Monday, May 28, 2018

Affiliate Movie Streaming Scam Service

Dear readers,

I'm sharing some information here wondering if anyone can identify the criminal affiliate program at the root of this scam service.

The scam begins with what seems to be an automated bot-response posted on Facebook.  One of the outstanding questions -- can anyone identify a bot that is making these spammy posts?  These are a few examples from many thousands observed over the past week.

Step One: Unknown malware uses stolen Facebook credentials to post a spammy comment link.

We'll just do one walk through here, but each of these functions in the same way.  The spam post, which often will be added as a comment to a publicly shared post that mentions a movie, links to a Facebook page.  Let's walk through the Ogbani Wanyu post first.

Step Two: The Spam link points to a Facebook page created to share a shortened URL.

Recently popular movies have Facebook pages created that claim to offer the ability to watch full movies and share a shortened URL, usually links, but we've also seen links.

Step Three: A shortened URL redirects to a Blogspot page (sometimes other types of pages)

The shortened URL on the fake IMDB page has received 4,298 clicks as of this writing.  Important to note that we've seen A COUPLE HUNDRED of these pages so far!  Each shortened URL points to a different redirection page.  So far about 80% of those we've traced go to Blogspot pages.

Step Four: A Blogspot page hosts a movie streaming service affiliate page

These Blogspot pages promise free streaming of many movies that are still out in the theaters.  Currently these include Solo (the new Star Wars movie), Avengers Infinity Wars, Deadpool 2, Rampage, and many other movies that are very recently released in the theaters.

Some of the top affiliates in this program actually send their shortened URL to a free ".tk" domain which then uses randomization to send the traffic to one of their dozens of Blogspot blogs.  That is the situation with Gmail user who has at least 50 blogs just associated to that gmail account!  Each link takes the visitor to yet another movie streaming redirector site:

Step Five: Try to stream a Movie ... redirects to the streaming service and credits the affiliate

So, let's try to stream "Ant-Man and the Wasp" which, as of this writing, hasn't even been released to theaters yet.  

We are now redirected to the streaming service ... in this case, the site is "" but that is one of dozens as well.  Note the "sub=doelsumbang" ... that part of the URL is revealing the affiliate name that should receive credit for the income generated from this click.

Many of the affiliate blogspot pages point to streaming services that have names similar to the old PutLocker criminal streaming service.

Step Six: Register your "Free Account" 

Oops!  We can't watch the movie yet!  We haven't registered our "Free Account!" 

Stream your favorite movies FOR FREE!  Sign up FOR FREE!   FREE Unlimited Access!

Step  Seven:  Provide your Credit Card for the Free Service!

Step Eight: Get Billed $39.95 per month

So, how much do you suppose this Free service will cost you?

That's right....$39.95 per month ... FOREVER.

But wait!  I thought it was FREE!?!?!? 

Did you read the Terms & Conditions?   Free trials are for 24 hours, after which, they automatically convert to premium accounts, billable at $39.95 per month.

Upon completion of the free trial period, your signup to the Site will renew automatically on a monthly basis billed as stipulated in your signup process, until cancelled regardless of the length of your free trial period. Please note, prices for the service may vary depending on country, device, service offered and promotions. The first day following the expiration of your free trial period will be your anniversary date for billing purposes during your Monthly Package Term. Your Payment Method will be charged the recurring monthly package fees and any applicable sales tax on the day following the expiration of your free trial period unless you have chosen to cancel your package prior to the conclusion of the free trial period. YOU MUST CANCEL YOUR MONTHLY PACKAGE PRIOR TO THE END OF THE FREE TRIAL OFFER TO AVOID CHARGES TO YOUR PAYMENT METHOD. You will not receive any notification from Silveris s.r.o. online at the expiration of your free trial. Please note the expiration date of your free trial for your records.

The Ask: Do you know more about this scam?

If you have additional information about any parts of this scam, we'd love to hear from you.  Examples of things we'd like to know:

1. Where does this program sign up affiliates?

2. What malware is making the Facebook spam comment posts?

3. Who runs the affiliate program?

Other Gaming, Movie, Book, websites offering the same scammy terms of service: 

A Small  Sampling of Blogs related to this scam:

1 comment:

  1. Its happening again (or still):


Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.