How this guy is hiding his landers?

[ironbull]

Hey,

I was doing some heavy spying and I came across these two domains:

a91apps (dot) com
mobilenewcenter (dot) com

He is running mobile pops everywhere. This is the proof:

so the thing is that most of the time, I am able to open the same landing page in my desktop browser, steal it and improve it.

But with these domains, there is something more.

So the flow goes like this:

1) User visit a torrent/mp3/video site
2) Mobile Pop Up appears
3) You just see a landing page with these domains: a91apps (dot) com - mobilenewcenter (dot) com

and when I say these domains, it is JUST the domain with any subfolders or Voluum parameters.

So I guess he is hiding his landings really good. Anyone knows how to do that?

EDIT: I have realized that he is somehow redirecting the traffic or recycling the traffic with this other domain: laumobiles (dot) com

I will show you two examples of two landings presumably hosted in the same root domain.

 

[tommi2500k]

Back button with external link or some other javascript
I may have one

 

[ironbull]

Any more opinions? I am really interested in the topic.

 

[mike888]

Most likely he setup some rules in .htaccess file to filter out referral traffic.

 

[ironbull]

Yep, I suppose he is doing it with .htaccess - Really smart guy.

 

[crysper]

Well, it denies the direct traffic using .htacces using something like this:

SetEnvIf Referer "^$" NO_REFERER
Order allow,deny
Allow from all
Deny from env=NO_REFERER

For tracking it may have something in-house.

And probably they use a back button redirect script that you'll find inside The Dojo