Our crawler requests Aliexpress.com on a virtual computer running the Viraltube toolbar. Viraltube creates an invisible IFRAME (CSS style of display:none, flagged in blue highlighting below) which IFRAME's stat.php which redirects to Marketplaceguru. Then Marketplaceguru redirects to the CJ click link with ID 4202588 and back to Aliexpress.
Users see nothing notable on screen. But the invisible IFRAMEs shares cookies with the user's actual browser window. Thus, if the user makes a purchase from Aliexpress, this affiliate 5326280 gets paid a commission -- even though this affiliate did nothing to facilitate the transaction.
If Aliexpress or CJ review server logs, they will see traffic purportedly coming from Marketplaceguru (HTTP Referer header flagged in blue below). But in fact traffic comes from the Viraltube toolbar. That's traffic laundering -- misrepresenting traffic origin.
Violations: Lead stealing, adware, invisibility (two levels of CSS display:none), forced click, traffic laundering.
GET http://tags.toolbarsmedia.com/publishers_tags/gpygo_en_50x24_toolbar_js.php HTTP/1.1
Accept: */*
Referer: http://storage.conduit.com/9/315/CT3150609/BrowserFiles/a3e2f2fe-94a7-417a-81e3-b3d80c4ab1d0.html
Accept-Language: en-us
User-Agent: ...
Accept-Encoding: gzip, deflate
Host: tags.toolbarsmedia.com
Proxy-Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Mon, 26 Nov 2012 05:40:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
X-Powered-By: PHP/5.3.5-1ubuntu7.2
Connection: Close
Proxy-Connection: Close
document.write('<iframe id="ifrm_preview" src="http://tags.toolbarsmedia.com/static_tags/137.html#p1=2483&p2=babylon_new_toolbar_dynamic_tag_20p" border="0" scrolling="no" width="50px" height="24px" frameborder="0"></iframe>');
document.write('<iframe id="tbm_stat" src="http://tags1.ads-srv.com/track/stat.html#mid=48&ppid=233" style="display:none"></iframe>');
document.write('<iframe id="tbm_stat_target" src="http://tags2.ads-srv.com/track/stat_target.html#mid=48" style="display:none"></iframe>');
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-17527536-43']);
_gaq.push(['_setDomainName', 'none']);
_gaq.push(['_setAllowLinker', true]);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
GET http://tags1.ads-srv.com/track/stat.html HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://storage.conduit.com/9/315/CT3150609/BrowserFiles/a3e2f2fe-94a7-417a-81e3-b3d80c4ab1d0.html
Accept-Language: en-us
User-Agent: ...
Accept-Encoding: gzip, deflate
Host: tags1.ads-srv.com
Proxy-Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx/1.2.1
Date: Mon, 26 Nov 2012 05:38:25 GMT
Content-Type: text/html
Last-Modified: Wed, 21 Dec 2011 15:08:36 GMT
Transfer-Encoding: chunked
Content-Encoding: gzip
Connection: Close
Proxy-Connection: Close
[gzip'ed response undecodeable]
GET http://tags1.ads-srv.com/track/stat.php?mid=48&ppid=233&s=s&url=+TNa9aHR0cDovL3d3dy5hbGlleHByZXNzLmNvbS9wcm9kdWN0cy9naWZ0LWJhZ3MtcHJpbnRzLWN1c3RvbS5odG1sHGKah&tdata=mYunOOvES2 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://tags1.ads-srv.com/track/stat.html
Accept-Language: en-us
User-Agent: ...
Accept-Encoding: gzip, deflate
Host: tags1.ads-srv.com
Proxy-Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.2.1
Date: Mon, 26 Nov 2012 05:38:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
X-Powered-By: PHP/5.3.2-1ubuntu4.7ppa5~lucid1
Set-Cookie: m_13818_2012-11-26_00=1; expires=Tue, 27-Nov-2012 05:38:33 GMT; path=/; domain=.ads-srv.com
Set-Cookie: m_13818_2012-11-26_00=1; expires=Tue, 27-Nov-2012 05:38:33 GMT; path=/; domain=.right-ads.com
location: http://marketplaceguru.com/srv/index.php?mid=48&pid=13818&uid=
Connection: Close
Proxy-Connection: Close
GET http://marketplaceguru.com/srv/index.php?mid=48&pid=13818&uid= HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://tags1.ads-srv.com/track/stat.html
Accept-Language: en-us
User-Agent: ...
