Example Cookie-Stuffing Overwriting Existing Cookies: TGW
The Effect of 180solutions on Affiliate Commissions and Merchants - Ben Edelman

As discussed in Affiliate Code Replacement via Popup "Double" Windows within The Effect of 180solutions on Affiliate Commissions and Merchants, 180 has implemented a system that can set affiliate tracking codes by showing a user a duplicate copy of a merchant's site. These popups set affiliate codes that, in the ordinary course of events, cause 180 to be paid commissions otherwise payable to other affiliates, and cause 180 to be paid commissions even if no commissions would otherwise be paid. For a listing of affected merchants (as of tests of June 2004), see merchants targeted with double windows. See also merchants I previously found to be targeted with silent cookie-stuffing.

This page shows specific network transmissions that implement 180's double-popup cookie-stuffing, targeting a request for tgw.com made at approximately 1pm (Eastern) on July 24, 2004. See also a video (WMV format, view in full-screen mode, warning: >1.6MB) confirming what took place, including showing my Cookies folder before and after receiving the 180solutions popup. The thumbnail at right shows the final on-screen display -- the tgw.com site, covered in part by the double popup that reached tgw.com through an affiliate link.

Index of Annotated Packet Logs (details)

Other Targeted Merchants: Double and Silent Popups

In this example, I sought to document how 180 (and its advertisers) can overwrite cookies set by other affiliates. My testing proceeded in the following way:

  1. I cleared my cookies, such that any cookies set on my PC were set in the course of the testing shown in my video.
  2. I browsed to dealhunting.com, an ordinary affiliate site that links to tgw.com via an affiliate link. I clicked through that affiliate link, yielding the communications shown in HTTP Transaction 1 (with original affiliate link shown in red highlighting).
  3. I briefly browsed the tgw.com site. (Network logs omitted for brevity.) In HTTP Transaction 2, Zango (installed on my PC) asked 180solutions' web servers for an ad to be shown -- sending the tgw.com trigger (as shown in yellow highlighting), and receiving a URL to deal-savings.com in response (purple highlighting).
  4. In HTTP Transaction 3, Zango loaded the specified deal-savings.com page in a new window. Via a META REFRESH tag (orange highlighting), the page redirected the new window to a LinkShare affiliate link which in turn set LinkShare cookies referencing the same affiliate code used on the deal-savings page (HTTP Transaction 4) .
  5. Observing my cookies (cookie listing), I see that at the end of the events described above, my linksynergy.com (LinkShare) cookies included a reference to the affiliate code used on the deal-savings page (blue highlighting). However, I see no surviving reference to the affiliate code used on the original dealhunting.com page.

Consistent with the rest of my site, the network logs below omit my DUID (my unique 180solutions user ID number). In place of the actual affiliate ID number used by the deal-savings 180 advertiser, the logs use the phrase "[deal-savings affiliate ID]".

In my testing of July 24, 2004, tgw.com is but one of many merchants that remain targeted by 180solutions double popups. Some targeted merchants (like tgw.com) use LinkShare; others use Commission Junction; others use other networks, or run in-house affiliate programs. Some double popups (including this one) reach affiliate links through redirect servers, while others entail 180solutions sending users directly to an affiliate link via no other intermediaries.

 

Return to top
HTTP Transaction 1: Clicking Through DealHunting LinkShare Link to TGW
initial affiliate link
GET /fs-bin/swat?lsnsig=KTzeoZJ%2B2UA&id=km/jX8Vq/5Y&offerid=42808.10000074&type=4&subid=0 HTTP/1.1
Accept: */*
Referer: http://www.dealhunting.com/coupon-codes.php?cat=18
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: click.linksynergy.com
Connection: Keep-Alive
Cookie: linkshare_cookie65839=10000088%3A65839; linkshare_cookie37989=10000502%3A37989; linkshare_cookie21855=10000704%3A21855; linkshare_cookie63922=10000501%3A63922; linkshare_cookie66465=10000038%3A66465; linkshare_cookie=6%3A23162; lsn_session=KTzeoZJ%2B2UA

