HACKER Q&A
📣 frompdx

What does a spammer stand to gain by redirecting me to google.com?


Recently I have started receiving a lot of spam text messages. Each message is similar. Each one is addressed to someone who isn't me.

"Dr Oz called this the most potent erection pill. ., last up to 3 hours with no side effects"

-- or --

Thank you Oprah for your appraisal: because of that we're opening a FREE sample programme for EVERYONE! ., lose 20 lbs:

At first I tried to ignore the text messages. However, I have been getting one every other day and it is starting to get old. So, I decided to do some investigating.

I hit a few of the links in the text messages with curl and to my surprise, each link redirects to https://www.google.com.

  curl -v  .com/
  *   Trying ...
  * TCP_NODELAY set
  * Connected to npit9.com () port 80 (#0)
  > GET /zFYFoXfVF8 HTTP/1.1
  > Host: npit9.com
  > User-Agent: curl/7.54.0
  > Accept: */*
  >
  < HTTP/1.1 302 Found
  < Server: nginx/1.6.2
  < Date: Sat, 18 Jul 2020 20:19:25 GMT
  < Transfer-Encoding: chunked
  < Connection: keep-alive
  < Location: https://www.google.com
  <
  * Connection #0 to host .com left intact
Here is what I know:

1. Every message has a different link that is a six letter domain and the path is a series of random characters and each is addressed to a person that isn't me.

2. Every URL is registered by namecheap.com.

3. Every URL points to the same IP address.

4. Every link redirects to https://www.google.com

What can a spammer possibly gain from this?

  👤 uberman Accepted Answer ✓
They have now verified that your specific phone number will click clearly suspicious links. I would hazard that your going to be put into the phase 2 sucker category now as a result.

Why are the links so clearly suspicious you ask?

It is part of the scam. It weeds out those who are unlikely to be scammed early in the pipeline so that scammers don't waste resources on people who will not be duped.

Why redirect to google? They already have everything they need from you including a hash that points back to your phone number indicating what one of their various scams they got you to bite on. There is no longer any reason for them to keep your focus on their data collection site and immediately send you someplace benign. Google seems as good a choice as any.

👤 fsistemas
This kind of website detect when you are using a mobile device or not. They can show the spammer website if you are in phone or a different website (like Google) when you're not using a mobile device.