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: marketplaceguru.com
HTTP/1.1 200 OK
Date: Mon, 26 Nov 2012 05:38:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=qmjhk7k0egs0a0ttsssjrv8577; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 168
Content-Type: text/html; charset=utf-8
Connection: Close
Proxy-Connection: Close
<script type="text/javascript" language="javascript">
window.location = 'http://www.anrdoezrs.net/click-4202588-10790169';
</script>
GET http://www.anrdoezrs.net/click-4202588-10790169 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://marketplaceguru.com/srv/index.php?mid=48&pid=13818&uid=
Accept-Language: en-us
User-Agent: ...
Accept-Encoding: gzip, deflate
Host: www.anrdoezrs.net
Proxy-Connection: Keep-Alive
HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.anrdoezrs.net/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Nov 2012 05:38:38 GMT
Location: http://www.apmebf.com/et105y1A9S/18D/RQXZQRWZ/USQSVYY/Q/Q/Q?h=g<<0CC8%3A%2F%2FFFF.t6Aw7xIAB.6xC%3ARJ%2Fv41v3-NLJLORR-KJQSJKPS<<Z<0CC8%3A%2F%2F5tA3xC84tvxzDAD.v75%2FBAE%2F16wxG.808%3F51w%3DNR%2681w%3DKMRKR%26D1w%3D<
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 26 Nov 2012 05:38:38 GMT
Connection: Close
Proxy-Connection: Close
<html>
<head><meta http-equiv="redirect" content="http://www.apmebf.com/et105y1A9S/18D/RQXZQRWZ/USQSVYY/Q/Q/Q?h=g<<0CC8%3A%2F%2FFFF.t6Aw7xIAB.6xC%3ARJ%2Fv41v3-NLJLORR-KJQSJKPS<<Z<0CC8%3A%2F%2F5tA3xC84tvxzDAD.v75%2FBAE%2F16wxG.808%3F51w%3DNR%2681w%3DKMRKR%26D1w%3D<"></head>
<body>The URL has moved <a href="http://www.apmebf.com/et105y1A9S/18D/RQXZQRWZ/USQSVYY/Q/Q/Q?h=g<<0CC8%3A%2F%2FFFF.t6Aw7xIAB.6xC%3ARJ%2Fv41v3-NLJLORR-KJQSJKPS<<Z<0CC8%3A%2F%2F5tA3xC84tvxzDAD.v75%2FBAE%2F16wxG.808%3F51w%3DNR%2681w%3DKMRKR%26D1w%3D<">here</a></body></html>
GET http://www.apmebf.com/et105y1A9S/18D/RQXZQRWZ/USQSVYY/Q/Q/Q?h=g<<0CC8%3A%2F%2FFFF.t6Aw7xIAB.6xC%3ARJ%2Fv41v3-NLJLORR-KJQSJKPS<<Z<0CC8%3A%2F%2F5tA3xC84tvxzDAD.v75%2FBAE%2F16wxG.808%3F51w%3DNR%2681w%3DKMRKR%26D1w%3D< HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://marketplaceguru.com/srv/index.php?mid=48&pid=13818&uid=
Accept-Language: en-us
User-Agent: ...
