Cookie-Stuffing Targeting orbitz.com
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

This page reports cookie-stuffing by thewinnersclub.net, targeting orbitz.com.

As of November 8, the http://www.thewinnersclub.net/Orbitz_coupon.html page was #72 in Google results for "orbitz coupon" (without quotes). The specified URL included the following JavaScript code (line breaks added), which opened a LinkShare tracking link in a new window:

<script language="javascript">
<!--
w=window.open('http://www.thewinnersclub.net/coupon/Orbitz','Orbitz');w.blur();
//-->
</script>

The /coupon/Orbitz URL then redirected users to LinkShare via the following HTTP 302 redirect:

GET /coupon/Orbitz HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.thewinnersclub.net
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Tue, 09 Nov 2004 02:45:34 GMT
Server: Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.9 FrontPage/5.0.2.2634a mod_ssl/2.8.19 OpenSSL/0.9.7a
X-Powered-By: PHP/4.3.9
Location: http://click.linksynergy.com/fs-bin/click?id=HAHu6s1Hzp4&offerid=38994.10000011&type=4&subid=0
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

12
<h1>Link Sent</h1>

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.

In my testing, this is but one of many affiilate web sites targeting this and other merchants. For example, the #16 Google result is www.consumernow.com/Orbitz_coupon , which uses cookie stuffing precisely along the lines of that shown as to consumernow's targeting of Toshiba, Netzero, JCWhitney, and DentalPlans.