Cookie-Stuffing Targeting match.com
Cookie-Stuffing Targeting Major Affiliate
Merchants - Ben Edelman
This page reports cookie-stuffing by asmartcoupon.com, targeting match.com. In my testing, this is but one of many affiilate web sites targeting this and other merchants.
As of November 4, the http://www.asmartcoupon.com/coupon/home_&_hobbies/coupon-Match.php page was #53 in Google results for "match.com coupon" (without quotes). The specified URL included multiple IMG (image) tags that, in their SRC ("source") tags reference Commission Junction tracking links. See the following example, repeated three times in the page's HTML code.
<IMG border='0' width='1' height='1' src='http://www.qksrv.net/click-1515738-8066398'>
The CJ /click link returns a series of redirects that ultimately take the user to a match.com landing page. Internet Explorer requests these redirects notwithstanding that the /click link originates in an IMG tag -- a HTML construct capable only of showing an image, and incapable of showing a full web page of the sort ultimately returned by /click links. Furthermore, Internet Explorer sets cookies as instructed by the Set-Cookie headers in the various CJ redirects. As a result, notwithstanding that the CJ tracking link has been placed in an IMG tag rather than, e.g., in an IFRAME, the IMG tag is nonetheless successful at cookie-stuffing, and at setting tracking codes such that a user's ultimate signup with match.com will cause commission to be paid to asmartcoupon.com.
Elsewhere in the page, the page correctly references CJ tracking links using A HREF (hyperlinks), and correctly references CJ image links using IMG SRC (image) tags.
I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.