Example Packet Log with Double-Popup Cookie-Stuffing: Apple
The Effect of 180solutions on Affiliate Commissions and Merchants - Ben Edelman

As discussed in Affiliate Code Replacement via Popup "Double" Windows within The Effect of 180solutions on Affiliate Commissions and Merchants, 180 has implemented a system that can set affiliate tracking codes by showing a user a duplicate copy of a merchant's site. These popups set affiliate codes that, in the ordinary course of events, cause 180 to be paid commissions otherwise payable to other affiliates, and cause 180 to be paid commissions even if no commissions would otherwise be paid. For a listing of affected merchants (as of tests of June 2004), see merchants targeted with double windows. See also merchants I previously found to be targeted with silent cookie-stuffing.

This page shows specific network transmissions that implement 180's double-popup cookie-stuffing, targeting a request for apple.com made at approximately 9pm (Eastern) on July 22, 2004. See also a video (WMV format, view in full-screen mode) confirming what took place, including showing my Cookies folder before and after receiving the 180solutions popup. The thumbnail at right shows the final on-screen display -- the store.apple.com site, largely covered by the double popup that reached store.apple.com through an affiliate link.

Index of Annotated Packet Logs (details)

Other Targeted Merchants: Double and Silent Popups

In my testing, 180's targeting of apple.com proceeds in the following way: First, when users visit store.apple.com on a computer with Zango installed, Zango sends the request shown in HTTP Transaction 1 (sending the apple.com keyword trigger as shown in yellow highlighting), and Zango receives in response an instruction to show a web page at dealsavings.com (purple highlighting). Next, Zango loads that dealsavings.com URL in a new window, causing the HTTP communications shown in Transaction 2. The HTML response from Transaction 2 is a lengthy file, primarily consisting of blank lines and spaces, though ultimately including 30 identical links to LinkShare; however, users never see this page, because the page's META tags include a redirect to LinkShare (orange highlighting). As a result, in Transaction 3, the user's PC ultimately loads the LinkShare tracking link (red highlighting), subsequently setting cookies per its instructions.

Consistent with the rest of my site, the network logs below omit my DUID (my unique 180solutions user ID number), and the logs also omit 180solutions' affiliate ID number.

In my recent testing of July 21-23, 2004, store.apple.com is but one of many merchants that remain targeted by 180solutions double popups. Some targeted merchants (like apple.com) use LinkShare; others use Commission Junction; others use other networks, or run in-house affiliate programs. Some double popups (including this one) reach affiliate links through redirect servers, while others entail 180solutions sending users directly to an affiliate link via no other intermediaries.

 

Return to top
HTTP Transaction 1: Zango Request to 180solutions
keyword trigger
GET /showme.aspx?keyword=store.apple.com+.apple.com&did=762&ver=5.11&duid=531byhiprtvdgvadrfmfcgtxxyrjmg&partner_id=195252523
user id
&product_id=762&browser_ok=y&rnd=28&basename=zango&tzbias=5&MT=8C5F0B5F1538C31DC2F456CC736BC33B268398A0 &DMT=8C5F0B5F1538C31DC2F456CC736BC33B268398A0&GMA=1&GVI=1&GPI=1 &HMP=709213BFEF2F893692742C6E758547E7BF14D399&ACC=1&bid=0&SID=SNMFKPCB &OS=5.1.2600.2&SLID=1033&ULID=1033&TLOC=1033&ACP=1252&OCP=437&DB=iexplore.exe&IEV=6.0.2800.1 &TPM=200785920&APM=51642368&TVM=2147352576&AVM=2018045952&FDS=1698689024&LAD=1601:1:1:0:0:0&WE=5 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: tv.180solutions.com
Connection: Keep-Alive
Cookie: register=lrd=7/21/2004 8:49:06 AM; partner=lcd=7/21/2004 8:51:00 AM&pi=195252523&pt=315hybrpitvdavgtdrfmoxtgyrxmjg&ci=762&cn=4&cy=us&rg=2505&ct=38972&dma=506&pc=02239&ac=617&bd=12:00:00 AM&sx=&cd=6/26/2004 3:44:10 PM&md=7/13/2004 9:31:38 PM&dlu=12:00:00 AM&glu=7/21/2004 8:49:06 AM&csi=0&li=0&ei=0&chi=0&hii=0&ck=e8952755-1979-45bc-9eae-e54dba9375d1&upbl=False&cv=5.11; guid=e8952755-1979-45bc-9eae-e54dba9375d1; caps=as=0&lad=7/13/2004 7:37:48 PM&askw=0&ladkw=7/22/2004 2:38:43 PM; speedcheck=ls=7/21/2004 8:50:59 AM

