One of the biggest websites in the UK is fueled by criminal activity
A malware campaign is behind the meteoric growth of one of the biggest websites in the UK, research has suggested. Bitcoinnewstoday(dot)me is already labelled as a "dangerous website" by most search engines and trying to access it will bring up a bright red page on most.
Users of Microsoft Edge, for example, will see a warning that, "Microsoft recommends you don't continue to this site. It has been reported to Microsoft for containing misleading content that could lead you to lose personal info, financial data, and even money."
Yet, according to website analytics company Similarweb, the site experienced a massive growth globally in May 2020, growing by a staggering 320x to reach 23rd place in its UK readership leaderboard.
With almost 76 million monthly visits (and 51 million unique visitors) during the month, it is bigger than far more prominent websites like Paypal, Argos or Linkedin. A closer analysis of the site reveals that it has a global rank of 784 and nearly 96% of the visits occurred via mobile.
Worryingly, most apparently spent more than 40 minutes on the page visiting on average 1.37 pages. In other words, most visitors were stuck on page one for a long, very long time.
In a statement to TechRadar Pro, a spokesperson for Avira Protection Lab told us that the site could be what security expert call a "rotator". These forward unwitting visitors to a random advertisement, and more recently, pages that cover fake crypto-exchanges (aka a bitcoin scam).
The page appears to be part of a wider network, with the domain name registered in November 2019 in Russia using dummy data. The site has been active since December 2019, with traffic disappearing in April 2020 and surging back in May.
Fake registrant data was used, which is often a common tactic for malware, phishing or scam domains. The web hosting of the site is likely to be located in Germany.
Avira added: "Refer selection is done via geo-location, so you get a different page if you are in the UK compared to France. They have partner pages for pretty much all European countries such as the UK, Germany/Austria/Switzerland, Spain, France, Sweden, Romania and even smaller ones such as Lithuania. They don't seem to have pages for anything outside Europe, e.g. connecting with a Russian or Japanese IP just forwards you to e.g. the UK pages, while trying to connect with an US IP results in a forward to google.com. Funnily enough, Italian IPs also get redirected to google.com"
"Sadly there are dozens of these out there, and often they don't exist very long especially if they are getting flagged."