortened URL points to a different redirection page.  So far about 80% of those we’ve traced go to Blogspot pages.

Step Four: A Blogspot page hosts a movie streaming service affiliate page

These Blogspot pages promise free streaming of many movies that are still out in the theaters.  Currently these include Solo (the new Star Wars movie), Avengers Infinity Wars, Deadpool 2, Rampage, and many other movies that are very recently released in the theaters.

Some of the top affiliates in this program actually send their bit.ly shortened URL to a free “.tk” domain which then uses randomization to send the traffic to one of their dozens of Blogspot blogs.  That is the situation with Gmail user ugutganteng2345@gmail.com who has at least 50 blogs just associated to that gmail account!  Each link takes the visitor to yet another movie streaming redirector site:

Step Five: Try to stream a Movie … redirects to the streaming service and credits the affiliate

So, let’s try to stream “Ant-Man and the Wasp” which, as of this writing, hasn’t even been released to theaters yet.
We are now redirected to the streaming service … in this case, the site is “box.imdbmov.com” but that is one of dozens as well.  Note the “sub=doelsumbang” … that part of the URL is revealing the affiliate name that should receive credit for the income generated from this click.
Many of the affiliate blogspot pages point to streaming services that have names similar to the old PutLocker criminal streaming service.

Step Six: Register your “Free Account”

Oops!  We can’t watch the movie yet!  We haven’t registered our “Free Account!”
Stream your favorite movies FOR FREE!  Sign up FOR FREE!   FREE Unlimited Access!

Step  Seven:  Provide your Credit Card for the Free Service!

Step Eight: Get Billed $39.95 per month

So, how much do you suppose this Free service will cost you?
That’s right….$39.95 per month … FOREVER.
But wait!  I thought it was FREE!?!?!?
Did you read the Terms & Conditions?   Free trials are for 24 hours, after which, they automatically convert to premium accounts, billable at $39.95 per month.
Upon completion of the free trial period, your signup to the Site will renew automatically on a monthly basis billed as stipulated in your signup process, until cancelled regardless of the length of your free trial period. Please note, prices for the service may vary depending on country, device, service offered and promotions. The first day following the expiration of your free trial period will be your anniversary date for billing purposes during your Monthly Package Term. Your Payment Method will be charged the recurring monthly package fees and any applicable sales tax on the day following the expiration of your free trial period unless you have chosen to cancel your package prior to the conclusion of the free trial period. YOU MUST CANCEL YOUR MONTHLY PACKAGE PRIOR TO THE END OF THE FREE TRIAL OFFER TO AVOID CHARGES TO YOUR PAYMENT METHOD. You will not receive any notification from Silveris s.r.o. online at the expiration of your free trial. Please note the expiration date of your free trial for your records.

The Ask: Do you know more about this scam?

If you have additional information about any parts of this scam, we’d love to hear from you.  Examples of things we’d like to know:
1. Where does this program sign up affiliates?
2. What malware is making the Facebook spam comment posts?
3. Who runs the affiliate program?

Other Gaming, Movie, Book, websites offering the same scammy terms of service:

Alpha-fun.net  Alphafuntime.com  AngeBliss.com  Angejoy.com Angel-bliss.net Animaflor.net Anima-fun.net  AnimaMuse.net  Aurora-star.net  Aurorawin.com  Blazeheaven.com Blissfulden.net  Bookrefuge.net  Cheerfun.net Cravebliss.com Cravemuse.com  Crescentfire.net Crescentflame.com  desert-star.net  Dusksky.net  Edenjoy.net Equi-fun.net Fairiefire.com Fairieglow.com  Fairydelight.net  FiestaBliss.net Filmpleasure.com Fireglows.net  Fire-stars.com
Flame-paradise.com Flamestars.com Flametime.net  FuegoFun.com  FuegoFunlife.com Fuego-star.com  FuegoZone.com  FunFate.net  Funhamper.com  Funhoyden.com Funmuse.net  Funorbit.net  Funrange.net  Funsphere.net  Funvictory.net  Glitterbliss.net  Golden-orbs.com  gothic-night.net  HavenDay.com  Havenwin.com  HugeGames.net  Inksmedia.com JinxedFun.com  Joyorb.com Joysphere.com  Lemonyfun.com  LevityTime.net LuckBliss.com  MarvelBliss.com  Masters-media.net Medievalnight.net  Moonflame.net  Musenow.net Muse-park.net  Musestar.net  OasisPrima.com  OldiesMusicCity.net Orbbliss.com Orbfun.net  Orbjoy.com  Palmtreefun.net  Palmtreemedia.net  Pixiebuzz.com  Pixiefun.net PlayLatex.com Playchain.net Polkafun.net  Sherglee.com  Shinebliss.com  SilvberOrbs.net  Sparkhaven.com  Spring-box.net Star-muse.com  Takencheer.com  Takendelight.com Twilightfun.net Twinkle-fun.net  Vaultfun.net  Yaydigital.net Zen-Muse.net