HTTP/1.1 200 OK
Date: Fri, 23 Jul 2004 01:20:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: caps=as=0&lad=7/13/2004 7:37:48 PM&askw=1&ladkw=7/22/2004 6:20:13 PM; domain=.180solutions.com; expires=Sat, 23-Jul-2005 01:20:13 GMT; path=/
Set-Cookie: speedcheck=ls=7/21/2004 8:50:59 AM; domain=.180solutions.com; expires=Sat, 23-Jul-2005 01:20:13 GMT; path=/
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 1723

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
ad to be shown
ad_url: <input id=ad_url name=ad_url value=http://dealsavings.com/app.htm><br>
ad_takefocus: <input id=ad_takefocus name=ad_takefocus value=y><br>
ad_activationdelay: <input id=ad_activationdelay name=ad_activationdelay value=5><br>
ad_resizable: <input id=ad_resizable name=ad_resizable value=y><br>
ad_scrollbars: <input id=ad_scrollbars name=ad_scrollbars value=y><br>
ad_menubar: <input id=ad_menubar name=ad_menubar value=y><br>
ad_statusbar: <input id=ad_statusbar name=ad_statusbar value=y><br>
ad_toolbar: <input id=ad_toolbar name=ad_toolbar value=y><br>
ad_addressbar: <input id=ad_addressbar name=ad_addressbar value=y><br>
ad_fullscreen: <input id=ad_fullscreen name=ad_fullscreen value=n><br>
ad_statustext: <input id=ad_statustext name=ad_statustext value=><br>
ad_theatermode: <input id=ad_theatermode name=ad_theatermode value=n><br>
ad_id: <input id=ad_id name=ad_id value=36226><BR>
keyword_id: <input id=keyword_id name=keyword_id value=80735><BR>
ad_windowtitle: <input id=ad_windowtitle name=ad_windowtitle value="Brought to you by the Zango Search Assistant"><br>
<INPUT ID=kw_exclude TYPE=text style="VISIBILITY: hidden;" VALUE=".ancestry.com+security+weightwatchers.com+check+filter"><br>
<INPUT ID=ad_shown TYPE=text VALUE="y" style="VISIBILITY: hidden;"><br>

<SPAN class="957085619-06032003"><FONT face="Arial" color="#ff0000" size="5">Thank you
for your patience.&nbsp; You will be redirected to your destination site in a
few seconds.</FONT></SPAN>
</body>
</HTML>


Return to top
HTTP Transaction 2: Zango Loads Advertiser's Site
GET /app.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M; .NET CLR 1.1.4322)
Host: dealsavings.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Content-Length: 33542
Content-Type: text/html
Last-Modified: Sun, 11 Jul 2004 16:47:34 GMT
Accept-Ranges: bytes
ETag: "dc89ddc36667c41:56fbf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Date: Fri, 23 Jul 2004 01:18:23 GMT

<html>

<head>
redirect
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="refresh" content="0;url=http://click.linksynergy.com/fs-bin/click?id=... &amp;offerid=13301.10000510&amp;type=4&amp;subid=78">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title></title>
</head>

<body>
<p>
&nbsp;
</p>
<p>

[page continues at length, with many blank lines, <p> and </p> tags, and &nbsp; tags]

<!--webbot bot="HTMLMarkup" startspan --><a href="http://click.linksynergy.com/fs-bin/click?id=...&offerid=13301.10000510&type=4&subid=78"><IMG alt="AppleStoreLogo120x60" border="0" src="http://www.apple.com/r/store/banners/applestore_120x60.gif"></a><IMG border="0" width="1" height="1" src="http://ad.linksynergy.com/fs-bin/show?id=...&bids=13301.10000510&type=4&subid=78"><!--webbot
bot="HTMLMarkup" endspan -->
<br>

[the block of HTML code immediately above is repeated a total of 30 times]

</body>
</html>
Return to top
HTTP Transaction 3: Advertiser's Site Redirects to LinkShare Affiliate Link
opening affiliate window
GET /fs-bin/click?id=...&offerid=13301.10000510&type=4&subid=78 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iOpus-I-M; .NET CLR 1.1.4322)
Host: click.linksynergy.com
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Fri, 23 Jul 2004 01:19:47 GMT
Server: Apache/1.3.29 (Unix) mod_perl/1.29
Set-Cookie: lsn_session=ziPPOtWG3QQ; domain=.linksynergy.com; path=/; expires=Fri, 23-Jul-2004 01:21:47 GMT
Expires: Thu, 22 Jul 2004 01:19:47 GMT
P3p: CP="ALL DSP COR NID DEV ADM CUR OUR BUS LEG NAV"
Location: http://click.linksynergy.com/fs-bin/swat?lsnsig=ziPPOtWG3QQ&id=...&offerid=13301.10000510&type=4&subid=78
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1

18e
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://click.linksynergy.com/fs-bin/swat?lsnsig=ziPPOtWG3QQ&amp;id=...&amp;offerid=13301.10000510&amp;type=4&amp;subid=78">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.29 Server at gcws0061.private.linksynergy.com Port 80</ADDRESS>
</BODY></HTML>

0