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.apmebf.com
HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.apmebf.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Nov 2012 05:38:38 GMT
Location: http://www.emjcd.com/4p122lnwvF/nuz/CBIKBCHK/FDBDGJJ/B/l4Co5mGACIEEEDCGBGACEGEKBJECJEGFA34/JIEplDKqEIJmCCpDJEGIJFJqHKJEplnE?o=i<qx2!Aorv-662sNLE<v773%3A%2F%2FAAA.o15r2sD56.1s7%3AME%2Fqzwqy-IGEGJMM-FELNEFKN<<U<v773%3A%2F%2F0o5ys73zoqsu858.q20%2F659%2Fw1rsB.3v3%3F0wr%3DIM%263wr%3DFHMFM%268wr%3D<
Set-Cookie: S=au1dvb5-1733321505-1353908318354-tu; domain=.apmebf.com; path=/; expires=Sat, 25-Nov-2017 05:38:38 GMT
Set-Cookie: LCLK=cjo!wadh-ssoe970; domain=.apmebf.com; path=/; expires=Sat, 25-Nov-2017 05:38:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 26 Nov 2012 05:38:38 GMT
Connection: Close
Proxy-Connection: Close
<html>
<head><meta http-equiv="redirect" content="http://www.emjcd.com/4p122lnwvF/nuz/CBIKBCHK/FDBDGJJ/B/l4Co5mGACIEEEDCGBGACEGEKBJECJEGFA34/JIEplDKqEIJmCCpDJEGIJFJqHKJEplnE?o=i<qx2!Aorv-662sNLE<v773%3A%2F%2FAAA.o15r2sD56.1s7%3AME%2Fqzwqy-IGEGJMM-FELNEFKN<<U<v773%3A%2F%2F0o5ys73zoqsu858.q20%2F659%2Fw1rsB.3v3%3F0wr%3DIM%263wr%3DFHMFM%268wr%3D<"></head>
<body>The URL has moved <a href="http://www.emjcd.com/4p122lnwvF/nuz/CBIKBCHK/FDBDGJJ/B/l4Co5mGACIEEEDCGBGACEGEKBJECJEGFA34/JIEplDKqEIJmCCpDJEGIJFJqHKJEplnE?o=i<qx2!Aorv-662sNLE<v773%3A%2F%2FAAA.o15r2sD56.1s7%3AME%2Fqzwqy-IGEGJMM-FELNEFKN<<U<v773%3A%2F%2F0o5ys73zoqsu858.q20%2F659%2Fw1rsB.3v3%3F0wr%3DIM%263wr%3DFHMFM%268wr%3D<">here</a></body></html>
GET http://www.emjcd.com/4p122lnwvF/nuz/CBIKBCHK/FDBDGJJ/B/l4Co5mGACIEEEDCGBGACEGEKBJECJEGFA34/JIEplDKqEIJmCCpDJEGIJFJqHKJEplnE?o=i<qx2!Aorv-662sNLE<v773%3A%2F%2FAAA.o15r2sD56.1s7%3AME%2Fqzwqy-IGEGJMM-FELNEFKN<<U<v773%3A%2F%2F0o5ys73zoqsu858.q20%2F659%2Fw1rsB.3v3%3F0wr%3DIM%263wr%3DFHMFM%268wr%3D< HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://marketplaceguru.com/srv/index.php?mid=48&pid=13818&uid=
Accept-Language: en-us
User-Agent: ...
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.emjcd.com
HTTP/1.1 302 Found
Server: Resin/3.1.8
P3P: policyref="http://www.emjcd.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Nov 2012 05:38:38 GMT
Location: http://s.click.aliexpress.com/target_a.htm?src=ale&af=cj_4202588&cv=10790169&cn=&tp1=&tp2=&uri=http://www.aliexpress.com/home3.html&PID=4202588
Set-Cookie: LCLK=cjo!wadh-ssoe970; domain=.emjcd.com; path=/; expires=Sat, 25-Nov-2017 05:38:38 GMT
Set-Cookie: S=au1dvb5-1733321505-1353908318354-tu; domain=.emjcd.com; path=/; expires=Sat, 25-Nov-2017 05:38:38 GMT
Set-Cookie: PBLP=1506437:4202588:1353908318481:cjo; domain=.emjcd.com; path=/; expires=Sat, 25-Nov-2017 05:38:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 26 Nov 2012 05:38:38 GMT
Connection: Close
Proxy-Connection: Close
<html>
<head><meta http-equiv="redirect" content="http://s.click.aliexpress.com/target_a.htm?src=ale&af=cj_4202588&cv=10790169&cn=&tp1=&tp2=&uri=http://www.aliexpress.com/home3.html&PID=4202588"></head>
<body>The URL has moved <a href="http://s.click.aliexpress.com/target_a.htm?src=ale&af=cj_4202588&cv=10790169&cn=&tp1=&tp2=&uri=http://www.aliexpress.com/home3.html&PID=4202588">here</a></body></html>