HTTP/1.1 302 Found
Date: Sat, 24 Jul 2004 16:56:12 GMT
Server: Apache/1.3.29 (Unix) mod_perl/1.29
Set-Cookie: lsn_statp=tVEFAQ%3D%3D; domain=.linksynergy.com; path=/; expires=Fri, 19-Jul-2024 16:56:13 GMT
Set-Cookie: lsn_qstring=km%2FjX8Vq%2F5Y%3A40500%3A; domain=.linksynergy.com; path=/; expires=Sun, 25-Jul-2004 16:56:13 GMT
Set-Cookie: lsn_track=UmFuZG9tSVYf7fugOXl1HSKEsD8fWRJ5oZNfAQsii4ClsFJrQ4DTC3q3cKYImn%2FgbG6kiYyxULk%3D; domain=.linksynergy.com; path=/; expires=Tue, 22-Jul-2014 16:56:13 GMT
Expires: Fri, 23 Jul 2004 16:56:13 GMT
P3p: CP="ALL DSP COR NID DEV ADM CUR OUR BUS LEG NAV"
Location: http://www.tgw.com/linkshare.html?siteID=km%2FjX8Vq%2F5Y-LpnORe5lQhUutsusLZoL2g&url=http%3A//www%2Etgw%2Ecom/stores/linkshare%2Ejsp%3FURL%3D/clearance/clear%2Dcenter%2Ejsp
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1

1bc
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://www.tgw.com/linkshare.html? siteID=km%2FjX8Vq%2F5Y-LpnORe5lQhUutsusLZoL2g&amp;url= http%3A//www%2Etgw%2Ecom/stores/linkshare%2Ejsp%3FURL%3D/clearance/clear%2Dcenter%2Ejsp" >here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.29 Server at njws0066.private.linksynergy.com Port 80</ADDRESS>
</BODY></HTML>

0

Return to top
HTTP Transaction 2: Zango Request to 180solutions
keyword trigger
GET /showme.aspx?keyword=tgw.com&did=762&ver=5.11&duid=531byhiprtvdgvadrfmfcgtxxyrjmg &partner_id=183723514&product_id=762&browser_ok=y&rnd=14&basename=zango
user id
&tzbias=5&MT=14A7F81A56809D668C16CC01198CB4B1F76369B7 &DMT=14A7F81A56809D668C16CC01198CB4B1F76369B7&GMA=1&GVI=1&GPI=1 &HMP=740D1DF749425B5CAC3C7869123259B78C7F4831&ACC=1&bid=0 &SID=DGDWNSLC&OS=5.1.2600.2&SLID=1033&ULID=1033&TLOC=1033 &ACP=1252&OCP=437&DB=iexplore.exe&IEV=6.0.2800.1&TPM=200785920 &APM=30568448&TVM=2147352576&AVM=1983787008 &FDS=1774436352&LAD=1601:1:1:0:0:0&WE=5 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: tv.180solutions.com
Connection: Keep-Alive
Cookie: register=lrd=7/21/2004 8:56:25 AM; partner=lcd=7/21/2004 8:56:25 AM&pi=183723514&pt=128rhaerupaflaassrkpydcgbqrgdi&ci=762&cn=4&cy=us&rg=2505&ct=38972&dma=506&pc=02239&ac=617&bd=12:00:00 AM&sx=&cd=6/6/2004 2:17:04 PM&md=7/13/2004 9:41:20 PM&dlu=12:00:00 AM&glu=7/21/2004 8:56:25 AM&csi=0&li=0&ei=0&chi=0&hii=0&ck=9468ab7c-fb6b-445a-a66b-2e020ea7cf25&upbl=False&cv=5.11; guid=9468ab7c-fb6b-445a-a66b-2e020ea7cf25; caps=as=0&lad=7/13/2004 7:43:48 PM&askw=2&ladkw=7/23/2004 10:28:39 PM; speedcheck=ls=7/21/2004 8:54:25 AM

HTTP/1.1 200 OK
Date: Sat, 24 Jul 2004 16:57:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR ADMi DEVi TAIi PSAi PSDi OUR IND UNI NAV"
X-AspNet-Version: 1.1.4322
Set-Cookie: caps=as=0&lad=7/13/2004 7:43:48 PM&askw=1&ladkw=7/24/2004 9:57:11 AM; domain=.180solutions.com; expires=Sun, 24-Jul-2005 16:57:11 GMT; path=/
Set-Cookie: speedcheck=ls=7/21/2004 8:54:25 AM; domain=.180solutions.com; expires=Sun, 24-Jul-2005 16:57:11 GMT; path=/
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Content-Length: 1726

