Accommodation advertisement Flights advertisement

Travelling light in New Zealand

On a recent vist to New Zealand in December 2017, I spent 4 weeks travelling within the Northern part of North Island. After a few days of exploring the city of Auckland and its suburbs, on foot, by ferry and by public buses, I decided to rent a car for my travel to Northland. Currently Best Car Rentals, are running a promo deal offering the "Third week free" offer, which I was able to avail myself.
Click here to read about Tests
Here we demostrate alternative tracking technologies, that can further enhance HTTP-cookie based tracking technology used in this page, to improve robustness.
Here we demonstrate different fraud scenarios used by rogue affiliates to cause "Clicks" on advertisements to earn commissions or fees unlawfully.

The above page is a typical "Affiliate Marketing page", using Http-cookie based tracking technology. An Affiliate Marketing Network setup comsists of a minimum three different groups of actors.

  1. An Advertiser (E-commerce site)
  2. Affiliates, who carry advertisements to generate visitor traffic
  3. A Tracking service provider, who monitors, tracks and quantifies traffic generated by an affiliate for each advertiser
An Affiliate's website contains specialised content on specific topics, that attracts a target group, that is interested in that topic. In this case, it is a travel blog about a journey through New Zealand. Target group is Travellers planning to visit New Zealand or people who are interested in travel stories.

This Affiliate carries banner advertisements as well as text-links within the story, for three different advertisers (E-commerce sites). Along the left column and along the top of the page there are banner-advertisements that relate to the page's topic, therfore a higher likelihood that some of the visitors might be interested in checking out or purchasing the advertised products.

By placing the cursor on each banner adverisement, you may notice that each banner has a different web URL, in the following format:

Though the above 3 advertisements represent 3 different e-commerce sites, all three URL links point at, who is the tracking service provider, which is invisible to visitors. Each URL has a unique set of parameters. Parameter "a" identifies the advertiser (e-commerce site). a=1 (; a=2 (; a=3 ( Parameter "f" stands for affiliate, which is always 20. That is the ID of this affiliate. Those are the only two required parameters, but additional parameters can be passed; e.g.: parameter "o" stands for offer ID, where the same advertiser can have multiple campaigns (offers) with different commission rates. If there were two banners of the same advertiser on this page, they can have two "offer id's", which allow the advertiser to identify, which of the two banners were clicked.

How it works

When a visitor clicks on an advertisement, the hyperlink of the "click-pixel" makes a web request to the tracking site The tracking server extracts the parameters from the URL, logs the request in the tracking database, and looks up the URL of the e-commerce site (advertiser) denoted by the "a=" parameter value. The tracking server creates an HTTP cookie with a unique identifier to each visitor, logs the click event in its database, and sends the cookie to the client-browser, with an redirect-response to the URL of the advertiser identified by the parameter "a". This happens so seamlessly; a visitor would not notice, that the click took the browser on an intermediary step to the tracking server, before reaching the advertiser's website.

When the visitor makes a purchase at the e-commerce site, again a "converion-pixel" code embeded in the payment confirmation page causes the client-browser to connect to the tracking server, at which stage, the tracking server recognises the visitor uniquely with the help of the unique identifier assigned during the click-tracking process. The tracking server then logs a conversion record in the database, that allows it to calculate the commission amount payable to the affiliate who promoted the visitor traffic, based on the total payment.

How to test tracking functionality

First, open the tracking results page of the tracking services provider and note the last tracking result entry in each of the "Click detail" and "Conversion detail" tables. Note the last "Tracking ID"/"ConversionID" and "Click Date".

Your test results will appear in reverse sequence at the top of the list, which you can verify after each "click" or "conversion".

To start the test, click on any banners on this page, and arrive at the corresponding e-marketing site. Often you would not notice, that your click was diverted first to, and then on to the e-commerce site. But your click was recorded at tracking site. After the click you can verify your click record has been successfully added to the "Click-details" table of the tacking database.

After verification of the click, return to the e-commerce site that opened up as a result of the click above. Simulate a purchase by entering a total value and press the "Pay" button. It will give you a confirmation that payment was successful and the reciept number of your purchase. You can verify your purchase action by clicking on the link "Past sales records" in e-commerce page. Now check the tracking server's results page again. You will notice the "Conversion" record with the reciept number, of your payment has also been recorded in the tracking server, although the e-commerce server and tracking server are in two completely different domains, and usually are in two different geographical locations.

though it was not visible to the visitor (you), that there was any involvement of during your clicking process or payment process at the e-commerce site, a "Click-pixel" embeded in the banner advertisement records the click-action. On payment at the e-commerce site, a "conversion-pixel" embeded on the confirmation page, triggers an invisible server-call to the tracking server with the transaction number as a parameter. The Http-cookie that was placed by the tracking-server in client-browser (your browser), during click-tracking process allows the tracking server to match the click-ID, thereby, recognize the "conversion", that belongs to a specific "click". This can be further verified, by clicking and observing the "click" being recorded at "Click detail" table, but if you do not simulate a "pay" action, the "Conversion detail" table will lack the conversion record, that correspond to the "click". You may completely close the browsers, and re-open a browser and navigte to the e-commerce site directly, as a later time or even a few days later, and then simulate a "pay action", and you will notice, that the "Conversion details" will record it against your previous click, even after many days. The length depends on the lifespan of the HTTP cookie that was set during click-action.

To examine, behind-the-scene action, you can open your browser using "developer tools" option of the browser, which usually can be navigated through menu, or activatd by pressing "F12" key. Reload the page, and on the network tab you can see the list of server calls to and to the e-commerce server. Here you can check the content of the cookie, your unique ID, Cookie-lifespan etc.

Testing Fraud

This page demonstrates the legitimate traffic generation mechanism that underlies Affiliate Marketing Systems. Our research has uncovered some of the fraudulent methods used by corrupt affiliates to generate "Clicks" on advertisements, even when the visitor actually does not physially click on any advertisement. Such fake clicks will register a click at the tracking databse, and "dump" a HTTP-cookie in visitor's browser, which will earn the fraudulent affiliate a commission, if the visitor make any purchases at any of the linked e-commerce sites in future.

These fraud scenarios can be tested HERE.

Cookieless tracking

Our research on how to use alternative tracking technologies, that can supplement HTTP-cookie based tracking system, to create a more robust tracking capability, is demostrated HERE.