H9twire.com, Newmdi, LinkShare affiliate F5lBUiZGJtA typosquatting on Hotwire

Twenty Oft-Found Commission Junction and LinkShare Affiliate Violations - Wesley Brandi and Ben Edelman

Our crawler requests H9twire.com, a clear typographic error of Hotwire. (On a standard US keyboard, the "9" key is diagonally adjacent to the "o" key.)

H9twire redirects to Newmdi, then to the LinkShare click link with affiliate ID F5lBUiZGJtA, then to Hotwire. The screenshots at the bottom of the page show on-screen displays as the browser followed the redirects.

The user ends up where he expected, and may not notice that anything was wrong. But Hotwire has to pay an affiliate fee for this traffic. Meanwhile, were it not for this affiliate's action, a standard web browser would have offered a simple link to Hotwire at no charge to Hotwire.

H9twire is a typosquatting domain within the meaning of ACPA and UDRP. If Hotwire were to challenge this domain, it could recover statutory damages (ACPA) as well as the domain itself (under both ACPA and UDRP).

Violations: Forced click, typosquatting

 

Packet log

GET http://h9twire.com/ ...
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC2; chromeframe/10.0.648.204)
Host: h9twire.com
Proxy-Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Sun, 16 Dec 2012 17:19:49 GMT
Server: Apache/1.3.37 (Unix) PHP/5.1.6 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a
X-Powered-By: PHP/5.1.6
Content-Type: text/html
Connection: Close
Proxy-Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>h9twire.com - h9twire Sale</title>
<meta name="keywords" content="h9twire.com, h9twire">
<meta name="description" content="Information about sales on h9twire.com. If you are looking for Hotwire Travel then please visit www.Hotwire.com.">
</head>
<body>
<!-- BEGIN NewMDi PCode -->
<script type="text/javascript">
var dc=document;
var fr='width="100%" height="100%" scrolling="auto" frameborder="0">';
dc.write('<ifra'+'me src="http://newmdi.com/newmd.php?id=FFINDgpAFltHVE9RXVRCUw1aQwdFRXcDD11QDFwHGwBdWxYWDlcNW1ZaT15bVw9FSVZUEFZIGQEMWRwCSklXClwZUwpaVwoNXFVcdAdVJmNZYnYoRXATDQVSVhZQAAhWAgcJVh0FUQIFAVAHAh0QT0BdDFEVQkIAClAOXB8AQF5FQUdIe1sVRVxDBBxRVgkQRAVjJ3UXUxFeADo3OTk3MGU4Yg.." '+fr)
dc.write('</ifra'+'me>')
</script>
<noscript>
<table>
<tr>
<td><h2>h9twire.com</h2></td><td align="right"><h2>h9twire</h2></td>
</tr>
<tr>
<td colspan="2" align="center">If you are looking for Hotwire Travel then please visit www.Hotwire.com.</td>
</tr>
</table>
</noscript>
<!-- END NewMDi PCode -->
</body>
</html>

 

GET http://newmdi.com/newmd.php?id=FFINDgpAFltHVE9RXVRCUw1aQwdFRXcDD11QDFwHGwBdWxYWDlcNW1ZaT15bVw9FSVZUEFZIGQEMWRwCSklXClwZUwpaVwoNXFVcdAdVJmNZYnYoRXATDQVSVhZQAAhWAgcJVh0FUQIFAVAHAh0QT0BdDFEVQkIAClAOXB8AQF5FQUdIe1sVRVxDBBxRVgkQRAVjJ3UXUxFeADo3OTk3MGU4Yg.. ...
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: http://h9twire.com/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC2; chromeframe/10.0.648.204)
Proxy-Connection: Keep-Alive
Host: newmdi.com

HTTP/1.1 200 OK
Date: Sun, 16 Dec 2012 17:19:44 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_bwlimited/1.4
Content-Type: text/html
Connection: Close
Proxy-Connection: Close