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body>
ad to be shown
ad_url: <input id=ad_url name=ad_url value=http://deal-savings.com/golf.htm><br>
ad_takefocus: <input id=ad_takefocus name=ad_takefocus value=y><br>
ad_activationdelay: <input id=ad_activationdelay name=ad_activationdelay value=0><br>
ad_resizable: <input id=ad_resizable name=ad_resizable value=y><br>
ad_scrollbars: <input id=ad_scrollbars name=ad_scrollbars value=y><br>
ad_menubar: <input id=ad_menubar name=ad_menubar value=y><br>
ad_statusbar: <input id=ad_statusbar name=ad_statusbar value=y><br>
ad_toolbar: <input id=ad_toolbar name=ad_toolbar value=y><br>
ad_addressbar: <input id=ad_addressbar name=ad_addressbar value=y><br>
ad_fullscreen: <input id=ad_fullscreen name=ad_fullscreen value=n><br>
ad_statustext: <input id=ad_statustext name=ad_statustext value=><br>
ad_theatermode: <input id=ad_theatermode name=ad_theatermode value=n><br>
ad_id: <input id=ad_id name=ad_id value=121175><BR>
keyword_id: <input id=keyword_id name=keyword_id value=34418><BR>
ad_windowtitle: <input id=ad_windowtitle name=ad_windowtitle value="Brought to you by the Zango Search Assistant"><br>
<INPUT ID=kw_exclude TYPE=text style="VISIBILITY: hidden;" VALUE=".ancestry.com+security+weightwatchers.com+check+filter"><br>
<INPUT ID=ad_shown TYPE=text VALUE="y" style="VISIBILITY: hidden;"><br>

<SPAN class="957085619-06032003"><FONT face="Arial" color="#ff0000" size="5">Thank you
for your patience.&nbsp; You will be redirected to your destination site in a
few seconds.</FONT></SPAN>
</body>
</HTML>


Return to top
HTTP Transaction 3: Zango Loads Advertiser's Site
GET /golf.htm HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: deal-savings.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Content-Length: 12388
Content-Type: text/html
Last-Modified: Thu, 08 Apr 2004 14:55:59 GMT
Accept-Ranges: bytes
ETag: "36e5a69a791dc41:571b2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Date: Sat, 24 Jul 2004 16:53:04 GMT

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
redirect to affiliate link
<meta http-equiv="refresh" content="0;url=
http://click.linksynergy.com/fs-bin/stat?id=[deal-savings affiliate ID]&amp;offerid=42808.10000052&amp;type=4&amp;subid=79">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>golf</title>
<meta name="Microsoft Border" content="none, default">
</head>

<body>
<p>
&nbsp;
</p>

[page continues at length, with many blank lines, <p> and </p> tags, and &nbsp; tags, creating many blank lines]

<!--webbot bot="HTMLMarkup" startspan --><a href="http://click.linksynergy.com/fs-bin/stat?id=[deal-savings affiliate ID]&offerid=42808.10000052&type=4&subid=79"><IMG width="125" height="125" alt="TGW Logo - 125X125" border="0" src="http://www.thegolfwarehouse.net/linkshare/banners/branding/125X125-tgw-logo.gif"></a><IMG border="0" width="1" height="1" src="http://ad.linksynergy.com/fs-bin/show?id=[deal-savings affiliate ID]&bids=42808.10000052&type=4&subid=79"><!--webbot
bot="HTMLMarkup" endspan -->

[the block of HTML code immediately above is repeated a total of 20 times]


<!--webbot bot="HTMLMarkup" startspan --><a href="http://www.qksrv.net/click-1434605-7154009" target="_top" onmouseover="window.status='http://www.abebooks.com';return true;" onmouseout="window.status=' ';return true;">
<img src="http://www.qksrv.net/image-1434605-7154009" width="88" height="31" alt="" border="0"></a><!--webbot
bot="HTMLMarkup" endspan -->
<br>
<!--webbot bot="HTMLMarkup" startspan --><a href="http://www.qksrv.net/click-1434605-7154009" target="_top" onmouseover="window.status='http://www.abebooks.com';return true;" onmouseout="window.status=' ';return true;">
<img src="http://www.qksrv.net/image-1434605-7154009" width="88" height="31" alt="" border="0"></a><!--webbot
bot="HTMLMarkup" endspan -->
<br>
<!--webbot bot="HTMLMarkup" startspan --><a href="http://www.qksrv.net/click-1434605-7154009" target="_top" onmouseover="window.status='http://www.abebooks.com';return true;" onmouseout="window.status=' ';return true;">
<img src="http://www.qksrv.net/image-1434605-7154009" width="88" height="31" alt="" border="0"></a><!--webbot
bot="HTMLMarkup" endspan -->

