DevLog 250817 The Curious Case of the Referrer

> Log Date: 250817

A private link was accessed by someone who wasn’t supposed to see it yet. I didn’t share it. No one did. This log is a digital crime scene report, and I caught the referrer.

A quiet little woodworking portfolio got a strange hit. The URL was never published. Not on socials. Not emailed. Not listed. But someone found it. And worse, that someone forwarded it. I didn’t invite anyone to the show.


Scene 1: The Panic Before the Ping

No breadcrumbs. No search engine indexing. Just a link floating in the void... until it wasn’t.

I scanned logs. Scraped headers. Looked for browser fingerprints. It wasn’t a bot. It wasn’t a crawler. It was a real person, with real fingers, clicking on a page they weren’t meant to see.


Scene 2: Installing the Bug

I dropped in Matomo for tracking and local analytics. Not some surveillance script farmed out to Silicon Valley. Just raw data, parsed directly from server logs. Every ping. Every referrer. Every miss.

At first, nothing. A few indexer ghosts. Then it came:

Referrer: an unrelated artist portfolio  
Path: /woodworking  
Device: Android, Chrome  
Time on page: 0 seconds  
Bounce level: astronomical

That site shouldn’t have had my link. And yet the log was clear. Someone came in from that direction.


Scene 3: The Unlikely Breadcrumb

I ran curl. I ran grep. I read the DOM like it owed me money. No links found in the HTML.

So it had to be dynamic. Probably a JS gallery. A modal preview. Some interactive plugin.

Somewhere in that site’s moving parts, my private link was quietly embedded. Maybe even unintentionally. But it was there.


Scene 4: Digital Forensics

Once I saw that referrer line in the logs, the entire timeline snapped into focus. Like someone flipping over puzzle pieces all at once.


Scene 5: Lessons from the Log


Closing Remarks

No confrontation. No accusations. But I now know how it happened. And I won’t forget it.

Even the quietest links have echoes. This one made just enough noise to catch. Mystery logged. Leak confirmed. Case closed.


← Back to DevLogs