Packet Log - How Yahoo Funds Spyware

PPC advertisers (i.e. Dell)
money

viewers
Yahoo Overture
money

viewers
InfoSpace
money

viewers
Direct Revenue

Packet Log - How Yahoo Funds Spyware - Via Direct Revenue
Ben Edelman

This page gives a packet log of example traffic passing from Direct Revenue to InfoSpace to Yahoo Overture to a Yahoo Overture advertiser (here, Dell), as shown in the diagram at right. Such traffic may be considered ill-gotten to the extent that the underlying installation of Direct Revenue was nonconsensual or obfuscated. Furthermore, to the extent that Dell already had such traffic (e.g. users were already at Dell.com), paying for this traffic is of dubious business benefit. See discussion in main article.

In each step of transmissions, yellow highlighting marks redirect instructions, while green highlighting marks the next redirect step.

Direct Revenue Search Page Redirects to InfoSpace

GET /c/click.php?c=48685&s=5261&r=http://msxml.infospace.com/_1_B2HUEF099WI63__dirrev.feed.pu1/clickit/search?r_aid=6AF56C6710A5419EA366ADC9C4338670&r_sacop=1&r_spf=1&r_cop=title&r_snpp=0&r_spp=1&qqn=UCQSe913dCHU!&r_coid=239134&rawto=http://www10.overture.com/d/sr/?xargs=15KPjg1KFSqIK9k7PyMPiIRvydng9SwMTqpYgqTcg5AYELrC5zAr8idcfxq%5FFnEa95v02QwoHtiLIVWPv5n%5FOfEAjy5WK6G%2DD%5F3YnDpboIQtjSTNIz5NeU992K2tkMKXxyFhbS8eOLx6qZNdWNQBgPzb83vkLHuKx7wru3zPIcFsHN2yZ%2DnTzUIdQwiMJV6fcnC65ODfVUYZzai1akT88flZggzqm7en9ScXjh%2DyxZ%5Fe6xdBNPlObSJtJJ1uujldyNa%2Db%2D6JwdfkaW9vIwoC4a9U%2DYy4w%5FjEnX1wtqBG0%5FH%5FO%5FdmnQiQ0mqLiO9YarGOxcvzmoTsXeFnjhIzsPcUNyV6roSlXeIxQ14huCBpFQI5D6hheOKriGG1N%5FIV4A7NuyPsAP5QzKzCwtXjfaFc2uzCI6NJRqo2%5FlqhXz80UNipo%5FDcTsSIge7oyDyXPyM3JSvgjdp%5F2gKcrK7kVy7jk9o4l6EqRZlpgj1FpV6SyA1frMrtAZpawXYfb%2DmHJG6f7nJg5rKr%2DWN%5FUaQcc9aiqoD7DxL9Tb10wLVh8PbVrC2Y%5F8zkiD88YzB%2DXO20905AY%2DTzt%2DdQgWsY%5Fkzcv6zDSUeXCt%2Dr2iOfuW2Vz26qIcEDG679kh9E2H%5FtM%2E&yargs=www.dell4me.com HTTP/1.1
Accept: */*
Referer: http://search.offeroptimizer.com/en?c=48685&s=5261&kw=Laptops&cnt=4&kw1=&kw2=&kw3=&kw4=&kw5=&kw6=&t=full.vm&src=is&r=sr&url=&page=1&b=bl_eng&n=us
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {22E43631-0428-0F4A-967D-0F443832898F})
Host: xadsj.offeroptimizer.com
Connection: Keep-Alive
Cookie: url=http://www.dell.com/; ctr=17; acl=1; dly=1-1125451043-11021:2591947:10372:864000:13217:10232:8286:3084:12039:2591899-; fme=1-6187:3:242.386-119036:1:238.250-25168:3:238.252-6542:1:242.387-6460:1:238.223-11139:1:238.222; hst=1-1125451050-0:48685:5261:imp-512:64126:5265:click-520:43727:7453:imp-570:64126:5265:imp; dmg=%13%7E_d%152%08k%22r%7E%24%7Cv%22%7C%7Er%7Dmv%7Bxz%24evo%22%2F--%2C%26%24%7E%7C%22%29.%28%24ls%7B%22%7Cpr%7C%7Elk%24ks%7B%22qzk%24%7Br%7E%22*%2F%29%24orl%7E%22..-%2F%24%7Ck%22%7C%7E%7Dsz%24sl%22rz%7Bvjr%24%7C%7B%22..-*%5B%3BM%3AA%26_; uid={5B316544-FE9D-4769-90BF-4D7BCBCEC8F6}; ron=; ron