A Small  Sampling of Blogs related to this scam:

http://anuapambuh001.blogspot.com/
http://anyar456.blogspot.com/
http://asdfghjkfdgsdfaf.blogspot.com/
http://avengerinfiniitywar.blogspot.com/
http://avengers—boxoffice.blogspot.com/
http://avengers–infinity–war.blogspot.com/
http://avengersmarvell.blogspot.com/
http://avenjerinfinitiwar2018.blogspot.com/
http://birudihatiku33.blogspot.com/
http://blackoval21.blogspot.com/
http://boxoffic—download.blogspot.com/
http://boxoffice—-movie2018.blogspot.com/
http://boxoffice–acrimony–hd.blogspot.com/
http://cap-halloween2018.blogspot.com/
http://ciaxs-movie.blogspot.com/
http://cilokdicolookk505.blogspot.com/
http://cimenkabbook404.blogspot.com/
http://deaaddpolll.blogspot.com/
http://deadpooll2freehd.blogspot.com/
http://fastlifepainpayne.blogspot.com/
http://filmimdb112.blogspot.com/
http://gghocher.blogspot.com/
http://gomovieonline90.blogspot.com/
http://goo212.blogspot.com/
http://happytoenjoythemovie.blogspot.com/
http://home–boxoffice.blogspot.com/
http://jarwogembung.blogspot.com/
http://kicebboong19.blogspot.com/
http://kolangkalingeduarew.blogspot.com/
http://kopisusuhitamkupu2.blogspot.com/
http://kurakurabuntung.blogspot.com/
http://liernjink.blogspot.com/
http://madea—lionsgate–boxoffice.blogspot.com/
http://madeamovielionsgate.blogspot.com/
http://madeamoviie.blogspot.com/
http://mercyduffyunik.blogspot.com/
http://minininin21.blogspot.com/
http://moviekadutgood.blogspot.com/
http://moviesonlain212.blogspot.com/
http://moviestriming2018r.blogspot.com/
http://moviestriming222.blogspot.com/
http://nylenehnjk.blogspot.com/
http://oleholehemas.blogspot.com/
http://putlokeress12334.blogspot.com/
http://ratuangin79.blogspot.com/
http://rekuripure.blogspot.com/
http://septiselviana.blogspot.com/
http://tanduransubbur.blogspot.com/
http://tero-retewgold.blogspot.com/
http://terogew-oleb.blogspot.com/
http://the-golden-of-madea.blogspot.com/
http://the-venom-movie-online21.blogspot.com/
http://thebeastmovies2018.blogspot.com/
http://thefirstpurgehd.blogspot.com/
http://top-movie-newsmadea.blogspot.com/
http://trainemovies.blogspot.com/
http://transparanmovie.blogspot.com/
http://tyler–e–perry.blogspot.com/
http://tylerperry55.blogspot.com/
http://venom-movie-hd2018.blogspot.com/
http://welcome-tyler-perry21.blogspot.com/
http://wwwtyllerperry.blogspot.com/
http://zoss01.blogspot.com/
https://beastacrimony.blogspot.com/
https://camat-jos.blogspot.com/
https://inditinditanbae.blogspot.com/
https://luckgd69.blogspot.com/
https://madea-infamily.blogspot.com/
https://mocmov.blogspot.com/
https://reta-x.blogspot.com/
https://wakandawakandablackpanther.blogspot.com/

*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner, UAB. Read the original post at: http://garwarner.blogspot.com/2018/05/affiliate-movie-streaming-scam-service.html

Tags: affiliate spamMalwarestreaming
3 years ago
Gary Warner, UAB

Related Post

Recent Posts

NewDay Scores with TigerGraph Cloud to Fight Financial Fraud

Leading UK Credit Card Consumer Finance Company Uses Advanced Graph Analytics to Intercept Fraudulent Credit Card Applications, Boost Anti-Fraud Efforts…

27 mins ago

VMRay Closes $25 Million Series B

Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…

3 hours ago

The Hacker Mind Podcast: Hacking OpenWRT

For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…

3 hours ago

Goodbye to Flash – if you’re still running it, uninstall Flash Player now

It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…

3 hours ago

Being a Defender

1. Be a student of (information security, network security, cyber security). Always strive to know what the latest tactics, trends,…

4 hours ago

Smart DNS: Delivering the Best Subscriber Experience

This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network…

4 hours ago