I have seen this more than once with one particular merchant by SAHS with a click from another site where the landing page is a search return.
It *looks* like what is happening is SAHS will redirect to the home page, regardless of what the landing page for the original click is. In the instances I captured, the search return landing pages were being presented via a subdomain with the search script call such as http://search.merchantdomain.com/cgi?searchstring
SAHS truncates automatically on auto redirect to http://search.merchantdomain.com/
so an Access Denied error is returned.
I would *assume* that SAHS is aware of this, because with this particular merchant, they generated a pop up from the SAHS domain
which you had to click on if you wanted to get to the merchant's site at all!
For the merchant, on referrer logs it will appear of course as the click stream really originated from the SAHS web site when it did not in reality.
And of course, SAHS grabs revenue from traffic that was bound to the merchants site in the first place. Aside from the consumer getting the big old bad ACCESS DENIED screen.