HTTP/1.1 302 Found
Server: Resin/2.1.12
Cache-Control: private
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Cache-Control: no-cache
Location: http://msxml.infospace.com/_1_B2HUEF099WI63__dirrev.feed.pu1/clickit/search?r_aid=6AF56C6710A5419EA366ADC9C4338670&r_sacop=1&r_spf=1&r_cop=title&r_snpp=0&r_spp=1&qqn=UCQSe913dCHU!&r_coid=239134&rawto=http://www10.overture.com/d/sr/?xargs=15KPjg1KFSqIK9k7PyMPiIRvydng9SwMTqpYgqTcg5AYELrC5zAr8idcfxq%5FFnEa95v02QwoHtiLIVWPv5n%5FOfEAjy5WK6G%2DD%5F3YnDpboIQtjSTNIz5NeU992K2tkMKXxyFhbS8eOLx6qZNdWNQBgPzb83vkLHuKx7wru3zPIcFsHN2yZ%2DnTzUIdQwiMJV6fcnC65ODfVUYZzai1akT88flZggzqm7en9ScXjh%2DyxZ%5Fe6xdBNPlObSJtJJ1uujldyNa%2Db%2D6JwdfkaW9vIwoC4a9U%2DYy4w%5FjEnX1wtqBG0%5FH%5FO%5FdmnQiQ0mqLiO9YarGOxcvzmoTsXeFnjhIzsPcUNyV6roSlXeIxQ14huCBpFQI5D6hheOKriGG1N%5FIV4A7NuyPsAP5QzKzCwtXjfaFc2uzCI6NJRqo2%5FlqhXz80UNipo%5FDcTsSIge7oyDyXPyM3JSvgjdp%5F2gKcrK7kVy7jk9o4l6EqRZlpgj1FpV6SyA1frMrtAZpawXYfb%2DmHJG6f7nJg5rKr%2DWN%5FUaQcc9aiqoD7DxL9Tb10wLVh8PbVrC2Y%5F8zkiD88YzB%2DXO20905AY%2DTzt%2DdQgWsY%5Fkzcv6zDSUeXCt%2Dr2iOfuW2Vz26qIcEDG679kh9E2H%5FtM%2E&yargs=www.dell4me.com
Set-Cookie: hst=1-1125451072-0:48685:5261:click-22:48685:5261:imp-534:64126:5265:click-542:43727:7453:imp-592:64126:5265:imp ; domain=offeroptimizer.com; path=/; expires=Thu, 31-Aug-2006 01:17:51 GMT
Set-Cookie: uid={5B316544-FE9D-4769-90BF-4D7BCBCEC8F6}; domain=offeroptimizer.com; path=/; expires=Thu, 31-Aug-2006 01:17:51 GMT
Set-Cookie: dmg=%13%7E_d%152%08k%22r%7E%24%7Cv%22%7C%7Er%7Dmv%7Bxz%24evo%22%2F--%2C%26%24%7E%7C%22%29.%28%24ls%7B%22%7Cpr%7C%7Elk%24ks%7B%22qzk%24%7Br%7E%22*%2F%29%24orl%7E%22..-%2F%24%7Ck%22%7C%7E%7Dsz%24sl%22rz%7Bvjr%24%7C%7B%22..-*%5B%3BM%3AA%26_; domain=offeroptimizer.com; path=/; expires=Thu, 31-Aug-2006 01:17:51 GMT
Content-Length: 990
Connection: close
Date: Wed, 31 Aug 2005 01:17:51 GMT

