Forum Moderators: DixonJones
The domains, while originating in that IP block, are not included in the APNIC domain registry. These "companies" all seem to belong to a particular cartel located in China, B.C. Canada, and Tennessee, going by the names of "T.D.Y." or "D.T.Y.", according to whois info. Most of them use dns1-5.name-services.com for their nameservers.
When these domains show up in our logs as referrers, they are typically just the domain name, no subdirectory or page. Of course, there are no links to our sites from these domains, which are all either click exchange-type sites or some form of pornography.
The sites all use two types of search mechanisms on their home page: "Mr. Wordsmith" and "Surfcorp".
The requests made by these "domains" are usually messed up, with our domain repeated:
i.e. "www.domain.comhttp://www.domain.com"
or using a query drawn partially from the syntax we use (Swish-E) on our sites for local searches of our content:
i.e. "http://www.99xw.com/search.html?clgid=&source=&swishindex=swishcd.idx&details=yes&keywords=Toons"
In the last example, the bogus domain is 99xw.com. Everything after .com/ is our syntax (minus our tracking codes) as if the search had been done from our domain.
The domains in yesterday's log are:
usatrafficshop.com, pfonts.com, aosun.net, givemenotes.com, gofortraffic.com, trafficforyou.com, eee888.com, adscpmpay.com, clickxchange.us, gordonsgold.com, icoolbar.com, ****adulthost.net, 99xw.com, free-online-dating-services.com, kotoo.com, cruzio.com, webhhitshosting.com, hanyhost.com, sexbaby.us, and getpaidtotakesurveys.biz.
My questions are:
1) Is anyone else experiencing these bogus referrers?
2) What is their purpose? They don't ask for much, usually the root domain, a bad address or an address with messed up syntax.
I can definitely block any request from an APNIC IP, but I'm wondering what's going on before I do so.
Any illumination is more than welcomed. Thanks!
It looks like "T.D.Y." may be gaming their system by generating robot-type clicks to get them paid. It probably doesn't matter that the target addresses are bad, just that there is a click to count.
Think I should notify Surfcorp? (like I care..hehe)
I still think these may have to do with people ripping off Surfcorp, however I think it's a pretty adept attempt. I am thinking that these are forged referrers coming from a program that is directly connected to a fraudulent billing system to accrue clicks for the operators of these sites. I still don't know why they picked us as the target of these bogus clicks, but clicks-in from these domain are dominating our statistics.
My concern at this point is that, since I don't understand why or how these guys are doing this, that there may be some hidden penalty my company will pay in Google, et al. for "linking" to these porn/game/hack/scumware sites...even though they don't actually link to us.
Anybody?
