Hi there everyone,

I currently am taking a less than healthy interest in referers and stuff, as I'm toying with a bot blocking script. I've been monitoring the referers on one of my sites while I play with it, and I found an interesting link in there tonight:

http: / / tinyurl . com / 2qul3c

Remove the spaces if you want to use it.

Basically and at first glance, it simply forwards you to the thinkgeek site to buy a USB controlled rocket launcher.

What bothers me is the path that it takes to get you there.

First stop: DPBOLVW.NET(whois record) Note the keywords in the SEO browser
Second: APMEBF.COM(whois record) Again, note the SEO browser
Third: QKSRV.NET (no whois record available from my normal source)

Although I disabled meta redirects via Firefox dev extension, the progression still occurs, and I still end up at the ThinkGeek page, with a handy referer attached to the URL for CJ(remember the SEO browser data?).

So he's making referals, but what else is going on when being redirected? Anybody know of another way that I can force the pageload to stop at each point?

I did manage to cause a timeout by manually disrupting the connection mid-stream, and ended up with this URL:

http: // www. qksrv . net/2e106hz76R/z5A/ONQSTQPR/PTPVPSW/N/OELKy48MSNWUUSPWUMOOWOO WTUUPRUQMSW/N?u=gDA4%3D0CC8%25MT%25LY%25LYFFF.C0163zxx3.v75% 25LYzxx3C7HB%25LYFtAytAx%25LYRtJy%25LY%25MYAxy%25MWv%3cv27!C5Bu- 925Mx3y%3c0CC8%3A%2F%2FFFF.w8u74EF.6xC%3ARJRJ%2Fx5t14-LPLRLOS- KJMOPMLN%3c%3cZ%3c%3c

but that didn't help me much 🙂

It seems be quite a busy bot. Check the 15,000 + results in Google. I even found clueless bloggers that found the link and decided to write about how cool a USB controlled rocket is.

I just want to try to find out what's going on in the page loads between tinyURL and thinkgeek.

thanks,
json

    For one thing, there's nothing to see at each of the hops. A 301 redirect is just that. There's no sense in stopping there to see the redirect page because there is no content of the page - it's just a header that says, "301 Redirect".

    Second, you can study the path (and the redirect URL's) by going to a Unix command prompt and typing:
    wget http://tinyurl.com/2qul3c

    A similar, and more precise, technique is to telnet to port 80. In this manner, you relay your request to the web server and you can see every single byte that comes in from the server. Since this isn't a web browser, it will simply report the 301 redirect, not actually DO it (because it doesn't know how to DO anything). To "follow" a redirect, you simply telnet to port 80 on that redirect URL. This way, you are performing all the tasks of a web browser and you can examine every byte.

    As to your original question, I can think of not one single reason why anyone would intentionally build a 4 step redirect. If they wanted to "track" anything about the visitor, it could be done simply by directing them first to a PHP script, and then directly to the final destination.

      On a quick search on Google, there are an enormous number of web sites that contain that URL. I suspect that someone is hoping that if even one in a million people who click the link actually buy the toy, they might make some big bucks? Maybe?

      Maybe the 4 redirects are to conceal the identity of the actual affiliate? (Since you don't know whether the money is going to the owner of link #2 or link #3 ? Maybe?

        Hi there etully, and thanks very much for your reply.

        I had written thinkgeek last night, and they responded today. They were appalled, simply appalled(😉) at the actions of the individual and stated that they were canceling his affiliate account. They do not support that kind of spam(their statement, not mine).

        I understand that redirects are just that, but I've written code with actual HTML in the body along with the redirect. I just couldn't see any other reason for all of the redirects.

        I wrote the contact for the domain to let him know the exciting news. I'll post if I get anything funny back.

        thanks,
        json

          Write a Reply...