The URL has moved <a href="http://msxml.infospace.com/_1_B2HUEF099WI63__dirrev.feed.pu1/clickit/search?r_aid=6AF56C6710A5419EA366ADC9C4338670&r_sacop=1&r_spf=1&r_cop=title&r_snpp=0&r_spp=1&qqn=UCQSe913dCHU!&r_coid=239134&rawto=http://www10.overture.com/d/sr/?xargs=15KPjg1KFSqIK9k7PyMPiIRvydng9SwMTqpYgqTcg5AYELrC5zAr8idcfxq%5FFnEa95v02QwoHtiLIVWPv5n%5FOfEAjy5WK6G%2DD%5F3YnDpboIQtjSTNIz5NeU992K2tkMKXxyFhbS8eOLx6qZNdWNQBgPzb83vkLHuKx7wru3zPIcFsHN2yZ%2DnTzUIdQwiMJV6fcnC65ODfVUYZzai1akT88flZggzqm7en9ScXjh%2DyxZ%5Fe6xdBNPlObSJtJJ1uujldyNa%2Db%2D6JwdfkaW9vIwoC4a9U%2DYy4w%5FjEnX1wtqBG0%5FH%5FO%5FdmnQiQ0mqLiO9YarGOxcvzmoTsXeFnjhIzsPcUNyV6roSlXeIxQ14huCBpFQI5D6hheOKriGG1N%5FIV4A7NuyPsAP5QzKzCwtXjfaFc2uzCI6NJRqo2%5FlqhXz80UNipo%5FDcTsSIge7oyDyXPyM3JSvgjdp%5F2gKcrK7kVy7jk9o4l6EqRZlpgj1FpV6SyA1frMrtAZpawXYfb%2DmHJG6f7nJg5rKr%2DWN%5FUaQcc9aiqoD7DxL9Tb10wLVh8PbVrC2Y%5F8zkiD88YzB%2DXO20905AY%2DTzt%2DdQgWsY%5Fkzcv6zDSUeXCt%2Dr2iOfuW2Vz26qIcEDG679kh9E2H%5FtM%2E&yargs=www.dell4me.com">here</a>

InfoSpace Redirects to Overture

GET /_1_B2HUEF099WI63__dirrev.feed.pu1/clickit/search?r_aid=6AF56C6710A5419EA366ADC9C4338670&r_sacop=1&r_spf=1&r_cop=title&r_snpp=0&r_spp=1&qqn=UCQSe913dCHU!&r_coid=239134&rawto=http://www10.overture.com/d/sr/?xargs=15KPjg1KFSqIK9k7PyMPiIRvydng9SwMTqpYgqTcg5AYELrC5zAr8idcfxq%5FFnEa95v02QwoHtiLIVWPv5n%5FOfEAjy5WK6G%2DD%5F3YnDpboIQtjSTNIz5NeU992K2tkMKXxyFhbS8eOLx6qZNdWNQBgPzb83vkLHuKx7wru3zPIcFsHN2yZ%2DnTzUIdQwiMJV6fcnC65ODfVUYZzai1akT88flZggzqm7en9ScXjh%2DyxZ%5Fe6xdBNPlObSJtJJ1uujldyNa%2Db%2D6JwdfkaW9vIwoC4a9U%2DYy4w%5FjEnX1wtqBG0%5FH%5FO%5FdmnQiQ0mqLiO9YarGOxcvzmoTsXeFnjhIzsPcUNyV6roSlXeIxQ14huCBpFQI5D6hheOKriGG1N%5FIV4A7NuyPsAP5QzKzCwtXjfaFc2uzCI6NJRqo2%5FlqhXz80UNipo%5FDcTsSIge7oyDyXPyM3JSvgjdp%5F2gKcrK7kVy7jk9o4l6EqRZlpgj1FpV6SyA1frMrtAZpawXYfb%2DmHJG6f7nJg5rKr%2DWN%5FUaQcc9aiqoD7DxL9Tb10wLVh8PbVrC2Y%5F8zkiD88YzB%2DXO20905AY%2DTzt%2DdQgWsY%5Fkzcv6zDSUeXCt%2Dr2iOfuW2Vz26qIcEDG679kh9E2H%5FtM%2E&yargs=www.dell4me.com HTTP/1.1
Accept: */*
Referer: http://search.offeroptimizer.com/en?c=48685&s=5261&kw=Laptops&cnt=4&kw1=&kw2=&kw3=&kw4=&kw5=&kw6=&t=full.vm&src=is&r=sr&url=&page=1&b=bl_eng&n=us
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {22E43631-0428-0F4A-967D-0F443832898F})
Host: msxml.infospace.com
Connection: Keep-Alive

