Fishy junkware adwords scam adverts

These people have something to hide if they are doing this..

Regularly across the internet, if you don’t have an advert blocker, you see fake green “Download” buttons on websites with adsense / adwords adverts.

monkeywebstats fake download button

Spot the advert – right hand side below the “(free download)” link on the site. A green download button.. then a load of white space and then a logo. It isn’t clear to normal users that this is an advert. It ls less clear that the advert actually takes you to a website that isn’t about, won’t give you and will install other advertising software or software that is massively privacy invading.

Then the fishy stuff starts. If you click the advert* for the first time you get this page:


monkeywebstats landing page first visit

Firstly another website with a fake download button and no description about what you are actually about to download. If you scroll down another page past half a page of white space there are some grey links with “Terms & Conditions” etc.. but deliberately unclear.

But.. if you click it again and any further times from any computer on the same IP address you instead get:

monkeywebstats landing page further visits

Why would an advertiser do this… unless they have something to hide?

For starters it will make tracking down the source of malware difficult. If I visit a customer and look at their internet history there is a high chance I will discount this domain / website as the source. After all – there are no download options on the second site and it doesn’t look too suspicious.

Secondly.. I expect it also means that, when reported to Google and if Google customer services reps all use the same IP, they are likely to see the second “clean” site and not the one that is attempting to infect users.

This makes me angry.

Names associated with this scam:

Monkey Web Stats / ( LIQUIDWEB)
In the past I’ve seen them use an encrypted usb stick sales site to carry out the same scam.

Update: 15th November 2015. These people have moved onto using a different domain / website “ / Lambada Camera”

pdf creator adwords lambadacamera com scam 1

Click the fake download button and you get taken to “” which on first visit gives you a fake download / potentially unwanted software:

pdf creator adwords lambadacamera com scam 2

Upon second visit it looks like a legitimate website / product:

pdf creator adwords lambadacamera com scam 3

Update: 18th November 2015. I’ve come across another domain. with equally iffy adverts (spot the MASSSSSIVE fake download button at the top of the page).



Further visits then show a supposedly legitimate product page for some “coming soon” water pressure product.

Update 18th Jan 2016:
Another website with the same scam on a different domain Upon second visit you get a page supposedly a “really good” broadband router.
Upon first visit from the advert you get the crapware download page.

The router claims to have wifi (where as the picture of a CISCO router doesn’t) . The dimensions are also hilarious. They claim the router is 30.33 inches wide! Far wider than the standard 19inch rack mount CISCO router shown in the photo.

When you try to buy the “genius router” you get a Paypal page saying the recipient is unable to accept funds.
The Privacy Policy page on the genius router scam site seems to be a copy and paste of “Checkpoint”‘s Privacy Policy.

Update 22nd Jan 2016:

They’ve moved onto using

Other related domains are:

This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s