A few recent adjustments
The most recent trend seems to be using redirects in fake referral headers, presumably to avoid any blocking rules based on referring domains. Thankfully DyadStats looks for strings in referring URLs as well as domains which catches this.
Having examined a number of fake referrals with redirects, it looks like the spammers don't care whether or not the redirect actually works, or even if the domain used is live or not, which suggests to me that their goal is for log file parsers to turn each redirect URL into its own link.