HTTP/1.1 302 Object Moved
Server: Microsoft-IIS/5.0
Date: Wed, 31 Aug 2005 01:17:52 GMT
Location: http://www10.overture.com/d/sr/?xargs=15KPjg1KFSqIK9k7PyMPiIRvydng9SwMTqpYgqTcg5AYELrC5zAr8idcfxq%5FFnEa95v02QwoHtiLIVWPv5n%5FOfEAjy5WK6G%2DD%5F3YnDpboIQtjSTNIz5NeU992K2tkMKXxyFhbS8eOLx6qZNdWNQBgPzb83vkLHuKx7wru3zPIcFsHN2yZ%2DnTzUIdQwiMJV6fcnC65ODfVUYZzai1akT88flZggzqm7en9ScXjh%2DyxZ%5Fe6xdBNPlObSJtJJ1uujldyNa%2Db%2D6JwdfkaW9vIwoC4a9U%2DYy4w%5FjEnX1wtqBG0%5FH%5FO%5FdmnQiQ0mqLiO9YarGOxcvzmoTsXeFnjhIzsPcUNyV6roSlXeIxQ14huCBpFQI5D6hheOKriGG1N%5FIV4A7NuyPsAP5QzKzCwtXjfaFc2uzCI6NJRqo2%5FlqhXz80UNipo%5FDcTsSIge7oyDyXPyM3JSvgjdp%5F2gKcrK7kVy7jk9o4l6EqRZlpgj1FpV6SyA1frMrtAZpawXYfb%2DmHJG6f7nJg5rKr%2DWN%5FUaQcc9aiqoD7DxL9Tb10wLVh8PbVrC2Y%5F8zkiD88YzB%2DXO20905AY%2DTzt%2DdQgWsY%5Fkzcv6zDSUeXCt%2Dr2iOfuW2Vz26qIcEDG679kh9E2H%5FtM%2E&yargs=www.dell4me.com
Content-type: text/html
Set-Cookie: krta=52CBAC17C66E400DBCBAADC9CF030300; path=/; domain=.infospace.com
Set-Cookie: krtt=E77FFCF7314041F7B0DDADC9CF030300; path=/; domain=.infospace.com
Set-Cookie: krts=E7BA7E1B88BE4C02B637ADC9CF030300; expires=Wed, 31-Aug-2005 01:37:52 GMT; path=/; domain=.infospace.com
Content-Length: 0

