Inside a Malicious Push Network: What 57M Logs Taught Us

This research details a large-scale push-notification malvertising campaign that used deceptive, multilingual notifications to deliver scam and adult-content lures worldwide; poor DNS hygiene (lame delegations) allowed researchers to claim abandoned domains and capture ~57M events revealing cleartext tracking, targeting metadata, low click-through rates, and a low-revenue CPM-based economy, with most victims in South Asia and no malware payloads observed.