The anonymizeme.pro scam

Referrers from a domain called anonymizeme.pro have been filling up my logs lately. I initially believed it was visitors using an anonymizing service, but alas, it’s yet another referrer scam.

The anonymizeme.pro scam plays out like this:

  1. You, the webmaster follows the bait (referrer) from your analytics.
  2. You get served some ads on an intermediate page.
  3. You get served with additional ads on the destination page, by way of clickjacking popups (if you’re executing JavaScript in your browser).

The scammer on the other hand gets paid by Mgcash Media, a CPA Affiliate Network providing monetization for trolls worldwide.

How to stop the anonymizeme.pro spam?

Block the IP address used in the spam campaign (this is also the A record of the anonymizeme.pro domain):

iptables -I INPUT -s 79.137.85.189/32 -j DROP

Block the referring domain:

RewriteEngine on
RewriteCond %{HTTP_REFERER} anonymizeme\.pro [NC,OR]
RewriteCond %{HTTP_REFERER} anotherspammer\.com [NC]
RewriteRule .* - [F]

I’ll update this post with additional information in the event that the scammer adds new domains and IP addresses.

Addendum:
Just to clarify, I’m not saying the anonymizeme.pro service is being abused. They provide no actual service other than the (not even convincing) ploy to generate ad revenue.