{"id":42103,"date":"2021-08-02T00:00:00","date_gmt":"2021-08-02T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/browser-notification-spam-tricks-clicks-for-ad-revenue.html"},"modified":"2021-08-02T00:00:00","modified_gmt":"2021-08-02T00:00:00","slug":"browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/","title":{"rendered":"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-thumbnail.jpg\"><!-- Begin mPulse library --><!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"latest news,web,privacy &amp; risks,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2021-08-02\"> <meta property=\"article:tag\"> <meta property=\"article:section\" content=\"latest news\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/browser-notification-spam-tricks-clicks-for-ad-revenue.html\"> <title>Browser Notification Spam Tricks Clicks for Ad Revenue<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/browser-notification-spam-tricks-clicks-for-ad-revenue.html\"><br \/>\n<meta property=\"og:title\" content=\"Browser Notification Spam Tricks Clicks for Ad Revenue\"><br \/>\n<meta property=\"og:description\" content=\"As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-thumbnail.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Browser Notification Spam Tricks Clicks for Ad Revenue\"><br \/>\n<meta name=\"twitter:description\" content=\"As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-thumbnail.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"51.152510931496\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"428466854\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"10\">\n<div class=\"article-details\" role=\"heading\" readability=\"40\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__description\">As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign.<\/p>\n<p class=\"article-details__author-by\">By: Erin Sindelar <time class=\"article-details__date\">August 02, 2021<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"38.691275167785\">\n<div readability=\"24.182046979866\">\n<p>As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign.<\/p>\n<p>Web push notifications are a browser feature that allows websites to push notifications to subscribed users. Chrome introduced the <a href=\"https:\/\/venturebeat.com\/2015\/04\/14\/chrome-42-launches-with-push-notifications-that-sites-can-send-even-after-users-close-the-page\/\">browser notification feature<\/a> in 2015 to allow websites to push notifications for new content or articles to their subscribers. When a user allows browser notifications for a site, it allows the website to push notifications to the browser.<\/p>\n<p>Unscrupulous advertisers are taking advantage of this feature in a unique case of <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/click-fraud\">click fraud<\/a> that might be taking advantage of more people being stuck at home and searching for streaming content. Trend Micro noticed an increase in this type of spam beginning in late February. Upon further investigation, we found something interesting and unique about this browser notification scheme. Instead of leading to anything malicious, the pop-up takes engaged users to legitimate security software websites.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-01a.png\" alt=\"Figure 1. User traffic being redirected to browser notification spam websites\"><figcaption>Figure 1. User traffic being redirected to browser notification spam websites<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>The abuse of the browser notification feature breaches the users\u2019 trust. The spammers are using this feature as a way to generate clicks for ad revenue, and using fear or misleading notifications to convince users to allow notifications.<\/p>\n<p><b>The doorways to spam<\/b><\/p>\n<p>Beginning in March, users started reporting unsolicited pop-up advertisements while browsing the internet using mostly Chrome and Edge browsers. Our initial investigation found that these pop-ups often originated from websites that were built to trick the users into allowing push notifications to the browser.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-02.png\" alt=\"Figure 2. Browser notification site is loading; the user must click \u201callow\u201d on the pop-up to continue.\"><figcaption>Figure 2. Browser notification site is loading; the user must click \u201callow\u201d on the pop-up to continue.<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"45.5\">\n<div readability=\"36\">\n<p>These browser notifications are common when using Chrome and Edge, and some users may default to clicking \u201cAllow\u201d when one of these notifications pop up.<\/p>\n<p>Users are led to the browser notification spam (BNS) sites through a variety of doorway pages, most of which seem to have been created specifically to attract user visits and redirect them to the BNS sites. In total, we identified more than 3,500 domains that redirect to more than 80 BNS sites. Based on IP ranges and registration information, we believe that the same actor or group developed many of the doorway pages for this spam campaign.<\/p>\n<p>Some of the sites used in this attack, which account for a significant portion of the traffic we saw, include:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">allowsuccess.org<\/span><\/li>\n<li><span class=\"rte-red-bullet\">aloha-news.net<\/span><\/li>\n<li><span class=\"rte-red-bullet\">beastbuying.com<\/span><\/li>\n<li><span class=\"rte-red-bullet\">centralheat.net<\/span><\/li>\n<li><span class=\"rte-red-bullet\">news-back.net<\/span><\/li>\n<li><span class=\"rte-red-bullet\">news-central.org<\/span><\/li>\n<li><span class=\"rte-red-bullet\">typiccor.com<\/span><\/li>\n<\/ul>\n<p>The 3,500+ doorway pages target a wide range of user interests. The majority of sites are for adult content, while sports streaming, video streaming, media sharing, and DIY blogs are also quite common. Some doorway pages were even localized; we\u2019ve seen doorways in various languages such as Bahasa, Chinese and Japanese. We\u2019ve even seen doorway pages hosting illegal manga in Japanese, implying the group behind this is not just setting up web pages randomly, but are actually aware of the types of content people in a particular country would be searching for.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-03.png\" alt=\"Doorway page leading to browser notification spam\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-04.jpg\" alt=\"Figures 3 and 4. Screenshots from two doorway pages leading to browser notification spam\"><figcaption>Figures 3 and 4. Screenshots from two doorway pages leading to browser notification spam<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36\">\n<div readability=\"17\">\n<p>The doorway pages not only facilitate this spam, but copyrighted material is also illegally used in the web pages\u2019 content. In Japan, the use of copyrighted manga is strictly enforced.<\/p>\n<p><b>Ads displayed depend on user\u2019s location<\/b><\/p>\n<p>The main goal of the group behind this is to redirect user traffic to the final advertisement sites. The text and images of the advertisement is localized based on the user\u2019s IP address.