1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange use of trackingpixel & AdWords? Help needed!

Discussion in 'Cloaking and Content Generators' started by JRMan, Nov 21, 2012.

  1. JRMan

    JRMan Newbie

    Joined:
    Nov 21, 2012
    Messages:
    3
    Likes Received:
    0
    Hi all,

    First, I'm pretty new to this, so forgive me my ignorance but there's something I really don't understand.
    I don't know if I'm posting this to the right place, but it's related to AdWords too, and I couldn't find anywhere else to post it.
    *Admins: if it's in the wrong place, feel free to move my post to where it truly belongs, thanks.

    Well..

    We have a running affiliate program, and lately I got a suspicious affiliate. He's using Google AdWords to advertise and makes his ads look like "official" ones. The problem is, that he's using our brand keywords, and it's clearly stated in the policy that it's strictly prohibited.

    However, the twist comes after this: I have noticed that this affiliate might have other affiliate accounts with our company and he even has fake affiliate ID's. What does that mean? Example: I go to a UK VPN and check google.co.uk for one of our "prohibited" keywords. Affiliate's ad comes right up. I click it. It redirects me to our website with his affiliate link.
    I go back to google.co.uk, enter the keyword again, get the ad again and click on it.
    After this, I get redirected to our website with a _fake_ affiliate ID (checked in our system, it doesn't exist).

    So right after clicking the Ad, the adwords link redirects to an adserver, which has 4 possible forwarding options. 3 fake affiliate ID links and one real. At this point it somehow reads data from my browser which is not a previously set cookie. (Could it be cache?)

    As far as I got it, this method is used to distract our attention from his "real" account, he's reading user data somehow, and if the script finds a customer "worthless" (since they have a cookie or whatever which is linking them to another affiliate) then he redirects them to a false Affiliate ID, to hide his prohibited activity. (Imagine if we would see that he refers e.g. 10K uniques daily with the same referer url, we'd instantly suspend his account due to advertising with prohibited keywords) Now he's paying for the misleading ads as well, while he's making thousands per week with the real one.

    Now the thing I'd like to know is this: how's he doing this?

    What I recognized: he's using a trackingpixel. But how can he read that I have visited the website and got the aff. ID cookie or not? Sometimes it only works from Safari, Mozilla is completely cookie and cacheless, while I'm using a VPN through a virtual machine, but I can only get the false ads..

    Please help me out with this. I only want to understand the method, since I am not fully aware of it. The affiliate partner is getting his money.. Not.
    Thanks in advance.
     
  2. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    833
    Likes Received:
    864
    How you know that he is using tracking pixel ? Anyway, he can easily recognize your visit if is smart to place you a flash cookie or something like this
    Code:
    http://samy.**/evercookie/
    , or he know how to make footprint of your browser

    Code:
    https://panopticlick.eff.org/
    or to calculate total unique footprint or hash of your system including parameters like IP, host, user-agent, referrer etc etc...

    Basically, you should try to check him form another location and another computer.
     
  3. Dumper

    Dumper Supreme Member

    Joined:
    Mar 20, 2009
    Messages:
    1,412
    Likes Received:
    497
    Location:
    Perdido Key
    Definitely subscribing lol... Good luck!
     
  4. JRMan

    JRMan Newbie

    Joined:
    Nov 21, 2012
    Messages:
    3
    Likes Received:
    0
    Thanks TZ2011, I have tried it from several VPN-s all around the globe and even through a virtual machine (and using the VPN from that host as well), but still no success. The evercookie might be the stuff, since I read that using private browsing and Safari could erase evercookie, what no other browsers could so far. I experienced the same effect, when using safari with private browsing and and after deleting all the LSO-cookie-usual things, I could get to the desired affiliate link. No other methods worked so far. Footprint is a no-go here, since I regularly change the sys language, time zone, faking the browser's user agent, even the resolution sometimes, etc.. Thanks for the info again, cheers.

    *edit: I have found the trackingpixel on one of his redirecting adservers, even in the html code, it is there, no doubt.
     
    Last edited: Nov 27, 2012
  5. qcp860

    qcp860 Jr. VIP Jr. VIP

    Joined:
    Dec 16, 2008
    Messages:
    256
    Likes Received:
    82
    Gender:
    Male
    Occupation:
    marketing
    Location:
    PA
    Home Page:
    There is almost always a footprint. Especially if you suspect that the person is successfully gaming you. There is a footprint. Follow TZ2011's advice and use a different computer from a different location. Ideally a location far enough away from where you are now (drive 20-30 miles should be more than sufficient). Using another machine is important as well since even with a VM most people forget to assign the VM to another mac address. If you don't change locations then that itself is a footprint.
     
    • Thanks Thanks x 1
  6. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    833
    Likes Received:
    864
    There is many ways to hide what is doing. Just from top of the head few ideas:
    - he is using percent of the allowed redirects, like 3 or 5 % you will get one code, 95 % - 97 % visitor will get other page ("safe" page).
    - He is using buffer domain - access to Page B would be accessible "on the right way" only if referrer is coming from Page A, in all other cases visitors would be redirected somewhere else
    - he is using script for recognizing proxies, known data centers and vpn providers and redirecting them how he wants where he wants.
    - he use script that can recognize search queries that you use to get to his pages. Its easy to recognize direct search, search with colon (site:domain.com) etc and to redirect them somewhere.

    There is more stuff behind but not so good idea to write everything on public forum. You should hang out on forums like isdark, wpbh etc to get some base.
     
    • Thanks Thanks x 1
  7. JRMan

    JRMan Newbie

    Joined:
    Nov 21, 2012
    Messages:
    3
    Likes Received:
    0
    mrblackjack: thanks man, but unfortunately I can not send PM-s until I reach 15 posts, so maybe you could share some info if YOU private me :) (if it's possible). I'm pretty sure that it's not a cookie though, as I have mentioned it several times before.
    Anyway, thanks for all who tried to help me with this.
    Cheers
     
  8. Jenny30

    Jenny30 Regular Member

    Joined:
    Feb 2, 2012
    Messages:
    478
    Likes Received:
    32
    He must have subscribed or he might have a footprint of your browser, that's the reason he gets to know every time.