Example Packet Log with Double-Popup Cookie-Stuffing: Gateway
The Effect of 180solutions on Affiliate Commissions and Merchants - Ben Edelman

As discussed in Affiliate Code Replacement via Popup "Double" Windows within The Effect of 180solutions on Affiliate Commissions and Merchants, 180 has implemented a system that can set affiliate tracking codes by showing a user a duplicate copy of a merchant's site. These popups set affiliate codes that, in the ordinary course of events, cause 180 to be paid commissions otherwise payable to other affiliates, and cause 180 to be paid commissions even if no commissions would otherwise be paid. For a listing of affected merchants (as of tests of June 2004), see merchants targeted with double windows. See also merchants I previously found to be targeted with silent cookie-stuffing.

This page shows specific network transmissions that implement 180's double-popup cookie-stuffing, targeting a request for gateway.com made at approximately 8pm (Eastern) on July 23, 2004. See also a video (WMV format, view in full-screen mode) confirming what took place, including showing my Cookies folder before and after receiving the 180solutions popup. The thumbnail at right shows the final on-screen display -- the gateway.com site, substantially covered by the double popup that reached gateway.com through an affiliate link.

Index of Annotated Packet Logs (details)

Other Targeted Merchants: Double and Silent Popups

Consistent with the rest of my site, the network logs below omit my DUID (my unique 180solutions user ID number), and the logs also omit 180solutions' affiliate ID number.

In my recent testing of July 21-23, 2004, gateway.com is but one of many merchants that remain targeted by 180solutions double popups. Some targeted merchants (like gateway.com) use Commission Junction; others use LinkShare; others use other networks, or run in-house affiliate programs. While some double popups reach affiliate links through redirect servers, others (like the gateway.com example described on this page) entail 180solutions sending users directly to gateway.com via an affiliate link but via no other intermediaries.


keyword trigger
GET /showme.aspx?keyword=.gateway.com/+.gateway.com+gateway.com+gateway*com+gateway&did=762&ver=5.11 &duid=531byhiprtvdgvadrfmfcgtxxyrjmg&partner_id=183723514&product_id=762&browser_ok=y&rnd=9
user id
&basename=zango&tzbias=5&MT=14A7F81A56809D668C16CC01198CB4B1F76369B7 &DMT=14A7F81A56809D668C16CC01198CB4B1F76369B7&GMA=1&GVI=1&GPI=1 &HMP=740D1DF749425B5CAC3C7869123259B78C7F4831&ACC=1&bid=0&SID=DGDWNSLC&OS=5.1.2600.2 &SLID=1033&ULID=1033&TLOC=1033&ACP=1252&OCP=437&DB=iexplore.exe&IEV=6.0.2800.1&TPM=200785920 &APM=28258304&TVM=2147352576&AVM=2022027264&FDS=1759879168&LAD=1601:1:1:0:0:0&WE=5 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: tv.180solutions.com
Connection: Keep-Alive
Cookie: register=lrd=7/21/2004 8:56:25 AM; partner=lcd=7/21/2004 8:56:25 AM&pi=183723514&pt=128rhaerupaflaassrkpydcgbqrgdi&ci=762&cn=4&cy=us&rg=2505&ct=38972&dma=506&pc=02239&ac=617&bd=12:00:00 AM&sx=&cd=6/6/2004 2:17:04 PM&md=7/13/2004 9:41:20 PM&dlu=12:00:00 AM&glu=7/21/2004 8:56:25 AM&csi=0&li=0&ei=0&chi=0&hii=0&ck=9468ab7c-fb6b-445a-a66b-2e020ea7cf25&upbl=False&cv=5.11; guid=9468ab7c-fb6b-445a-a66b-2e020ea7cf25; caps=as=0&lad=7/13/2004 7:43:48 PM&askw=1&ladkw=7/21/2004 8:54:25 AM; speedcheck=ls=7/21/2004 8:54:25 AM

HTTP/1.1 200 OK
Date: Sat, 24 Jul 2004 00:05:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: caps=as=0&lad=7/13/2004 7:43:48 PM&askw=1&ladkw=7/23/2004 5:05:40 PM; domain=.180solutions.com; expires=Sun, 24-Jul-2005 00:05:40 GMT; path=/
Set-Cookie: speedcheck=ls=7/21/2004 8:54:25 AM; domain=.180solutions.com; expires=Sun, 24-Jul-2005 00:05:40 GMT; path=/
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 1912

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
ad to be shown
ad_url: <input id=ad_url name=ad_url value=http://service.bfast.com/bfast/click?bfmid=37919389&amp;siteid=...&amp;bfpage=computers_text><br>
ad_width: <input id=ad_width name=ad_width value=800><br>
ad_height: <input id=ad_height name=ad_height value=600><br>
ad_takefocus: <input id=ad_takefocus name=ad_takefocus value=y><br>
ad_activationdelay: <input id=ad_activationdelay name=ad_activationdelay value=0><br>
ad_resizable: <input id=ad_resizable name=ad_resizable value=y><br>
ad_scrollbars: <input id=ad_scrollbars name=ad_scrollbars value=y><br>
ad_menubar: <input id=ad_menubar name=ad_menubar value=y><br>
ad_statusbar: <input id=ad_statusbar name=ad_statusbar value=y><br>
ad_toolbar: <input id=ad_toolbar name=ad_toolbar value=y><br>
ad_addressbar: <input id=ad_addressbar name=ad_addressbar value=y><br>
ad_fullscreen: <input id=ad_fullscreen name=ad_fullscreen value=n><br>
ad_statustext: <input id=ad_statustext name=ad_statustext value=><br>
ad_theatermode: <input id=ad_theatermode name=ad_theatermode value=n><br>
ad_id: <input id=ad_id name=ad_id value=43892><BR>
keyword_id: <input id=keyword_id name=keyword_id value=722031><BR>
ad_windowtitle: <input id=ad_windowtitle name=ad_windowtitle value="Brought to you by the Zango Search Assistant"><br>
<INPUT ID=kw_exclude TYPE=text style="VISIBILITY: hidden;" VALUE=".ancestry.com+security+weightwatchers.com+check+filter"><br>
<INPUT ID=ad_shown TYPE=text VALUE="y" style="VISIBILITY: hidden;"><br>

<SPAN class="957085619-06032003"><FONT face="Arial" color="#ff0000" size="5">Thank you
for your patience.&nbsp; You will be redirected to your destination site in a
few seconds.</FONT></SPAN>

opening affiliate window
GET /bfast/click?bfmid=37919389&siteid=...&bfpage=computers_text HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: service.bfast.com
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Sat, 24 Jul 2004 00:06:58 GMT
Server: Apache/1.3.27 (Unix)
P3P: PolicyRef="http://service.bfast.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV
setting new affiliate cookie
Set-Cookie: UID=2|0|20240724; expires=Saturday, 24-Jul-2024 00:06:58 GMT; domain=.bfast.com; path=/
Cache-Control: no-cache
Location: http://service.bfast.com/bfast/click?bfmid=37919389&siteid=...&bfpage=computers_text&bfcookietest=Y
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

<TITLE>302 Found</TITLE>
The document has moved <A HREF="http://service.bfast.com/bfast/click?bfmid=37919389&amp;siteid=... &amp;bfpage=computers_text&amp;bfcookietest=Y">here</A>.<P>
<ADDRESS>Apache/1.3.27 Server at service.bfast.com Port 80</ADDRESS>