Overture Redirects to Dell

GET /d/sr/?xargs=15KPjg1KFSqIK9k7PyMPiIRvydng9SwMTqpYgqTcg5AYELrC5zAr8idcfxq%5FFnEa95v02QwoHtiLIVWPv5n%5FOfEAjy5WK6G%2DD%5F3YnDpboIQtjSTNIz5NeU992K2tkMKXxyFhbS8eOLx6qZNdWNQBgPzb83vkLHuKx7wru3zPIcFsHN2yZ%2DnTzUIdQwiMJV6fcnC65ODfVUYZzai1akT88flZggzqm7en9ScXjh%2DyxZ%5Fe6xdBNPlObSJtJJ1uujldyNa%2Db%2D6JwdfkaW9vIwoC4a9U%2DYy4w%5FjEnX1wtqBG0%5FH%5FO%5FdmnQiQ0mqLiO9YarGOxcvzmoTsXeFnjhIzsPcUNyV6roSlXeIxQ14huCBpFQI5D6hheOKriGG1N%5FIV4A7NuyPsAP5QzKzCwtXjfaFc2uzCI6NJRqo2%5FlqhXz80UNipo%5FDcTsSIge7oyDyXPyM3JSvgjdp%5F2gKcrK7kVy7jk9o4l6EqRZlpgj1FpV6SyA1frMrtAZpawXYfb%2DmHJG6f7nJg5rKr%2DWN%5FUaQcc9aiqoD7DxL9Tb10wLVh8PbVrC2Y%5F8zkiD88YzB%2DXO20905AY%2DTzt%2DdQgWsY%5Fkzcv6zDSUeXCt%2Dr2iOfuW2Vz26qIcEDG679kh9E2H%5FtM%2E&yargs=www.dell4me.com HTTP/1.1
Accept: */*
Referer: http://search.offeroptimizer.com/en?c=48685&s=5261&kw=Laptops&cnt=4&kw1=&kw2=&kw3=&kw4=&kw5=&kw6=&t=full.vm&src=is&r=sr&url=&page=1&b=bl_eng&n=us
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; {22E43631-0428-0F4A-967D-0F443832898F})
Host: www10.overture.com
Connection: Keep-Alive
Cookie: ConvData=02u3hs9yoazhUOMSCAQAzb0bcwRakYGMUqA8QbOMyjrBq3g%2Fw3Dfm6%2F7ttS17s4D6Z0qsaWhkIxYhHbburM9UPQYPBYyByJFjtU7RVRSOfsykIFFuD2p%2BCBzGUzlJmMHMvPwl7RN8c; UserData=02u3hs9yoaT4tKLixNTUk1sQEAA0MDM0NHQ1NjS7Vj4tCQVBZRro6W5s7GBs7O5o5mrm4AFnhX%2FQw%3D

HTTP/1.1 302 Found
Date: Wed, 31 Aug 2005 01:17:52 GMT
Server: Apache/1.3.33 (Unix) mod_perl/1.29
Set-Cookie: SessionData=02u3hs9yoaT4tKLixNTUk1sQEAA0MDM0NHC2cDE7Vj1ODi4vzMoDwGQW6WJs6GFo5uzi5uLpaWAOb7jFQO; domain=.overture.com; path=/; expires=Wed, 31-Aug-2005 01:22:52 GMT
Set-Cookie: ConvData=02u3hs9yoajh0OMSDDAAzDf8tsgTbBgSDBAfWjmWUoRU7Q6EfflvROm3G6v6%2B00cT3AoTwwok367r2MzvruBLs%2FRjtne2CYEHgMFG5Er5%2Bxmx6uMYxHAoz1UNVnzOZIxaI7Ai7trHNZaCUiSwza9nhLeQBIusD; domain=.overture.com; path=/; expires=Sat, 29-Aug-2015 01:17:52 GMT
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
Pragma: no-cache
Location: http://landingstrip.dell.com/landingstrip/ls.asp?CID=8278&LID=230157&DGC=ST&DGStor=DHS&DGSite=OVT&Conum=19&K=6VP00&DURL=http://www1.us.dell.com/content/topics/segtopic.aspx/jmp_nb?c%3Dus%26cs%3D19%26l%3Den%26s%3Ddhs
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain