Cookie-Stuffing Targeting travelocity.com
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

This page reports cookie-stuffing by xpcoupons.com, targeting travelocity.com.

As of November 8, the http://www.xpcoupons.com/coupon_codes.php/Travelocity_coupons.htm page was #14 in Google results for "travelocity coupon" (without quotes). The specified URL included the following IFRAME which opened a CJ BFAST tracking link in a hidden window:

<iframe border=0 frameborder=0 framespacing=0 height=1 width=0 marginheight=0 marginwidth=0 name=new_date noResize scrolling=no src="http://service.bfast.com/bfast/click?bfmid=18566&sourceid=40031581&categoryid=travelocity" vspale=0></iframe>

Xpcoupons.com placed this JavaScript code immediately after the </BODY> tag that ordinarily ends a web page. Nonetheless, the IFRAME operated as usual in my Internet Explorer web browser -- loading the specified CJ tracking URL and setting cookies accordingly.

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.

In my testing, this is but one of many affiilate web sites targeting this and other merchants. For example, the #15 Google result for "travelocity coupon" is www.findsavings.com/Travelocity-Coupons.asp , which uses cookie stuffing precisely along the lines of that previously shown as to findsavings's targeting of Priceline and TigerDirect. The #17 Google result is www.consumernow.com/Travelocity_coupon , which uses cookie stuffing precisely along the lines of that shown as to consumernow's targeting of Toshiba, Netzero, JCWhitney, and DentalPlans.