Cookie-Stuffing Targeting hsn.com
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

This page reports cookie-stuffing by coupons-coupon-codes.com, targeting hsn.com. In my testing, this is but one of many affiilate web sites targeting this and other merchants.

As of November 4, the http://hsn.coupons-coupon-codes.com/hsn_coupon page was #2 in Google results for "hsn coupon" (without quotes). The specified URL included a reference to an external JavaScript file:

<script language="JavaScript" src="hsn.js">
</script>

The hsn.js file included the following instruction to open a new pop-under window:

<!--
if (document.cookie == "" || document.cookie == null) {
document.cookie = "set";
pop = window.open("http://www.coupons-coupon-codes.com/stores.php?store=36", "pop", "scrollbars=1,resizable=1,width=480,height=280");
pop.blur();
window.focus();
setTimeout("window.focus()",800);
}
//-->

Finally, the http://www.coupons-coupon-codes.com/stores.php?store=36 URL performed a HTTP 302 redirect to a CJ BFAST affiliate link:

GET /stores.php?store=36 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.coupons-coupon-codes.com
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Thu, 04 Nov 2004 16:49:27 GMT
Server: Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.8 FrontPage/5.0.2.2634a mod_ssl/2.8.18 OpenSSL/0.9.6b
X-Powered-By: PHP/4.3.8
Location: http://service.bfast.com/bfast/click?bfmid=37919329&siteid=38772000&bfpage=home1
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

0

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.