<html>
<head>
<title>Redirect</title>
</head>
<body>
<script type="text/javascript">
<!--
url = "/serv_redir.php?id=http%3A%2F%2Fclick.linksynergy.com%2Ffs-bin%2Fclick%3Fid%3DF5lBUiZGJtA%26offerid%3D50190.10000150%26type%3D3%26subid%3D8";
//-->
</script>
<script type="text/javascript" src="/static/js/redir_newmd.js">
</script>
</body>
</html>

 

(from redir_newmd.js)

if (url != null) { top.location=url; }

 

GET http://newmdi.com/serv_redir.php?id=http%3A%2F%2Fclick.linksynergy.com%2Ffs-bin%2Fclick%3Fid%3DF5lBUiZGJtA%26offerid%3D50190.10000150%26type%3D3%26subid%3D8 ...
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC2; chromeframe/10.0.648.204)
Host: newmdi.com
Proxy-Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily
Date: Sun, 16 Dec 2012 17:19:45 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_bwlimited/1.4
Location: /last_redir.php?id=http%3A%2F%2Fclick.linksynergy.com%2Ffs-bin%2Fclick%3Fid%3DF5lBUiZGJtA%26offerid%3D50190.10000150%26type%3D3%26subid%3D8
Content-Length: 0
Keep-Alive: timeout=5, max=99
Content-Type: text/html
Connection: Keep-Alive
Proxy-Connection: Keep-Alive

 

GET http://newmdi.com/last_redir.php?id=http%3A%2F%2Fclick.linksynergy.com%2Ffs-bin%2Fclick%3Fid%3DF5lBUiZGJtA%26offerid%3D50190.10000150%26type%3D3%26subid%3D8 ...
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC2; chromeframe/10.0.648.204)
Host: newmdi.com
Proxy-Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Sun, 16 Dec 2012 17:19:45 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_bwlimited/1.4
Content-Type: text/html
Connection: Close
Proxy-Connection: Close

<html>
<head>
<title>Redirect</title>
</head>
<body>
<script type="text/javascript">
url = 'http://click.linksynergy.com/fs-bin/click?id=F5lBUiZGJtA&offerid=50190.10000150&type=3&subid=8';

if (url != null)
{
top.location=url;
}
</script>
</body>
</html>

 

GET http://click.linksynergy.com/fs-bin/click?id=F5lBUiZGJtA&offerid=50190.10000150&type=3&subid=8 ...
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SLCC2; chromeframe/10.0.648.204)
Host: click.linksynergy.com
Proxy-Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: lsn_statp=5BU1%2FSsAAADfSZmYfRcWQQ%3D%3D; Domain=.linksynergy.com; Expires=Sat, 11-Dec-2032 17:19:51 GMT; Path=/
Set-Cookie: lsn_qstring=F5lBUiZGJtA%3A215953%3A; Domain=.linksynergy.com; Expires=Mon, 17-Dec-2012 17:19:51 GMT; Path=/
Set-Cookie: lsn_track=UmFuZG9tSVbiEU4wDm7AyPIpwNiX%2FgqsowLnSMtnG8TbvBis5hjCJM5m9K1GWwFkFR1TzgrvMPxCVMzi23qDwg%3D%3D; Domain=.linksynergy.com; Expires=Wed, 14-Dec-2022 17:19:51 GMT; Path=/
Set-Cookie: lsclick_mid2043="2012-12-16 17:19:51.947|F5lBUiZGJtA-bZaL31JL1qh0oE9Pf9rFzA"; Domain=.linksynergy.com; Expires=Tue, 16-Dec-2014 17:19:51 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa OUR BUS STA"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Date: Sun, 16 Dec 2012 17:19:51 GMT
Cache-Control: no-cache
Pragma: no-cache
Location: http://www.hotwire.com/?siteID=F5lBUiZGJtA-bZaL31JL1qh0oE9Pf9rFzA
Content-Length: 0
nnCoection: close
Connection: Keep-Alive
Proxy-Connection: Keep-Alive

Screenshots