</body>

</html>
Return to top
HTTP Transaction 4: Advertiser's Site Redirects to LinkShare Affiliate Link
opening affiliate window
GET /fs-bin/stat?id=[deal-savings affiliate ID]&offerid=42808.10000052&type=4&subid=79 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: click.linksynergy.com
Connection: Keep-Alive
Cookie: linkshare_cookie65839=10000088%3A65839; linkshare_cookie37989=10000502%3A37989; linkshare_cookie21855=10000704%3A21855; linkshare_cookie63922=10000501%3A63922; linkshare_cookie66465=10000038%3A66465; linkshare_cookie=6%3A23162; lsn_session=KTzeoZJ%2B2UA; lsn_statp=tVEFAQ%3D%3D; lsn_qstring=km%2FjX8Vq%2F5Y%3A40500%3A; lsn_track=UmFuZG9tSVYf7fugOXl1HSKEsD8fWRJ5oZNfAQsii4ClsFJrQ4DTC3q3cKYImn%2FgbG6kiYyxULk%3D

HTTP/1.1 302 Found
Date: Sat, 24 Jul 2004 16:56:39 GMT
Server: Apache/1.3.29 (Unix) mod_perl/1.29
Set-Cookie: lsn_session=laPbZG136Q0; domain=.linksynergy.com; path=/; expires=Sat, 24-Jul-2004 16:58:39 GMT
Expires: Fri, 23 Jul 2004 16:56:39 GMT
P3p: CP="ALL DSP COR NID DEV ADM CUR OUR BUS LEG NAV"
Location: http://click.linksynergy.com/fs-bin/swat?lsnsig=laPbZG136Q0&id=[deal-savings affiliate ID]&offerid=42808.10000052&type=4&subid=79
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1

18e
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://click.linksynergy.com/fs-bin/swat?lsnsig=laPbZG136Q0&amp;id=[deal-savings affiliate ID]&amp;offerid=42808.10000052&amp;type=4&amp;subid=79">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.29 Server at njws0066.private.linksynergy.com Port 80</ADDRESS>
</BODY></HTML>

0


Return to top
Resulting Linksynergy.com (LinkShare) Cookies
linkshare_cookie65839
10000088%3A65839
linksynergy.com/
1024
3803110144
29651361
423974736
29651359
*
linkshare_cookie37989
10000502%3A37989
linksynergy.com/
1024
3803110144
29651361
429444736
29651359
*
linkshare_cookie21855
10000704%3A21855
linksynergy.com/
1024
3803110144
29651361
422104736
29651359
*
linkshare_cookie63922
10000501%3A63922
linksynergy.com/
1024
3813110144
29651361
428664736
29651359
*
linkshare_cookie66465
10000038%3A66465
linksynergy.com/
1024
3803110144
29651361
424914736
29651359
*
linkshare_cookie
6%3A23162
linksynergy.com/
1024
3803110144
29651361
419134736
29651359
*
lsn_session
laPbZG136Q0
linksynergy.com/
1024
2003044736
29651359
821784736
29651359
*
lsn_statp
tVEFAQ%3D%3D
linksynergy.com/
1024
2674163072
31119868
828824736
29651359
*
lsn_qstring
reference to affiliate ID of the advertiser that used
180solutions to open a link to the TGW affiliate window
[deal-savings affiliate ID]%3A42808%3A
linksynergy.com/
1024
1514618240
29651560
830074736
29651359
*
lsn_track
UmFuZG9tSVZTp8%2BX2tvycpfIeMSYuNiLd1%2FLHC0hB6N7UCVfr0mi%2FnfVdqWCYWYpsBTMLAZ0mTM%3D
linksynergy.com/
1024
3886087552
30385613
830384736
29651359
*