&nbsp; A user browsing from North America would be served a different advertisement compared to a user in Latin America or Asia. Below are three examples of advertisements that were localized for users in Brazil and Japan.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-05.png\" alt=\"Figure 5. McAfee advertisement localized for users in Brazil\"><figcaption>Figure 5. McAfee advertisement localized for users in Brazil<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-06.png\" alt=\"Figure 6. Norton advertisement localized for users in Brazil\"><figcaption>Figure 6. Norton advertisement localized for users in Brazil<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-07.png\" alt=\"Figure 7. McAfee advertisement localized for Japan\"><figcaption>Figure 7. McAfee advertisement localized for Japan<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37\">\n<div readability=\"19\">\n<p>Users who continue from here and click on the renew options on these pop-ups are redirected to the official online shops for McAfee and Norton 360.<\/p>\n<p>It was surprising to us that the pop-up spam would bombard users with ads to purchase legitimate security software. Apparently, this is a very specific kind of scheme in which commissioned affiliates are attempting to earn more from the security companies by tricking more users to visit their websites.<\/p>\n<p>For users in the US, most of the advertisements we\u2019ve seen are for Norton and McAfee, however we were also redirected to an advertisement for the Honey shopping coupon extension.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-08.png\" alt=\"Figure 8. Honey Chrome extension\"><figcaption>Figure 8. Honey Chrome extension<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>Users outside the US were targeted with more diverse ads. While security software still comprised most of the advertisements, ads for online dating and sexual performance enhancing drugs were also shown.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-09.png\" alt=\"Figure 9. An enhancement drug advertisement served for users from Asia\"><figcaption>Figure 9. An enhancement drug advertisement served for users from Asia<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><b>The infection chain<\/b><\/p>\n<p>The following graphic below summarizes this attack\u2019s infection chain:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/g\/notification-spam\/notification-spam-10a.png\" alt=\"Figure 10. Infection chain\"><figcaption>Figure 10. Infection chain<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"40.222288085359\">\n<div readability=\"26.487848251334\">\n<p>This is the whole redirection chain from the doorway pages, to the BNS sites, and to the final advertisements. It is interesting to note the advertisements also seem to be specifically created for this recent spam campaign, as most of the domains were registered within the last few months.<\/p>\n<p><b>What users should do<\/b><\/p>\n<p>As this spam situation appears to be ongoing, we have notified McAfee and Norton of the potential abuse. Google is also <a href=\"https:\/\/blog.chromium.org\/2020\/05\/protecting-chrome-users-from-abusive.html\">cracking down on<\/a> the abuse of the browser notification feature, specifically wanting to stop notifications that \u201cmislead users, phish for private information or promote malware.\u201d<\/p>\n<p>It\u2019s quite possible that victims could go through this redirect process without knowing they had been swindled. This is particularly true if the user actually had a McAfee or Norton 360 subscription that had lapsed. Users can avoid this or similar spam attacks by following these recommendations:<\/p>\n<ol>\n<li>Avoid visiting untrusted websites. Instead, users should find streaming content or topics that match their interests from reputable websites to minimize the risk that they have been compromised for this spam.<\/li>\n<li>Users should be wary of accepting browser notifications in general. If those are not allowed, this spam and others like it cannot move forward. Google shares a <a href=\"https:\/\/support.google.com\/chrome\/answer\/3220216?co=GENIE.Platform%3DDesktop&amp;hl=en\">helpful tutorial<\/a> for disabling these in Chrome.<\/li>\n<li>Pop-up blockers are a great way to limit this type of browser redirect. Users who do get a pop-up that interests them should go directly to the recommended website rather than clicking on the ad.<\/li>\n<\/ol>\n<p>Trend Micro\u2019s consumer products can also block traffic to the browser notification sites and prevent these aggressive ads from pestering and tricking users.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/g\/browser-notification-spam-tricks-clicks-for-ad-revenue.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As many countries reintroduced lockdowns and restrictions, more people are once again stuck at home. Not only are people possibly bored at home, but many major sporting events are taking place. This brings fans to streaming sites to watch the games and inadvertently becoming victims of a major click fraud campaign. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42104,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9534,9536,9535],"class_list":["post-42103","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-latest-news","tag-trend-micro-research-privacyrisks","tag-trend-micro-research-web"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-02T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1146\" \/>\n\t<meta property=\"og:image:height\" content=\"834\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher\",\"datePublished\":\"2021-08-02T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/\"},\"wordCount\":1193,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Latest News\",\"Trend Micro Research : Privacy&amp;Risks\",\"Trend Micro Research : Web\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/\",\"name\":\"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png\",\"datePublished\":\"2021-08-02T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png\",\"width\":1146,\"height\":834},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/","og_locale":"en_US","og_type":"article","og_title":"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-08-02T00:00:00+00:00","og_image":[{"width":1146,"height":834,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher","datePublished":"2021-08-02T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/"},"wordCount":1193,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Latest News","Trend Micro Research : Privacy&amp;Risks","Trend Micro Research : Web"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/","url":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/","name":"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png","datePublished":"2021-08-02T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher.png","width":1146,"height":834},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/browser-notification-spam-tricks-clicks-for-ad-revenue-threat-researcher\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Browser Notification Spam Tricks Clicks for Ad Revenue Threat Researcher"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42103"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42103\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42104"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}