Inside a Malicious Push Network: What 57M Logs Taught Us

Researchers exploited lame DNS delegations to claim abandoned domains used by a global push-notification affiliate ad network, passively collecting ~57M events and 60GB of JSON over ~15 days; analysis exposed large-scale deceptive/sCAM push notifications in 60+ languages, detailed subscriber metadata, the actor’s fraud mitigation and pricing practices, low effective CTRs and modest revenue, and confirmed that no malware payloads were delivered via the sampled network.